CIA’s ‘Star Wars’ tools can steal passwords, intercept data from secure networks

Latest news

    View the original article:

    The CIA can infiltrate secure Windows and Linux networks to steal passwords and spy on data sent over networks, according to the latest WikiLeaks Vault7 release. It also reveals a member of the CIA is a big Star Wars fan.

    ‘BothanSpy’ and ‘Gryfalcon’ projects are designed to intercept and exfiltrate SSH (Secure Shell) protocol credentials. Once the CIA has access to SSH credentials on a given network, it allows it to see what passwords and usernames are being used, as well as allowing the CIA to access data sent over the network, from personal emails to important documents.

    What is SSH?

    SSH is a protocol for operating network services securely, allowing  for secure remote login from one computer to another. It’s often used in corporate networks or private organizations for secure access, file transfer and managing computer networks.


    BothanSpy is the CIA implant that targets the SSH client program Xshell on Microsoft Windows.

    According to a secret 2015 CIA document, BothanSpy is developed by the Engineering Development Group (EDG), the division responsible for creating the CIA’s hacking tools. Version 1.0 was created in March 2015.

    It steals user credentials for all active SSH sessions, which could be usernames, passwords or data.

    BothanSpy allows the CIA to save the stolen credentials in an encrypted file to be removed at a later time, or it can exfiltrate the stolen credentials to a server controlled by the agency. This way the BothanSpy never touches the target system’s disk so can’t be traced.

    “BothanSpy takes a very paranoid approach when collecting credential information,” the document explains. “However, there is always some risk (no matter how small it may be) to using BothanSpy against an untested/unofficial version of Xshell.”


    The creator of the BothanSpy user manual appears to be a fan of the Star Wars franchise. Bothan are a species in Star Wars which steal information about the Death Star for the Rebel Alliance.

    The manual features Star Wars references under ‘Known Issues’ and ‘Troubleshooting.’  

    “It does not destroy the Death Star, nor does it detect traps laid by The Emperor to destroy Rebel fleets,” are some of the issues listed.

    In Troubleshooting, it says, “I went to destroy the Death Star with the information obtained by BothanSpy, but The Empire’s entire Star Ship fleet warped in, and the shield generators are not down on the Death Star, what gives?” The answer given is, “I told you it would be a trap, that’s on you.”


    ‘Gryfalcon’ targets Linux platforms, such as ubuntu and suse. Linux is seen as a more secure platform, but the CIA is able to penetrate its network too.

    It not only captures user logins, but it has the ability to “execute commands on behalf of the legitimate user,” a user guide from November 2013 explains.

    It is a library loaded onto the OpenSSH of Linux platforms and contains an application that compresses, encrypts and stores data in a file on the Linux platform.

    A third party application is needed to transfer the “captured keystrokes” and data from the Linux platform to a CIA listening post. (A listening post is used to monitor devices hacked with the CIA’s malware implants. They can be physical or virtual and stored on a CIA computer server.)

    Gyrfalcon is a type of bird, and not Star Wars-inspired.

    In the same category are

    Majority of Austrians support closing of mosques as govt battles ‘political Islam’ – poll The Austrian government’s push against “political Islam” has drawn popular support, a recent poll shows. While more than 60 percent approve of the mea...
    Hit ‘em where it hurts: Chinese tariffs target American nuts & hundreds of other products In an attempt to kick Washington in its natural resources, Beijing has revealed a list of US goods set to be affected by the first round of retaliator...
    ‘We don’t want European-style immigration here’: Trump slams Merkel’s policy Amid a national furor over his immigration policy, US President Donald Trump took to Twitter to call for stronger border laws, citing Germany’s ‘open-...
    Almost half of Indians out of drinking water by 2030, 600 million facing shortages – study Hundreds of millions of Indians are in need of clean water and demand may twice exceed the available supply by 2030, a government think tank has warne...
    WORLD CUP 2018 DAY 5 LIVE #FansEyeView #FootWall WORLD CUP 2018 DAY 5 LIVE #FansEyeView #FootWall 19 Jun, 2018 12:23 'Aware of its significance’ – England fans pay respects at WWII memorial, win f...
    Deadly quake interrupts traffic, wrecks houses & causes blackout in Japan’s Osaka area (VIDEOS) As well as killing at least three people and injuring hundreds, a powerful earthquake in the Osaka region has briefly brought chaos to local transport...

    Leave a comment

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.