WikiLeaks Vault 7: CIA's 'Fine Dining' hacking method uses 24 malware-laced apps to spy on targets

Top five revelations from Wikileaks' 'Vault 7'Vincent Balestriere

WikiLeaks' Vault 7 dump, which allegedly details CIA hacking tools and techniques, has left the world grappling with the extent of the spy agency's cyberspying abilities. Among the numerous exploits, "zero days", vulnerabilities and other cyber weapons included in the dump was one of the spy agency's attack methods called "Fine Dining". This, according to the whistleblowing platform, has been designed for CIA field agents and allows them to infect specific targets' devices to further spy on them.

According to Vault 7 documents, "Fine Dining" comes with 24 "decoy applications", which are basically malware-laced apps, which CIA agents can store on a USB and while on a mission, surreptitiously insert it into a target's computer to infect them with the spy malware. The CIA allegedly designed the decoy apps to be used in situations where CIA agents had to infect systems in the victims' presence.

"To witnesses, the spy appears to be running a program showing videos (eg VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos). But while the decoy application is on the screen, the underlying system is automatically infected and ransacked," WikiLeaks said, detailing an almost Hollywood spy thriller-like scenario.

Advertisement

The malware-laced apps are also allegedly designed to scan the target device's storage space and pilfer a specified list of file types. Agents can either exfiltrate the data via the internet or store it on the USB.

"Fine Dining" also allegedly comes with a standardised questionnaire or a "menu" for CIA case officers to fill out, which is then used by the agency's OSB (Operational Support Branch) to develop technical requirements for hacking operations based on case officers' requests.

The malware-laced apps are also allegedly designed to scan the targets’ device’s storage space and pilfer a specified list of file typesiStock

WikiLeaks claimed: "The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff. The OSB functions as the interface between CIA operational staff and the relevant technical support staff.

"Among the list of possible targets of the collection are 'Asset', 'Liaison Asset', 'System Administrator', 'Foreign Information Operations', 'Foreign Intelligence Agencies' and 'Foreign Government Entities'. Notably absent is any reference to extremists or transnational criminals."

The "Fine Dining" questionnaire also allegedly requires case officers to specify the target's environment, including "the type of computer, operating system used, internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types".

The questionnaire also requests information on whether recurring access to the target is possible and how long an agent can maintain "unobserved access" to the target's computer. This information is then used by the CIA's "Improvise" software, which is a configuration toolset that supports all major OS, to "configure a set of CIA malware suited to the specific needs of an operation".

Commenting on the Vault 7 leaks,Lee Munson, security researcher at Comapritech, told IBTimes UK: "Whether the alleged cyber weapons exist or not is largely immaterial at a time when I assume most people believe they do. What the Vault 7 leaks should do, however, is confirm that, while taking a nothing to hide, nothing to fear approach is hopelessly out of date, most citizens should not be any more concerned about surveillance today than they were yesterday.

Advertisement

"While exploits across a range of devices and the ability to turn on cameras and microphones is a touch chilling, they're nothing new, and anyone with real concerns should already be going about their business with those possibilities in mind.

"The really interesting aspect to this leak, however, is how the alleged cyber spying tools all appear to have one thing in common – the need to acquire information over the wire.

"That means, for now at least, we can assume that messaging systems with strong end-to-end encryption are beyond the reaches of the security services; a win for everyone who is truly concerned about protecting their privacy today."

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.