Vault 7: CIA’ Dumbo Project Hijacking Webcams and Microphones

The Vault7 saga is far from over, and every passing week we are being introduced to a new set of tricks and tools that were allegedly used by the CIA for invading the privacy of security systems. CIA’s Dumbo Project is a system designed to manipulate Microphones, webcams and similar other devices installed on Microsoft Windows OS.

As per the documents released by WikiLeaks, the project was capable of corrupting video recordings that could compromise the Physical Access Group/PAG’s deployment. The PAG is a special branch of the Center for Cyber Intelligence/CCI. It was tasked to get physical access and exploit target computers on CIA field operations.

The Dumbo project’s hacking tools could kill processes through webcams. According to WikiLeaks’ press release, the tool allows for the identification, control, and manipulation of the monitoring and detection systems, like webcams and microphones, on a target computer running the Microsoft Windows operating system. It requires direct access to the computer as it is run from a USB stick.

The press release further revealed that “all processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings, the operator is aided in creating fake or destroying actual evidence of the intrusion operation.”

Previously, WikiLeaks released Dumbo Project documents in June 2012. The Tool Delivery Review document highlighted that the system’s capabilities were utilized by the CIA’s special branch to prevent home security systems from identifying officers and also to prevent operations. 

For that, a USB thumb drive was required to execute the program, which was to be connected with the machine dedicated for Dumbo’s operations. That is, if the CIA wanted to maintain the record, it was necessary that the thumb drive from where Dumbo was executed remained plugged into the system until the operation was completed.

The tool can identify devices like local or wireless connected networks and would prevent webcams and microphones from monitoring.

Vault 7 documents previously leaked by WikiLeaks:

BothanSpy and Gyrfalcon: Steals SSH credentials from Linux & Windows devices
OutlawCountry and Elsa: Malware targeting Linux devices and tracking user geolocation
Brutal Kangaroo: CIA hacking tools for hacking air-gapped PCs
Cherry Blossom: CherryBlossom & CherryBomb: Infecting WiFi routers for years
Pandemic: A malware hacking Windows devices
AfterMidnight and Assassin: CIA remote control & subversion malware hacking Windows
Dark Matter: CIA hacking tool infiltrating iPhones and MacBooks
Athena: A malware targeting Windows operating system
Archimedes: A program helping CIA to hack computers inside a Local Area Network
HIVE: CIA implants to transfer exfiltrated information from target machines
Grasshopper: A malware payloads for Microsoft Windows operating systems
Marble: A framework used to hamper antivirus companies from attributing malware
Dark Matter: A CIA project that infects Apple Mac firmware
Highrise: An Android malware spies on SMS Messages
Aeris, Achilles, SeaPea: 3 malware developed by CIA targeting Linux and macOS

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.