The CIA can infiltrate secure Windows and Linux networks to steal passwords and spy on data sent over networks, according to the latest WikiLeaks Vault7 release.
‘BothanSpy’ and ‘Gryfalcon’ projects are designed to intercept and exfiltrate SSH (Secure Shell) protocol credentials. Once the CIA has access to SSH credentials on a given network, it allows it to see what passwords and usernames are being used, as well as allowing the CIA to access data sent over the network, from personal emails to important documents.
What is SSH?
SSH is a protocol for operating network services securely, allowing for secure remote login from one computer to another. It’s often used in corporate networks or private organizations for secure access, file transfer and managing computer networks.
BothanSpy
BothanSpy is the CIA implant that targets the SSH client program Xshell on Microsoft Windows.
According to a secret 2015 CIA document, BothanSpy is developed by the Engineering Development Group (EDG), the division responsible for creating the CIA’s hacking tools. Version 1.0 was created in March 2015.
It steals user credentials for all active SSH sessions, which could be usernames, passwords or data.
No Title
No Description
BothanSpy allows the CIA to save the stolen credentials in an encrypted file to be removed at a later time, or it can exfiltrate the stolen credentials to a server controlled by the agency. This way the BothanSpy never touches the target system’s disk so can’t be traced.
“BothanSpy takes a very paranoid approach when collecting credential information,” the document explains. “However, there is always some risk (no matter how small it may be) to using BothanSpy against an untested/unofficial version of Xshell.”