14 DAY TRIAL // A new WikiLeaks dump reveals a new form of malware that the CIA has been using since 2013 against Windows computers, this time not to compromise systems, but to determine the location of users in a matter of seconds.
The tool is called ELSA and it was primarily developed for Windows 7, but it can arguably be used against any version of Windows, including Windows 10, though in this case some additional tweaks need to be made because of the security improvements included by Microsoft.
What ELSA does is infect Wi-Fi capable networks and then use the wireless module to look for public Wi-Fi points that are available in the range.
The malware logs the MAC address of each network and then checks for information in public databases that are maintained by Microsoft and Google. These databases are primarily used for providing users with easy access to the Internet on a number of devices, though the CIA appears to have found a different purpose for them.
Windows users exposed
Once the location of the public Wi-Fi is determined, the malware analysis the strength of the user’s signal, then calculating the possible coordinates of the user. The information is encrypted and sent to the FBI, where it’s stored on a server until an agent can extract it and save it in specific files.
What’s important to know is that ELSA requires the CIA to already be in control of the system, but that shouldn’t be a problem given the fact that the agency reportedly has other forms of malware that can exploit unknown vulnerabilities in Windows.
So since the CIA already has full control of a Windows system, determining the location isn’t really the worst thing that can happen, as the agency can also steal files, spy on users, and do pretty much they want on the computer.
Just like it happened in the past, there’s a chance that ELSA leaks at some point and becomes available to hackers, once again exposing Windows users to additional threats. We’ve reached out to Microsoft to find out more about how they plan to tackle the vulnerability and if a patch is on its way, and we’ll update the article when an answer is provided.