Since Wikileaks began releasing classified CIA documents back in March as part of its “Vault 7” series of leaks, purportedly the largest document dump in the agency’s history, it has publicly unveiled programs with innocent sounding names like “Marble”, “Scribbles” and “Archimedes” that the agency employs to help execute its operations, or to cover its tracks.
On Thursday, the group released the 19th installment in its series by publishing a series of documents detailing how the agency uses a custom-designed hacking exploit called “Dumbo” to destroy, or manufacture, evidence during field operations, according to a Wikileaks press release.
The CIA filed a request that such a tool back in 2012, according to a powerpoint presentations describing what capabilities it would need.
In a field guide for the tool, dated July 2015, the agency says “the intelligence community has identified a need…for a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment.”
Once installed on a computer running the Windows operating system via a thumb drive, Dumbo identifies webcams and microphones and stops them from recording. The program notifies its operator of any files that were actively being written so that they can be corrupted or deleted, according to the field manual.
“Dumbo works by discovering which processes have access to the physical camera device and uses that information to corrupt video files. In some instances, programs emulate a camera input to other programs; such is the case with Fujitsu’s YouCam.exe. When this occurs, YouCam.exe will have control of the actual webcam, and feed input to other processes that record images to files as needed. In this scenario, Dumbo will suspend YouCam.exe but will not be able to detect the other processes to which YouCam.exe is feeding images.
…click on the above link to read the rest of the article…