Arabic AR Chinese (Simplified) ZH-CN English EN French FR German DE Japanese JA Portuguese PT Russian RU Spanish ES Ukrainian UK

CIA’s ‘Star Wars’ tools can steal passwords, intercept data from secure networks

Latest news

    View the original article:

    The CIA can infiltrate secure Windows and Linux networks to steal passwords and spy on data sent over networks, according to the latest WikiLeaks Vault7 release. It also reveals a member of the CIA is a big Star Wars fan.

    ‘BothanSpy’ and ‘Gryfalcon’ projects are designed to intercept and exfiltrate SSH (Secure Shell) protocol credentials. Once the CIA has access to SSH credentials on a given network, it allows it to see what passwords and usernames are being used, as well as allowing the CIA to access data sent over the network, from personal emails to important documents.

    What is SSH?

    SSH is a protocol for operating network services securely, allowing  for secure remote login from one computer to another. It’s often used in corporate networks or private organizations for secure access, file transfer and managing computer networks.


    BothanSpy is the CIA implant that targets the SSH client program Xshell on Microsoft Windows.

    According to a secret 2015 CIA document, BothanSpy is developed by the Engineering Development Group (EDG), the division responsible for creating the CIA’s hacking tools. Version 1.0 was created in March 2015.

    It steals user credentials for all active SSH sessions, which could be usernames, passwords or data.

    BothanSpy allows the CIA to save the stolen credentials in an encrypted file to be removed at a later time, or it can exfiltrate the stolen credentials to a server controlled by the agency. This way the BothanSpy never touches the target system’s disk so can’t be traced.

    “BothanSpy takes a very paranoid approach when collecting credential information,” the document explains. “However, there is always some risk (no matter how small it may be) to using BothanSpy against an untested/unofficial version of Xshell.”


    The creator of the BothanSpy user manual appears to be a fan of the Star Wars franchise. Bothan are a species in Star Wars which steal information about the Death Star for the Rebel Alliance.

    The manual features Star Wars references under ‘Known Issues’ and ‘Troubleshooting.’  

    “It does not destroy the Death Star, nor does it detect traps laid by The Emperor to destroy Rebel fleets,” are some of the issues listed.

    In Troubleshooting, it says, “I went to destroy the Death Star with the information obtained by BothanSpy, but The Empire’s entire Star Ship fleet warped in, and the shield generators are not down on the Death Star, what gives?” The answer given is, “I told you it would be a trap, that’s on you.”


    ‘Gryfalcon’ targets Linux platforms, such as ubuntu and suse. Linux is seen as a more secure platform, but the CIA is able to penetrate its network too.

    It not only captures user logins, but it has the ability to “execute commands on behalf of the legitimate user,” a user guide from November 2013 explains.

    It is a library loaded onto the OpenSSH of Linux platforms and contains an application that compresses, encrypts and stores data in a file on the Linux platform.

    A third party application is needed to transfer the “captured keystrokes” and data from the Linux platform to a CIA listening post. (A listening post is used to monitor devices hacked with the CIA’s malware implants. They can be physical or virtual and stored on a CIA computer server.)

    Gyrfalcon is a type of bird, and not Star Wars-inspired.

    In the same category are

    Child abuse imagery ‘found within Bitcoin’s blockchain’ Child abuse imagery has been detected in Bitcoin’s blockchain, according to a new study. The discovery potentially puts cryptocurrency users at risk, ...
    Israel officially admits striking ‘Syrian nuclear reactor’ in 2007 Israel Defense Forces have shared details of an airstrike that destroyed an alleged nuclear reactor under construction in Syria’s Deir ez-Zor back in ...
    US learned nothing from Iraq war – Ron Paul The US must learn from its mistakes and stop interfering in the Middle East, former US congressman Ron Paul has told RT America’s Ed Schultz. He said ...
    Russian astronomers devote newly-discovered black hole to Stephen Hawking Russian astronomers have discovered a newborn black hole in the Ophiuchus constellation and have dedicated it to renowned English theoretical physicis...
    Japan joining US global anti-missile shield ‘directly affects’ Russia’s security interests – Lavrov The deployment of US missile shield components in Japan directly affects Russia’s national security and regional interests, Russian Foreign Minister S...
    Shock horror! Trump congratulates Putin on election victory and media goes nuts All hell broke loose in Washington DC on Tuesday when President Donald Trump confirmed that he had congratulated Russian president Vladimir Putin on h...

    Leave a comment

    Your email address will not be published. Required fields are marked *