Belkin, D-Link, Linksys On Compromised CIA Router List


It can know a device's make and model and find which wireless routers can be hacked. The command-and-control server that receives the data collected by FlyTrap is codenamed CherryTree. The objective of the initiative is to replace a router's firmware with a CIA-modified version known as FlyTrap. The beaconed information contains device status and security information that the CherryTree logs to a database.

Further, CherryBlossom would allow the Central Intelligence Agency to detect when a person is using their home network and divert the user's traffic through predetermined servers. Tasks for a Flytrap include (among others) the scan for email addresses, chat usernames, MAC addresses and VoIP numbers in passing network traffic to trigger additional actions, the copying of the full network traffic of a Target, the redirection of a Target's browser (e.g., to Windex for browser exploitation) or the proxying of a Target's network connections.

"These devices are the ideal spot for "Man-In-The-Middle" attacks, as they can easily monitor, control and manipulate the Internet traffic of connected users".

Following a partial Vault 7 document release earlier this year, the team at WikiLeaks has been continuing to mine the remaining files for items of interest.

If the Central Intelligence Agency installs it, an agent monitoring the traffic through that router will be able to pick up information such as a person's passwords. Apple is not on the list, but it's unclear how many other devices might have been targeted after these documents were created.

"As of August 2012, CB-implanted firmwares can be built for roughly 25 different devices from 10 different manufacturers, including Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao, and US Robotics", according to the leaked manual. There are no shortage of router models that can be exploited with Cherry Blossom-one of the documents lists over 200 router models, though many of them are older units.