Overview

This week WikiLeaks published a document outlining another leaked hacking tool developed by the CIA (Central Intelligence Agency). The exploit titled ‘Dumbo’ possesses the capability of remotely managing and altering video and audio recordings on Windows XP systems.  At the moment, the malware is only able to successfully run on 32-bit Windows XP, Vista, and newer versions of Windows OSs.

A copy of the Dumbo user’s manual has been released by Vault 7 and is included in the link below. Vault 7 has been responsible for the public release of a significant amount of documentation and hacking tools solely developed by various state-sponsored entities to include NSA’s Equation Group, CIA, and other United States DOD or government affiliated organizations. The acquisition of these tools and documentation by Vault 7 and WikiLeaks is still unconfirmed and under speculation as to how the intel is being obtained.

The deployment of the Dumbo exploit requires physical access to the computer or asset and is installed via a USB thumb drive. This renders the malware not as efficient as other exploits that may be deployed remotely with a RCE (Remote Code Execution) process. The primary function performed by the malware is for the purpose of manipulating audio and video recordings of CIA agents in the field and not for spying purposes or a spyware affiliated malware.

In the event that a CIA agent’s asset or PC is compromised it may deem necessary to manipulate or completely erase certain video footage or sound clips to prevent exposure and recognition of the field agent. This is the ultimate benefit to the Dumbo exploit.

When Dumbo malware has been installed on the asset it performs a brief scan on the system to conduct an inventory of the recognized microphone and webcam of the system. Moreover, the detection of any video, audio, or streaming network functionality is identified and controlled or manipulated at the administrator level.

Dumbo Documentation

Dumbo.v3_FieldGuide

Leave a Reply

Your email address will not be published. Required fields are marked *