Wikileaks has released its latest Vault 7 files that allegedly reveal the CIA's creepy location-tracking malware dubbed Elsa. The spy agency's malware, specifically designed to target Windows PC, dates back to 2013.
Although Elsa was designed specifically to target computers running Windows 7, experts reportedly believe that the CIA could also have a version targeting all Windows versions, given the malware's use of fairly simple technique.
"ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals."
Elsa targets offline computers
According to WikiLeaks files, Elsa can perform "data collection" on offline computers. The malware only needs to be "running with an enabled WiFi device." In case the targeted systems are connected to the internet, the malware automatically attempts to use data from geo-location databases from Google or Microsoft.
"The collected access point/geo-location information is stored in encrypted form on the device for later exfiltration. The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device - again using separate CIA exploits and backdoors," WikiLeaks documents said.
"This technique has been done and known about for a long time," Alex McGeorge, the head of threat intelligence at Immunity told Wired. "It's like give me all the information from the radios on your [device] to try to get a better fix on your location."