“Today, June 28th 2017, WikiLeaks publishes documents from the ELSA project of the CIA. ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system … If it [device] is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp,” WikiLeaks said in a press release.
RELEASE: CIA 'ELSA' implant to geolocate laptops+desktops by intercepting the surrounding WiFi signals https://t.co/XjyyXIqXAz pic.twitter.com/XAYMlBbY7i
— WikiLeaks (@wikileaks) June 28, 2017
According to the statement, the malware, once it is persistently installed on a targeted device, does not have to be connected to the internet to continue collection of data.
“Additional back-end software (again using public geo-location databases from Google and Microsoft) converts unprocessed access point information from exfiltrated logfiles to geo-location data to create a tracking profile of the target device,” WikiLeaks said.
WikiLeaks began releasing Vault 7 on March 7, with the first full part comprising 8,761 documents. The previous release took place on June 22 and was dedicated to the CIA "Brutal Kangaroo” hacking tool.
