back to article Spies do spying, part 97: The CIA has a tool to track targets via Wi-Fi

The latest cache of classified intelligence documents dumped online by WikiLeaks includes files describing malware CIA apparently uses to track PCs via Wi‑Fi. The Julian Assange-led website claims the spyware, codenamed ELSA, infects a target's Windows computer and then harvests wireless network details to pinpoint the …

  1. Sanctimonious Prick
    Devil

    Please...

    May I have a copy of this?

    Err, for research purposes, only, of course.

    1. fedoraman
      Black Helicopters

      Re: Please...

      Dear Sir,

      Pursuant to your request, dated July 29th 2017, we have installed the said software on all of your PCs.

      Sincerely yours,

      The CIA

      1. CrazyOldCatMan Silver badge

        Re: Please...

        Pursuant to your request, dated July 29th 2017

        So it *is* true - the CIA do have psykics!

  2. Anonymous Coward
    Anonymous Coward

    Why would hysteria come into it? Obvious technique is obvious.

  3. ChrisPv

    The three stages:

    1) Is not true and you are conspiracy wacko

    2) Everyone is doing this

    3) This is old news, why should we care

  4. ecarlseen
    FAIL

    History disagrees.

    "Before you go into hysterics, take a moment to breathe into a paper bag and remember that ELSA is used against CIA targets, and if you're the subject of a CIA intelligence operation you have way, way more to worry about than the integrity of your wireless network."

    Until the tools are leaked and incorporated in the malware du jour.

    1. Voland's right hand Silver badge

      Re: History disagrees.

      Until the tools are leaked and incorporated in the malware du jour.

      Location is of little interest for malware du jour. It becomes of interest only if the meatware attached to the laptop becomes a target. That is definitely not part of the malware du jour repertoire.

      1. Chris G

        Re: History disagrees.

        "Location is of little interest for malware du jour."

        If it was leaked I can think of a few reasons why it might become more prevalent, stalkers and kidnappers not least among them.

      2. Anonymous Coward
        Anonymous Coward

        Re: History disagrees.

        Hmm, could be used for Spear phising.

        Dr Mr CEO,

        re your recent stay at The Fancy Pants Hotel. There has been an issue with the card payment, please send us the long number......

    2. This post has been deleted by its author

  5. h3nb45h3r

    This is an old technique....

    Honey Badger does this https://bitbucket.org/LaNMaSteR53/honeybadger/

    1. John Smith 19 Gold badge
      Unhappy

      "Honey Badger does this https://bitbucket.org/LaNMaSteR53/honeybadger/"

      What I think you're missing is a)The lack of consent b)The lack of visibility that it's happening.

    2. fidodogbreath

      Re: This is an old technique....

      Android has had this for years. It's called "View WiFi connections" + "Full network access"

  6. Anonymous Coward
    Meh

    Oh no!

    The CIA can track you almost as well as Google and Microsoft !

    1. phuzz Silver badge

      Re: Oh no!

      Google and Microsoft don't have armed drones (yet). Targeted adverts sting less than Hellfires methinks.

      1. fidodogbreath

        Re: Oh no!

        Google and Microsoft don't have armed drones (yet).

        Pretty sure Amazon does, though...

  7. Velv
    Big Brother

    Streetview

    Who would have thought that Google Streetview's slurping of wireless SSIDs and MAC addresses as they drove around the world would be useful. A digital database mapping the electronic world.

    It's a good thing they Google were made to delete it before it could be copied or used for nefarious purposes...

    1. Anonymous Coward
      Anonymous Coward

      Re: Streetview

      I actually logged on to up-vote this...

    2. Mugwump7
      Pint

      Re: Streetview

      There is an alternative. Wigle .com has a user submitted map of wifi locations. Both SSID and Mac address are shown. Coverage can be patchy away from main roads but it's expanding all the time.

      Beer icon because it's Friday.

      1. John Brown (no body) Silver badge

        Re: Streetview

        "user submitted map of wifi locations."

