Vault 7

Wikileaks published today a manual for an alleged CIA tool that can capture the content of remote video streams and save them to disk for further analysis.

The tool's name is CouchPotato and is described in a usage manual dated to February 14, 2014, available online here.

According to its manual, CIA operatives can use a command-line interface to start the tool and point it to the URL of an RTSP or H.264 video stream and the location where to save the stream on disk.

CouchPotato targets IP camera video streams

RTSP and H.264 are the formats often used by IP-based surveillance cameras to stream video content over the Internet or inside a closed network.

CouchPotato looks like a tool that can be used without compromising a victim's network if the CIA operative manages to discover the URLs of the video streams.

If the cameras from where operators want to exfiltrate video streams are placed on closed networks or are password-protected, then CIA operatives will need to run the script from the same network or an authorized computer so CouchPotato can access the feeds.

CouchPotato can save streams to disk in a classic AVI video format, or as JPEG images, in case the operator wants to save space. In the latter case, CouchPotato can analyze, detect, and save frames from the stream that are of significant change from a previously captured frame, capturing only frames where an object has moved.

Major downside: CPU usage ranges between 50% and 70%

CouchPotato uses the FFmpeg utility for the video capturing process. The tool also has a major caveat, which is the high usage of CPU core resources. CIA tests reveal that CouchPotato will guzzle between 50% and 70% of a machine's resources.

Today's dump is part of a larger series called Vault 7 contains documents WikiLeaks claims were stolen from the CIA by hackers and insiders. You can follow the rest of our WikiLeaks Vault 7 coverage here. Below is a list of the most notable WikiLeaks "Vault 7" dumps:

Weeping Angel - tool to hack Samsung smart TVs
Fine Dining - a collection of fake, malware-laced apps
Grasshopper - a builder for Windows malware
DarkSeaSkies - tools for hacking iPhones and Macs
Scribble - beaconing system for Office documents
Archimedes - a tool for performing MitM attacks
AfterMidnight and Assassin - malware frameworks for Windows
Athena - a malware framework co-developed with a US company
Pandemic - a tool for replacing legitimate files with malware
CherryBlossom - a tool for hacking SOHO WiFi routers
Brutal Kangaroo - a tool for hacking air-gapped networks
ELSA - malware for geo-tracking Windows users
OutlawCountry - CIA tool for hacking Linux systems
BothanSpy & Gyrfalcon - CIA malware for stealing SSH logins
HighRise - Android app for intercepting & redirecting SMS data
Achilles, Aeris, & SeaPea - tools for hacking Mac & POSIX systems
Dumbo - tool to disable webcams and microphones