Documents published by WikiLeaks on June 15 show that the CIA has been monitoring the flow of internet traffic using some hacking tools as part of Company operations on some of the home and business Wi-Fi routers made by Netgear, Linksys, D-Link, Belkin, Asus and other top tech firms and wireless devices like such as wireless (802.11) routers and access points (APs).
Included in the “dozens of files” released by WikiLeaks are installation guides, manuals, and maps that indicate the CIA’s use of various tools for monitoring and analyzing their targets’ online activities, among other things. The infected routers spy on the internet-connected devices’ activities without the user knowing, turning them into “covert listening points. The only thing is that everything you’re doing on the internet is going through the CIA.
The CIA created software implants capable of gaining control in roughly 25 different devices from 10 manufacturers. You need to check if your home Wi-Fi router is one of them.
CIA has a 10-year-old, 175-page user manual for setting up the spying activity dubbed “Cherry Blossom” which “maintains an information database of wireless network devices in the “WiFi Devices.xls” document. This database contains information about hundreds of network devices, including manufacturer, make, model, version, reference design, FCC ID, network processor, wireless chipset, operating system, default username/password, etc. It also contains firmware analysis information about exact make, model, hardware versions, and firmware versions supported by CB,” read the WikiLeaks report.
CherryBlossom monitor a target’s internet activity, scan for contact information, redirect their browser, and otherwise rummage around. It also helps injecting malicious firmware into the targeted routers and when successful, it becomes nearly impossible to detect them because such malware infect the hardware itself and is not something anti-virus software is capable of checking.
The CIA also hacked networked passwords.
The document also consists of a list of routers and access points, some of which are more than five years old. The first list of devices, titled “WiFi Devices,” is described in the CherryBlossom user manual. Now, while it’s clear that the CherryBlossom project targeted the mentioned list of routers, however, it still remains unclear if they have actually been successfully compromised.
Routers have been a frequent and desirable target for freelance or intelligence community hackers because they offer access to an entire network, and have historically come equipped with various security flaws.
It also explains how a maneuver called “tomato” can steal the routers’ passwords if a default feature known as a universal plug and play is left on.