WikiLeaks: Grasshopper, CIA's Windows Hacking Tool

[Ink]

WikiLeaks Source: WikiLeaks - Grasshopper-v2_0_2-UserGuide

In case you haven’t had your dose of paranoia fuel today, WikiLeaks released new information concerning a CIA malware program called “Grasshopper,” that specifically targets Windows.

According to the user guide:

Grasshopper is a software tool used to build custom installers for target computers running Microsoft Windows operating systems.​

Grasshopper is designed to detect the OS and protection on any Windows computer on which it’s deployed, and it can escape detection by anti-malware software.

If that was enough for you to put your computer in stasis, brace yourself for a doozy: Grasshopper reinstalls itself every 22 hours, even if you have Windows Update disabled.

As if this wasn’t alarming enough, the Grasshopper user guide even states upfront that Grasshopper uses bits from a toolkit taken from Russian organized crime.

 

[Winter Soldier]

Grasshopper is a software tool used to build custom installers for target computers running Microsoft Windows operating systems.

This is like the dark side of the moon...no other words.

 

[509322]

A variation on @Spawn's stupendous post on another thread (I think one of the greatest posts of all-time):

PARANOID USER READS LATEST REPORTED FUD\IT SECURITY ARTICLE

"KERMIT FREAKS OUT AFTER KILLING TWO CHILDREN" is a typo. It is supposed to be:

"KERMIT FREAKS OUT BECAUSE HE THOUGHT HE WAS SAFE WITH 42.7 SECURITY SOFTS INSTALLED"

 

[Entreri]

I guess it is only the NSA that has backdoor access to Windows.

Anyway, with M$ forcing app downloads on your PC without consent and collecting massive amounts of data, Windows is hardly secure.

 

[JHomes]

 

[Handsome Recluse]

@Lockdown
42.7 security softs? So weak. That's not enough to protect against this threat

clearly...

 

[509322]

What I see is that IT security articles do mostly nothing but incite fear and unrest among those that are paranoid and\or have doubts about their system security. The vast majority of the time the fear and paranoia is unfounded and misdirected.

How many users here can confirm that their system has been seriously compromised by anyone ? And I am not talking about a commodity infection, but instead the nation-state stuff.

 

[Weebarra]

What I see is that IT security articles do mostly nothing but incite fear and unrest among those that are paranoid and\or have doubts about their system security. The vast majority of the time the fear and paranoia is unfounded and misdirected.

How many users here can confirm that their system has been seriously compromised by anyone ? And I am not talking about a commodity infection, but instead the nation-state stuff.

Like me, since i joined this site last week, in the hope of picking up some security tips, i am petrified by all the malicious and scary stuff out there

 

[509322]

Like me, since i joined this site last week, in the hope of picking up some security tips, i am petrified by all the malicious and scary stuff out there

Install a few good security softs and stick with them. Ask questions when you don't understand. You will learn.

 

[Arequire]

What I see is that IT security articles do mostly nothing but incite fear and unrest among those that are paranoid and\or have doubts about their system security. The vast majority of the time the fear and paranoia is unfounded and misdirected.

How many users here can confirm that their system has been seriously compromised by anyone ? And I am not talking about a commodity infection, but instead the nation-state stuff.

I used to read a lot of security blogs several years back and this is pretty much spot on. There was always daily doomsday articles about some horrifying new malware, some exposed vulnerability that didn't have a patch in sight or some test that showed my AV software not being 'good enough'. It put me in a really pathetic place; had me switching AVs all the time trying to discover which is the 'best' and installing a ton of different security software to try and protect different areas of my system even if it got in the way of my daily life.
Eventually I stopped reading them and nowadays when I think about the whole experience I find it both really sad and funny because I honestly can't remember the last time I had a single malware infection.

 

[509322]

I used to read a lot of security blogs several years back and this is pretty much spot on. There was always daily doomsday articles about some horrifying new malware, some exposed vulnerability that didn't have a patch in sight or some test that showed my AV software not being 'good enough'. It put me in a really pathetic place; had me switching AVs all the time trying to discover which is the 'best' and installing a ton of different security software to try and protect different areas of my system even if it got in the way of my daily life.
Eventually I stopped reading them and nowadays when I think about the whole experience I find it both really sad and funny because I honestly can't remember the last time I had a single malware infection.

Sky is falling, we're all about to be FUDed to death, nothing is good enough to protect the system , I must add 192.3 more layers of protection, government conspires with Microsoft and everybody else to record everything I do, Big Brother is always listening, Windows Updates are installing malware on my system, and a whole volume of additional utter nonsense...

The ultra-sensitive privacy types are the worst. I firmly believe in privacy, but going to extreme lengths to run a VPN through Tor with bridging, anonymizing browsers, and that whole rigmarole for day-to-day activity is pointless. For those that truly need such a config it is appropriate, but for the typical user it does not.

