Newsletter Archives

  • ELSA: How the CIA tracked the location of an infected PC using WiFi signals

    The latest WikiLeaks release talks about ELSA, reportedly a CIA project that allowed the government (and now, apparently, everybody) to snoop on the location of an infected PC.

    ELSA is a geo-location malware for WiFi-enabled devices like laptops running the Micorosoft Windows operating system. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. To perform the data collection the target machine does not have to be online or connected to an access point; it only needs to be running with an enabled WiFi device. If it is connected to the internet, the malware automatically tries to use public geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp.