The CIA developed implants “for roughly 25 different devices from 10 different manufacturers” to allow for clandestine surveillance on home, business and public wireless internet networks. The spying has occurred for years.
That’s according to newly-uncovered WikiLeaks documents detailing the agency’s “Cherry Blossom” surveillance initiatives, which CIA spies developed with the help of the nonprofit Stanford Research Institute.
Here’s how WikiLeaks describes the program:
CherryBlossom provides a means of monitoring the Internet activity of and performing software exploits on Targets of interest. In particular, CherryBlossom is focused on compromising wireless networking devices, such as wireless routers and access points (APs), to achieve these goals. Such Wi-Fi devices are commonly used as part of the Internet infrastructure in private homes, public spaces (bars, hotels or airports), small and medium sized companies as well as enterprise offices. Therefore these devices are the ideal spot for “Man-In-The-Middle” attacks, as they can easily monitor, control and manipulate the Internet traffic of connected users. By altering the data stream between the user and Internet services, the infected device can inject malicious content into the stream to exploit vulnerabilities in applications or the operating system on the computer of the targeted user.
The wireless device itself is compromized by implanting a customized CherryBlossom firmware on it; some devices allow upgrading their firmware over a wireless link, so no physical access to the device is necessary for a successful infection. Once the new firmware on the device is flashed, the router or access point will become a so-called FlyTrap. A FlyTrap will beacon over the Internet to a Command & Control server referred to as the CherryTree. The beaconed information contains device status and security information that the CherryTree logs to a database. In response to this information, the CherryTree sends a Mission with operator-defined tasking. An operator can use CherryWeb, a browser-based user interface to view Flytrap status and security info, plan Mission tasking, view Mission-related data, and perform system administration tasks.
In other words, the agency has the capability to essentially turn a home WiFi router into a powerful surveillance device capable of infecting all manner of internet-connected devices with spyware. Popular affected Wifi devices include those manufactured by Asus, Belkin, D-Link, Linksys, Motorola, Dell and Netgear.
According to one document, the program may have been in place since as far back as 2006.