Leaked documents from activist group Wikileaks and as reported by the Daily Mail has shown that the Central Intelligence Agency (CIA) has hacked a number of routers and has converted them into devices used to snoop in on people’s conversations. The Daily Mail reports that the hacks have targeted 25 router models from manufacturers such as Linksys, DLink and Belkin. Furthermore, the Daily Mail cites the Wikileaks document as stating that the firmware could be expanded to affect a hundred or more devices if they are given only slight modifications.
The 175-page document was reportedly nicknamed “CherryBlossom” (CB for short) by the intelligence agency. The document described CherryBlossom as stating that: “The Cherry Blossom (CB) system provides a means of monitoring the internet activity of and performing software exploits on targets of interest”.
The firmware apparently works by converting the router into a “FlyTrap” that sends messages also known as “beacons” to CIA-controlled server nicknamed “CherryTree”. The FlyTrap sends information such as the router’s device and security information, which CherryTree logs into a database.
Devices that were protected with a weak or default password were highly susceptible to the firmware, the document from Wikileaks show.
The findings, if true, show the various problems associated with friendly governments taking the view that it is acceptable for intelligence agencies to compromise either security or privacy. The end result can only be the use of such mechanisms by actors with less than noble intentions – ranging from hostile governments to organised criminals to terrorists all the way down to script kiddies. This serves as a useful forewarning on the dangers of requiring ‘backdoors’ on encryption technology, together with the policy ramifications from the Investigatory Powers Act Technical Capability Notices.