WikiLeaks has published the documentation manual for an alleged CIA tool that can track users of Wi-Fi-capable Windows devices based on the Extended Service Set (ESS) data of nearby Wi-Fi networks. According to the tool’s 42-page manual, the tool’s name is ELSA. Bleeping Computer has an image embedded in its report that explains how the tool works. There are six steps that summarize the ELSA operation. Bleeping Computer reports: Step 1: CIA operative configures ELSA implant (malware) based on a target’s environment. This is done using a tool called the “PATCHER wizard,” which generates the ELSA payload, a simple DLL file. Step 2: CIA operative deploys ELSA implant on target’s Wi-Fi-enabled Windows machine. Because ELSA is an implant (malware), the CIA operator will likely have to use other CIA hacking tools and exploits to place the malware on a victim’s PC. Step 3: The implant begins collecting Wi-Fi access point information based on the schedule set by the operator. Data collection can happen even if the user is disconnected from a Wi-Fi network. Step 4: When the target user connects to the Internet, ELSA will take the collected Wi-Fi data and query a third-party database for geolocation information. Step 5: The CIA operative connects to the target’s computer and fetches the ELSA log. This is done via the tools that allowed the operator to place ELSA on his system, or through other tools. Step 6: The operator decrypts the log and performs further analysis on their target. Optionally, he can use the collected WiFi data to query alternate EES geo-location databases, if he feels they provide a better accuracy.
Read more of this story at Slashdot.