Dumbo

2017: Leak from WikiLeaks

In August, 2017 the WikiLeaks website within the campaign Vault 7 published documentation to the project of CIA code-named Dumbo. These are tools using which agents of Central Intelligence Agency of the USA switched-off webcams, microphones and deactivated software for supervision in a performing transactions zone.^[1]

Dumbo represents not a virus or a trojan, but Windows utility which operational employees are offered to carry with themselves on the Flash-drive. For its use agents need physical access to the computer with open USB ports. Dumbo automatically reveals the webcams and microphones installed in networked environment - wire or wireless - and allows to disconnect them.

WikiLeaks told about the tool of CIA for shutdown of tracking cameras

Besides, Dumbo detects any processes connected with these devices and also processes of the programs performing record or observation. Using this tool it is possible to stop or sabotage these processes, and indirectly - and the written data. The last document connected with Dumbo belongs to its version 3.0 and is dated on June 25, 2015. According to the user guide, use of the tool will require system privileges. It means that agents should use additional hacker tools, in particular, exploits which allow to receive the maximum privileges in a system.

Dumbo functions under the 32-bit version of Windows XP and also under Vista and newer versions of Windows. Neither 64-bit versions of Windows XP, nor earlier Windows are supported.

In the document it is specified that in the environment of XP the antivirus of Kaspersky Lab successfully catches and blocks the attempts of installation of the driver necessary for correct work of Dumbo. Another, unnamed, the antivirus is capable to block function of a call of "the blue screen of death" which is offered to be used for concealment of activity of Dumbo.

Operational staff of CIA is recommended to disconnect any antiviruses on computers on which Dumbo is started.

Notes