Wikileaks has revealed ‘Dumbo’, a suite of CIA tools that identify, control and manipulate microphones and webcams on PCs running Windows.
Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating system. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, Wi-Fi) or wired networks.
Dumbo run by the field agent directly from a USB stick. It requires administrator privileges to perform its task. It supports 32-bit Windows XP, Windows Vista, and newer versions of the Windows operating system. However, 64-bit Windows XP, or Windows versions prior to XP not supported.
Dumbo user guides
It’s not known what role the malware has played in CIA investigations, and whether evidence gleaned from the tool used in court. WikiLeaks has also a series of Dumbo user guides, as well as the field guide.
Dumbo designed as a PAG (physical access group) entry-operation utility that targets webcams and other monitoring software. PAG requests this capability to deter home security systems that may identify the officers or prevent operations.
Dumbo designed to configured with a set of processes, installed and run from a USB drive and exits upon removal of the drive.
Dumbo will immediately terminate all configured processes, and disable all NICs (network interface cards) for the duration of the operation. On removal of the drive running Dumbo, all NICs will restart and terminated processes will able to restart.
The tool is configurable from the command line, dropping output files directly to the USB stick. However, any programs not on the ‘termination list’ can start-up the webcam and record will the USB stick is plugged-in.
The exposure of Dumbo is just the latest in a series of embarrassing leaks that reveal the depth and extent of US security and law-enforcement agencies’ hacking tools.