• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 17th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News
WikiLeaks

Vault 7 Leak: CIA Collected Biometric Data from Partner Agencies

August 25th, 2017 Waqas Security, Leaks, WikiLeaks 0 comments
Vault 7 Leak: CIA Collected Biometric Data from Partner Agencies
Share on FacebookShare on Twitter

New Vault 7 Documents by WikiLeaks Show How CIA Collected Biometric Data from Partner Agencies.

The latest treasure trove of Vault 7 files, which refer to the confidential documents belonging to the United States’ Central Intelligence Agency or the CIA, has been released publicly by WikiLeaks.

The files, published on Thursday, are dated 2009 and once again depict how the CIA performed its espionage campaigns on its targets, which this particular time included other intelligence agencies.

The documents show the way CIA spied upon other intelligence agencies using a program dubbed as ExpressLane. It is worth noting that the software was designed for working on Windows XP based systems, but it is yet unclear if the tool is still being used and if yes then what changes have been made to its functionality.

The released or rather leaked documents are ticked as “Secret,” and have exposed the methodology of the CIA. The files revealed that two divisions of CIA’s Directorate of Science and Technology namely the Office of Technical Services (OTS) and Identity Intelligence Center (I2C) were involved in the covert collection of biometric data. ExpressLane discreetly copied data using the biometric software and disabled the software if the targeted agency didn’t require continued access.

The tool was developed so that the CIA could get the information, which its partner organizations were holding out, without even asking for it. The ExpressLane program is capable of accessing biometric data and copying it for the agency by appearing as a software update. The CIA handed over the program to its technicians called agents while the update didn’t make any changes to the program at all but just played the role of a siphon that provided the required data to the CIA.

ExpressLane was able to secretly collect data from intelligence organizations primarily because the targets use a biometric collection system that has been provided by the OTS. The agencies targeted include the FBI (Federal Bureau of Investigation), DHS (Department of Homeland Security) and NSA (National Security Agency) along with various liaison services across the globe. However, these are mere speculations as none of the targets that ExpressLane spied upon have been named in the released documents. What is confirmed is the fact that ExpressLane collected biometric data from the target partner agencies.

As per the leaked documents, an OTS agent installed ExpressLane on the targeted system using a USB device claiming to carry out an upgrade to the system. The software displayed fake update screen for a specific duration that is determined by the agent. In the background, the required biometric data was compressed, encrypted and copied to the USB drive that belonged to the agent. The collected data is later extracted at the CIA headquarters using the ExitRamp utility.

ExpressLane also allowed the CIA to make sure that the biometric software gets disabled after a certain number of days through Kill Date switch, which is enabled when the tool is getting installed. Kill Date specifies the date when the software will stop functioning. Usually, this duration was six months from the date of installation.

If the agent doesn’t return with the USB drive during these six months or whatever the duration is the biometric software’s license expires. However, if ExpressLane is run on the computer, the Kill Date gets extended. The purpose is to ensure that the CIA gets the data it needs.

WikiLeaks stated that the Florida based company Cross Match was responsible for manufacturing the core components of the biometric system. Cross Match is known for providing the field devices that helped in identifying al-Qaeda leader Osama bin Laden; it is the key firm that provides biometric software to intelligence and law enforcement agencies.

RELEASE: CIA 'Express Lane' system for stealing the biometric databases of its 'partner' agencies around the world. https://t.co/8FefOS2Ljl pic.twitter.com/LPwlAd0Tgr

— WikiLeaks (@wikileaks) August 24, 2017

Vault 7 documents previously leaked by Wikileaks:

BothanSpy and Gyrfalcon: Steals SSH credentials from Linux & Windows devices
OutlawCountry and Elsa: Malware targeting Linux devices and tracking user geolocation
Brutal Kangaroo: CIA hacking tools for hacking air-gapped PCs
Cherry Blossom: CherryBlossom & CherryBomb: Infecting WiFi routers for years
Pandemic: A malware hacking Windows devices
AfterMidnight and Assassin: CIA remote control & subversion malware hacking Windows
Dark Matter: CIA hacking tool infiltrating iPhones and MacBooks
Athena: A malware targeting Windows operating system
Archimedes: A program helping CIA to hack computers inside a Local Area Network
HIVE: CIA implants to transfer exfiltrated information from target machines
Grasshopper: A malware payloads for Microsoft Windows operating systems
Marble: A framework used to hamper antivirus companies from attributing malware
Dark Matter: A CIA project that infects Apple Mac firmware
Highrise: An Android malware spies on SMS Messages
Aeris, Achilles, SeaPea: 3 malware developed by CIA targeting Linux and macOS
Dumbo Project: CIA’s project hijacking webcams and microphones on Windows devices
CouchPotato Tool: Remotely Collects Video Streams from Windows devices

[fullsquaread][/fullsquaread]

  • Tags
  • Biometric
  • CIA
  • hacking
  • internet
  • LEAKS
  • Privacy
  • security
  • Spying
  • Surveillance
  • Vault 7
  • wikileaks
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Leaked: Private Photos of Nicole Scherzinger, Dakota Johnson and Addison Timlin 
Next article New Campaign Uses Facebook Messenger to Distribute Malware
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Warning as hackers breach MFA to target cloud services

Warning as hackers breach MFA to target cloud services

Google reveals high-profile attack targeting Android, Windows users

Google reveals high-profile attack targeting Android, Windows users

Owner forgets password to digital wallet with $240m of Bitcoin inside

Owner forgets password to digital wallet with $240m of Bitcoin inside

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
UK Police mistakenly deleted 150,000 arrest records in software glitch
Technology News

UK Police mistakenly deleted 150,000 arrest records in software glitch

2163
Facebook sues developer of data scraping extensions for Chrome
Cyber Crime

Facebook sues developer of data scraping extensions for Chrome

3244
Warning as hackers breach MFA to target cloud services
Cyber Attacks

Warning as hackers breach MFA to target cloud services

5088

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us