 

[Amelith Nargothrond]

Fear of the unknown is natural in every human being. In most cases, this won't get cured, but a little common sense can be applied.

• CIA, NSA or any other agency won't complicate their already complicated existence with hacking into insignificant (from their point of view) people's PCs
• Articles of sorts are meant, in many cases, to discredit, misinform, intimidate or to pay some attention to someone/something completely irrelevant otherwise; don't believe everything you read on the internet; better said, trust but verify
• If CIA, NSA etc. are so powerful, don't you think they could spy on people by other more accessible means? Legally, in the name of national security? They say they blew up 2 towers to get there. And even if they don't, do you imagine the processing power they need to filter all the data they capture? And even if they do have it, don't you think some paranoid security analyst wouldn't observe if he/she's being monitored? That traffic has to go somewhere in the end, and there is no environment where this is not visible somehow
• I'm not saying they don't have the resources to hack something if they really want (targeted attacks)... but they really need to have a reason to go through the trouble of hacking you

The truth is still out there... but usually it does not involve your PC, no matter how much you want to believe in the X-Files and aliens

 

[509322]

The truth is still out there... but usually it does not involve your PC, no matter how much you want to believe in the X-Files and aliens

UFOs, little green men, and dice...

 

[Arequire]

The ultra-sensitive privacy types are the worst.

I was one of those too right after the Snowden leaks came out. Switched to Tails, Tor and Startpage. Turns out trying to use Tails and Tor on a day-to-day basis for casual browsing is the worst experience ever. I might not agree with mass surveillance but I've given up caring about or trying to circumvent it. I doubt it'll ever affect me during my lifetime and until my government starts showing signs of becoming a dictatorship who locks people up for what sites they visit they can continue to monitor what I do. God forbid the government knows I watch the pr0nz now and again.
Zero problems with targeted surveillance though. The CIA have my blessing on bugging smart TVs to listen in on terrorists plotting the many ways they can massacre us. I think the big problem is people misunderstand what the CIA actually do.

I do however still have a problem with advertisers tracking and data-mining my browsing activity. Think there definitely needs to be some transparency from the whole online advertising industry in that regard.

 

[Amelith Nargothrond]

I was one of those too right after the Snowden leaks came out. Switched to Tails, Tor and Startpage. Turns out trying to use Tails and Tor on a day-to-day basis for casual browsing is the worst experience ever. I might not agree with mass surveillance but I've given up caring about or trying to circumvent it. I doubt it'll ever affect me during my lifetime and until my government starts showing signs of becoming a dictatorship who locks up people for what they do online they can continue to monitor what I do online. God forbid the government knows I watch the pr0nz now and again.
Zero problems with targeted surveillance though. The CIA have my blessing on bugging smart TVs to listen in on terrorists plotting the many ways they can massacre us.

I do however still have a problem with advertisers tracking and data-mining my browsing activity. Think there definitely needs to be some transparency from the whole online advertising industry with regard to tracking.

Advertising is a powerful industry for one simple reason: people are not educated enough for the online world, to avoid ads and data mining, not to mention many of them are naive and click on everything. And even the educated ones can fall into their trap because they are also extremely smart and invest a lot in the psychology of the masses. They know what they are doing and how to do it to have the best possible impact on most of the people.

I don't think this will ever stop. It is in their best interest and also to the government's interest to keep the population as stupid as they can because they are easier to manipulate. If we evolve, they'll find something else to continue.

Unfortunately, they are many and we are just a few, very difficult to do something, to fight this efficiently, even with today's technology and social media. But we must surely never stop trying.

 

[509322]

Even if it is proven that government agencies are up to no good domestically, seems like nothing satisfactory is ever done about it.

 

[Amelith Nargothrond]

That's the problem, I don't think they have any reason to do something about it... so they won't. Somebody has to be the boss of most of us, it's difficult if we all realize we are just slaves of their system...

 

[Amelith Nargothrond]

The ultimate goal is power.
What if the society or one person could harness power with knowledge and contribution (two examples), and not by money? Everything would change.
But we don't do that, money is the thing that buys power. And this is what they exploit. A person who's illiterate can have more money than one university professor. And with money, he could buy himself the power to do whatever he wants, while the professor dies of a heart attack because of stress. How's this fair?

So of course they have no interest in educating people, otherwise this would stop. Look at our politicians, how many brilliant ones can you name? They would all brush toilets with toothbrushes if they would educate the people.

One of our politicians, Serban Nicolae from the most destructive political party Romania has ever seen (PSD), thinks that using your phone's flashlight costs you money. This is not a story, he stated this during a live, televised government meeting.

 

[jamescv7]

The war of cybersecurity is between the conflicted party, tools shown are instrument to inflict fear but actually it has direct attack to the target; not to the people.

Two logic should covered.

A) A typical person should aware on what is happening but not worry on what will happen, considering the fact no important details to be taken.

B) A high profile person will adjust on how he/she take habits online, by limiting itself to expose the identity or information.