Wikileaks published today a manual for an alleged CIA tool that can capture the content of remote video streams and save them to disk for further analysis.
The tool's name is CouchPotato and is described in a usage manual dated to February 14, 2014, available online here.
According to its manual, CIA operatives can use a command-line interface to start the tool and point it to the URL of an RTSP or H.264 video stream and the location where to save the stream on disk.
RTSP and H.264 are the formats often used by IP-based surveillance cameras to stream video content over the Internet or inside a closed network.
CouchPotato looks like a tool that can be used without compromising a victim's network if the CIA operative manages to discover the URLs of the video streams.
If the cameras from where operators want to exfiltrate video streams are placed on closed networks or are password-protected, then CIA operatives will need to run the script from the same network or an authorized computer so CouchPotato can access the feeds.
CouchPotato can save streams to disk in a classic AVI video format, or as JPEG images, in case the operator wants to save space. In the latter case, CouchPotato can analyze, detect, and save frames from the stream that are of significant change from a previously captured frame, capturing only frames where an object has moved.
CouchPotato uses the FFmpeg utility for the video capturing process. The tool also has a major caveat, which is the high usage of CPU core resources. CIA tests reveal that CouchPotato will guzzle between 50% and 70% of a machine's resources.
Today's dump is part of a larger series called Vault 7 contains documents WikiLeaks claims were stolen from the CIA by hackers and insiders. You can follow the rest of our WikiLeaks Vault 7 coverage here. Below is a list of the most notable WikiLeaks "Vault 7" dumps: