#Vault7: CIA’s ‘Pandemic’ turns file servers into ‘Patient Zero’

The latest WikiLeaks ‘Vault7’ release details an alleged CIA project allowing the spy agency to give file servers the capability to infect machines which access them remotely.

*

‘Pandemic’ reveals the role of a persistent implant for Microsoft Windows file servers, accessed by remote machines to run programs, according to a statement from WikiLeaks.

The project acts as a ‘Patient Zero’ – a term used to describe the first identified carrier of a communicable disease during an outbreak.

Screen Shot 2017-06-01 at 3.05.21 PM

‘Pandemic’ disguises itself on the infected source machine where the targeted files remain unchanged.

It’s modified when in transit from the source file server to the remote machine. When executed on the new machine ‘Pandemic’ will install the program, an iteration of which will now contain modified code.

‘Pandemic’ can replace up to 20 programs, with a maximum size of 800MB.

Screen Shot 2017-06-01 at 3.06.23 PM

According to WikiLeaks “a single computer on a local network with shared drives that’s infected with the ‘Pandemic’ implant will act like a ‘Patient Zero’ in the spread of a disease.” 

The latest release, which consists of five files, does not make clear if the infected machines become new pandemic servers, although WikiLeaks claims this is technically feasible.

According to the ‘Pandemic’ documentation its installation takes between 10 to 15 seconds.

The release is the latest in WikiLeaks’ ‘Vault7’ series, detailing hacking techniques allegedly sourced from within the CIA.

Previous releases have revealed techniques used to weaponize mobile phones, conduct surveillance via Smart TVs and load and execute malware on a target machine.

Screen Shot 2017-06-01 at 3.07.21 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s