CATEGORIES
home News

WikiLeaks Exposes Grasshopper CIA Hacking Tool That Can Own A Windows PC And Remain Undetected

by Marco ChiappettaFriday, April 07, 2017, 10:54 PM EDT
CIA Headquarters George Bush Center For Intelligence Langley Virginia

The latest bombshell to come out of WikiLeaks’ Vault7 series of leaks from the CIA, exposes a tool codenamed “Grasshopper”, which allows operatives to deploy persistent surveillance and hacking payloads on target Windows-based computer systems and remain undetected from popular anti-malware and anti-virus tools.

WikiLeaks has an array of documentation on-line, including an in-depth user’s guide for Grasshopper. The user’s guide explains that Grasshopper is “a software tool used to build custom installers for target computers running Microsoft Windows operating systems”, which seems straightforward enough, and quite frankly the kind of thing you’d expect an intelligence agency to have at its disposal. But a deeper look at the documents reveals some much more alarming details.
grasshopper cia
Image Source: The Grasshopper User's Guide

The Grasshopper user’s guide also explains that, “executables may contain considerable equities, including persistence techniques and any number of payloads. With this in mind, it is important to consider carefully the tradecraft of building and executing a Grasshopper”. The user’s guide also says that the operation “uses an unspecified tool” to run the Grasshopper executable within a particular Windows process that has the necessary permissions for the intended task, of which there can be many – key logging, collecting stored passwords, data detection and destruction, you name it.

Another interesting part of the story is that the “unspecified tool” mentioned in the user’s guide may have stemmed from Russian organized crime. Grasshopper uses something called the “Stolen Goods 2.1 (SG2)” persistence module, which is based on third-party malware. A document detailing SG2 reveals, “The components were taken from malware known as Carberp, a suspected Russian rootkit used by organized crime. The source of Carberp was published online, and has allowed AED\RDB to easily borrow' components as needed from the malware.”

WIkiLeaks Tweet

There is a myriad of Grasshopper-related documentation on the WikiLeaks site and their Twitter feed is rife with some of the scarier excerpts as well. One Tweet contains some payload execution details for Grasshopper that outline how the tool can invade the Windows Update Service and reinstall automatically every 22 hours.
Tags:  Malware, Surveillance, Privacy, Hacking, Wikileaks, CIA, grasshopper
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment