WikiLeaks Reveals CherryBlossom CIA Router Snooping Hacking Tools

WikiLeaks has released documents revealing that the CIA has been developing and maintaining a set of hacking tools that can be used to infiltrate routers and monitor their network traffic.

The documents date back to 2012  and detail a CIA project called CherryBlossom designed to secretly monitor the Internet traffic of people and targets of interest to the US government agency.

Router hacking

“CherryBlossom is focused on compromising wireless networking devices, such as wireless routers and access points (APs), to achieve these goals,” said WikiLeaks’ post about CherryBlossom.

“These devices are the ideal spot for “Man-In-The-Middle” attacks, as they can easily monitor, control and manipulate the Internet traffic of connected users. By altering the data stream between the user and Internet services, the infected device can inject malicious content into the stream to exploit vulnerabilities in applications or the operating system on the computer of the targeted user.”

Through this code injection attack, CherryBlossom allows the remote control of an infected router, allowing for the CIA to not only monitor the router’s traffic but also harvest useful information such as passwords, and redirect targeted users to the CIA’s choice of website.

CherryBlossom can be configured to target routers from ten different manufacturers, including the likes of Asus, Belkin, Dell and Netgear.

The CIA can cover their tracks on a hacked router through the use of encryption to hide the data sent back to the CIA as well as use cryptographic authentication to avoid detection.

CherryBlossom is added to routers through loading it onto a targeted device’s firmware through the use of a wireless connection.

This creates what the CIA calls a ‘FlyTrap’ which connects to a command and control server used by the CIA and referred to as CherryTree. Through a browser-based user interface called CherryWeb, a CIA operative can control the CherryBlossom tools and plan mission tasks for the malware.

This would point point CherryBlossom being a project for highly targeted CIA monitoring rather than the more mass surveillance nature of the NSA’s PRISM programme.

The WikiLeaks documentation did not reveal if and how the CherryBlossom tools were put into effect, but they do demonstrate the cyber surveillance capabilities of the CIA.

With the recent batch of terror attacks prompting cyber snooping to be made legal in Switzerland, we would not be surprised to see more hacking and surveillance tools brought to light by WikiLeaks and other whistleblowers.

Quiz: What do you know about privacy?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Google Warns Of Italian Spyware On Apple, Android Phones

Italian company's hacking tools have been used to spy on Apple, Android smartphones in Italy…

19 hours ago

Intel Signals Delay To Ohio Factory Over US Chips Act Dispute

Chip maker warns new factory in Columbus, Ohio could be delayed or scaled back, over…

19 hours ago

Silicon UK In Focus Podcast: Sustainable Business

How do sustainable businesses use technology to innovate? And as businesses want to connect sustainability…

21 hours ago

Australia Fines Samsung Over Water-Resistance Claims

Samsung rapped over the knuckles by Australian regulator because of 'misleading' Galaxy smartphone water-resistance claims…

1 day ago

Amazon Reveals Alexa Option To Mimic Any Person’s Voice

Bereavement aid for those in mourning? Amazon's Alexa voice assistant could be programmed to sound…

1 day ago