Details of the CIA’s Dumbo project, a system that manipulates devices such as webcams and microphones on Microsoft Windows-operating systems, have been published by WikiLeaks. The program also corrupts video recordings, according to the leaked documents.
The whistleblowing organization released the files as part of its Vault 7 series on the CIA’s hacking capabilities.
According to Wikileaks, the technology is intended for use where the deployment of a special branch within the CIA’s Center for Cyber Intelligence could be compromised.
Dumbo can identify, control and manipulate monitoring and detection systems on a target computer running the Microsoft Windows operating system, according to the documents.
The earliest Dumbo document released by WikiLeaks is dated June 25, 2012. The Tool Delivery Review document states that the system’s capabilities are being requested by the CIA’s special branch to “deter home security systems that may identify officers or prevent operations.”
The program has to be executed “directly from a USB thumb drive,” according to a field guide for the system released by WikiLeaks on Thursday. The document indicates that the thumb drive has to be connected to the machine for Dumbo to work: “For the log to be maintained, the thumb drive Dumbo is executed from must remain plugged into the system throughout the duration of the operation.”
“Logging entries are also preceded by a header labeling if the entry is good, bad, or simply informative,” the field guide notes. “The following shows an example log excerpt:”
It identifies installed devices such as webcams and microphones, locally or connected by wireless (Bluetooth, WiFi) or wired networks, and it can block all processes related to the devices, including recording and monitoring.
A user guide dated June 2015 sets out Dumbo’s capacity to mute microphones, disable all network adapters, and suspend camera recording. The program notifies its operator of any files to which those processes were actively writing so that they may be selectively corrupted or deleted.
WikiLeaks suggests that by deleting or manipulating recordings the operator can create fake – or destroy real – evidence of their intrusion into the device.
The documents say Dumbo operates on 32bit Windows XP, Windows Vista, and newer versions of the Windows operating system, but is not supported for 64bit Windows XP, or Windows versions prior to XP.