维基解密最新文件——“小飞象”使物理入侵瞒天过海

“小飞象”项目机密文件

今天，维基解密发布了美国中央情报局（CIA）的小飞象（Dumbo）项目文件。Dumbo可以暂停摄像头正在使用的进程，并且可以破坏相关任何视频记录，这些记录有可能是PAG小组入侵行动的记录。PAG（物理访问入侵小组）是CCI（网络智能中心）内设一个特殊的分支机构，其任务是在中央情报局执行任务中，获取对目标计算机的物理访问并加以利用。

Dumbo 可以在运行Microsoft Windows操作系统的目标计算机上识别、控制和操控视频监控和检测系统，可以识别已安装的各类设备，例如本地、通过无线（蓝牙、WiFi）或网线连接的摄像头和麦克风。所有与监控设备相关的进程（通常用于记录、监视或检测视频、音频和网络流量）都可以被识别并且被操纵者终止。通过删除或修改记录，操作者可以伪造或破坏其入侵操作的真实证据。

Dumbo可以由现场特工直接从U盘运行;需要管理员权限来执行其任务；支持 32位Windows XP，Windows Vista和更新版本的Windows操作系统，但不支持64位Windows XP或XP之前的Windows版本。◣

以下为维基解密官网原文内容

Dumbo

3 August, 2017

Today, August 3rd 2017 WikiLeaks publishes documents from the Dumbo project of the CIA. Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment. The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.

Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating sytem. It identifies installed devices like webcams and microphones, either locally or connected by wireless (Bluetooth, WiFi) or wired networks. All processes related to the detected devices (usually recording, monitoring or detection of video/audio/network streams) are also identified and can be stopped by the operator. By deleting or manipulating recordings the operator is aided in creating fake or destroying actual evidence of the intrusion operation.

Dumbo is run by the field agent directly from an USB stick; it requires administrator privileges to perform its task. It supports 32bit Windows XP, Windows Vista, and newer versions of Windows operating system. 64bit Windows XP, or Windows versions prior to XP are not supported. ◣

Leaked Documents / 机密文件下载链接

http://www.dbappsecurity.com.cn/file/Dumbo相关资料.zip

- END -