        The actions of some people beggars belief. I wonder how many would be happy if all toilet doors were banned? Privacy, yeah, we used to have a bit in the old days. But then we were offered some shiny for "just a little bit of our privacy", and we let them have it. Then they came for a little more. And more. And yet more.

  8. Bronek Kozicki
    Pint

    defense

    ... simply do not use WiFi on any Windows PC. Setting it up is pain anyway and the speed is not so good, I very much prefer powerline (from reputable vendor and with all the required certifications, as to minimize the radio noise this generates, of course!). If only I could put Ethernet cables across the house, that would be even better.

    Icon because it's Friday!

    1. TheVogon

      Re: defense

      "simply do not use WiFi on any Windows PC."

      Well if you are a terrorist or have something to hide maybe!

      "Setting it up is pain anyway"

      There is nothing to "setup" It just works out of the box.

      "the speed is not so good,"

      I likely get higher real transfer speeds via my 5GHz AC WiFi than you do over Powerline!

    2. Anonymous Coward
      Anonymous Coward

      Re: defense

      Setting it up is pain anyway and the speed is not so good

      This has not been true for quite some time now.

      I very much prefer powerline (from reputable vendor and with all the required certifications, as to minimize the radio noise this generates, of course!)

      Ok, reasonable alternative although with lengthy list of caveats, but it does raise the question of how many cafes, trains, planes, hotels etc support this. If its a low number or none, WiFi is going to be used.

      If only I could put Ethernet cables across the house, that would be even better.

      Its fairly easy to do without damaging anything or leaving permanent marks.

    3. Anonymous Coward
      Anonymous Coward

      Re: defense

      "I very much prefer powerline"

      So do your nosy neighbours who can't pick up a decent wi-fi signal through thick walls.

      "with all the required certifications, as to minimize the radio noise this generates, of course!"

      What makes you think certifications minimise noise? They minimise noise in the specific bands required by the tests, but outside those almost anything goes.

  9. John Smith 19 Gold badge
    Unhappy

    Useful for the list of "Stuff people think can't be done, but can, by compromised PC's."

    As a previous poster noted, this does have a use for personalizing spear phishing attacks.

    The list is depressingly long.

    Fortunately with Windows phones being quite rare beasts the location data is likely to have gaps in it.

  10. sebt
    Pint

    Misuse

    What, yet another downside of WiFi?

    Meanwhile, the only worthwhile application of WiFi - Beer by Wifi - is still not rolled out. In spite of being on the Two-Tailed Dog Party's manifesto (in Hungary).

    Icon - do you need to ask?

    1. GrapeBunch
      Pint

      Re: Misuse

      egészségedre!

  11. Anonymous Coward
    Anonymous Coward

    Lost and found

    If the CIA have this it is a fair bet that GCHQ has it as well.

    Do you think that if I wrote them a nice letter they would help me find a laptop I mislaid a while ago.?

  12. albegadeep

    Don't cellphones already do this all the time?

    "Rough location" determined by wifi, even if GPS is turned off. It seems accurate to within a hundred meters or so, close enough to know within one house or so where I live.

  13. nilfs2
    Big Brother

    There is a comercial equivalent offered by Mojo Networks

    Their social WiFi and WIPS solutions can give you hot zones maps as well as track device locations on a perimeter, is not that hard to do, you just need APs located at strategic locations and know the signal attenuation on each spot on the perimeter, that way the APs can triangulate the location of the device, no need for the device to be connected to the network, even if you have the "wifi disabled", which is not true, it is always on and used by the device's OS manufacturer for location purposes.

  14. Anonymous Coward
    Anonymous Coward

    How about...

    Someone could do a bit of database poisoning.

    "Huh? What is that?"

    A few years ago someone, I think using El Reg, suggested a way to beat facebooks threat to auto tag us when they recognized us from all the other pictures we are tagged in.

    They suggested mis-tagging unknown people or even inanimate objects.I never heard whether that would even be legal.

    Could this suggestion be translated to other databases? Would that be legal? Would it be less wrong than government funded crooks spying on people with proper legal oversight?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like