Security News Vault 7: Wikileaks Divulges CIA Tool for Capturing RTSP and H.264 Video Streams

Solarquest

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Wikileaks published today a manual for an alleged CIA tool that can capture the content of remote video streams and save them to disk for further analysis.

The tool's name is CouchPotato and is described in a usage manual dated to February 14, 2014, available online here.

According to its manual, CIA operatives can use a command-line interface to start the tool and point it to the URL of an RTSP or H.264 video stream and the location where to save the stream on disk.

CouchPotato targets IP camera video streams
RTSP and H.264 are the formats often used by IP-based surveillance cameras to stream video content over the Internet or inside a closed network.

CouchPotato looks like a tool that can be used without compromising a victim's network if the CIA operative manages to discover the URLs of the video streams.
...
 
  • Like
Reactions: Fritz
Solarquest

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
I really cannot understand why WikiLeaks keeps on (and nothing/nobody can stop them from) releasing Cia, NSA etc secret tools instead of "JUST" informing the SW/HW manufacturer and AV companies about them.
They could inform the public about what they found Without providing too many details and for sure not the code...same for POC publicly released by "experts"....way more attention and care should be used, in my opinion.

Bad people are now using them and surely learning from them and improving them.
 
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
Solarquest said:
I really cannot understand why WikiLeaks keeps on (and nothing/nobody can stop them from) releasing Cia, NSA etc secret tools instead of "JUST" informing the SW/HW manufacturer and AV companies about them.
Click to expand...
Because WikiLeaks wanted the affected companies to sign off on a list of completely unreasonable demands that included a 90-day disclosure deadline. (Apparently Julian Assange thinks he's qualified to proclaim that 90 days is enough time to manufacture fixes for every one of these vulnerabilities.)

There's also the issue that the documents detailing the vulnerabilities were illegally obtained and highly classified which could put the companies themselves in the crosshairs of the CIA or US government.
 
Last edited:
You must log in or register to reply here.

Similar threads

M
    • Like
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Replies
0
Views
414
Microsoft Defender
Microsoft Threat Intelligence
M
eonline
    • Like
    • Thanks
  • Locked
Expired Ant Download Manager PRO [for PC]
Replies
2
Views
2,455
Expired Giveaways
bayasdev
bayasdev
I
    • Like
New H.266 VVC codec reduces 4K and 8K data streams by 50%
Replies
3
Views
1,963
Social media
cali_max99
cali_max99

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top