Cyber Security JISC Reuse

WikiLeaks is forging on with its CIA-focused Vault 7 leaks, mostly just confirming fears, but also bringing some new revelations. Today’s release focuses on ‘Dumbo’, a tool used to shut off webcams, surveillance, and monitoring systems on Windows PCs.

“Dumbo is a capability to suspend processes utilizing webcams and corrupt any video recordings that could compromise a PAG deployment,” explains WikiLeaks. “The PAG (Physical Access Group) is a special branch within the CCI (Center for Cyber Intelligence); its task is to gain and exploit physical access to target computers in CIA field operations.”

Dumbo can identify webcams and microphones either locally, wirelessly, or on wired networks. Operators can then stop the devices, implant fake recordings, or destroy existing footage.

The tool also contains two executables, wscupid.exe and wermgr.exe designed to cause a blue screen on 32-bit and 64-bit operating systems.

Physical Access Required

Though it sounds like a powerful tool, Dumbo does have a lot of drawbacks. Operators need physical access to the target computer and it runs from a USB stick. More importantly, they must have admin privileges.

Some portions also don’t work when the webcam input is virtualized, such as with Fujitsu’s YouCam software. Attempting to run the tool will likely result in no meaningful output of details, and Dumbo also fails to run if another program is using the camera.

The documents reveal success on 32-bit Windows XP, Windows Vista, and newer versions. 64-bit versions of Windows XP and OSes prior to it are not supported. Though not particularly revolutionary, the leaks do give a good insight into how the CIA operates.