New WikiLeaks files show how CIA uses 'Dumbo' tool to disrupt webcams, microphones

Since at least 2012, the US Central Intelligence Agency (CIA) has used a tool known as "Dumbo" that infects targets' machines in order to mute microphones, disable network connections and corrupt webcam video recordings, so that its tech-savvy spies can operate in peace.

Dumbo has the ability to "suspend processes utilising webcams" and corrupt video recordings that could compromise operations being managed by field agents working for the CIA's Physical Access Group (PAG), which is a division of its so-called Centre for Cyber Intelligence.

The files are the latest in a long line of disclosures from WikiLeaks, the website established by Julian Assange.

It comes as part of "Vault 7", a series of leaks detailing tools, programmes and exploits used by the secretive intelligence service to hack technology.

"Dumbo is designed as a PAG entry-operation utility that targets webcams and other monitoring software," reads a CIA slide dated June 2012. "PAG requests this capability to deter home security systems that may identify officers or prevent operations," it added.

Other documents, published by WikiLeaks on Thursday 3 August, are dated as recent as July 2015.

The tool "identifies installed devices like webcams and microphones either locally or connected by wireless or wired networks and disrupts how computers log activity," a Wikileaks statement read.

Dumbo is run by the field agent directly from an USB stick but requires admin privileges to perform its task. The files claim that it supports 32bit Windows XP, Vista, and newer versions of Windows OS. But 64bit Windows XP or Windows versions prior to XP are not supported.

"By deleting or manipulating recordings the operator is aided in creating fake or destroying evidence of the intrusion operation," WikiLeaks editorialised on its website, where 18 other alleged CIA tools – with nicknames like 'CherryBlossom' and 'Imperial' – are now hosted.

"The tool itself is dull," said security researcher x0rz, speaking to IBTimes UK.

"It deactivates the microphone and camera in the computer [after] being physically accessed by the CIA operator. If the cameras are handled by a remote server, the tool won't erase anything on that (as far as I understand the docs)," the security expert added, after looking over the files.

x0rz also said the tool would be "mostly useless" without an additional zero-day exploit because it requires so many escalated privileges to work as intended.

Amid the 'Dumbo' batch of documents was another alleged CIA tool, codenamed "Epione" and dated March 2012. The files described the tool as a passive/active scanner that can exfiltrate a targeted computer's network traffic – either at a "packet" level or via IP port scanning.

"I don't know why WikiLeaks put those two tools in the same category," x0rz said. WikiLeaks, via its official Twitter account, did not immediately respond to request for comment.

Previous leaks in the Vault 7 series have exposed alleged exploits for iOS smartphones, Android devices, smart-TVs, routers and WiFi devices. While the initial release was met with a storm of controversy, later releases have slipped out silently, without significant fanfare.

Russian state media outlets, including RT and Sputnik, are consistently first to highlight the CIA files.

The source of the leak is still unknown and it remains unclear if there have been any arrests in relation to the disclosures. According to the WikiLeaks' first disclosure in the series, the files were stolen from a top secret "cyber-espionage unit" located in Langley, Virginia.

In a previous statement, the US agency said: "It is the CIA's job to be innovative, cutting-edge, and the first line of defence in protecting this country from enemies abroad. America deserves nothing less." Assange remains in the Ecuadorian Embassy in London under political asylum.