The Truth about "Cherry Blossom" - Wikileaks Vault 7 - Top 5 Wifi Hacks - Solutions Via AnonOps

in cherryblossom •  8 years ago 

The Truth about "Cherry Blossom" - Wikileaks Vault 7 - Top 5 Wifi Hacks - Solutions Via AnonOps

In this video I go over the newest Wikileaks release of #CherryBlossom which shows their ability to hack almost any Wifi Router. They have the ability to take over complete system admin control to any device that is connected to their malicious wifi router using a Man in the Middle Attack.

Wikileaks Release: https://wikileaks.org/vault7/releases/#Cherry%20Blossom

Full Wikileaks Vault7 #CherryBlossom Release Statement:

Today, June 15th 2017, WikiLeaks publishes documents from the CherryBlossom project of the CIA that was developed and implemented with the help of the US nonprofit Stanford Research Institute (SRI International).

CherryBlossom provides a means of monitoring the Internet activity of and performing software exploits on Targets of interest. In particular, CherryBlossom is focused on compromising wireless networking devices, such as wireless routers and access points (APs), to achieve these goals. Such Wi-Fi devices are commonly used as part of the Internet infrastructure in private homes, public spaces (bars, hotels or airports), small and medium sized companies as well as enterprise offices. Therefore these devices are the ideal spot for "Man-In-The-Middle" attacks, as they can easily monitor, control and manipulate the Internet traffic of connected users. By altering the data stream between the user and Internet services, the infected device can inject malicious content into the stream to exploit vulnerabilities in applications or the operating system on the computer of the targeted user.

The wireless device itself is compromized by implanting a customized CherryBlossom firmware on it; some devices allow upgrading their firmware over a wireless link, so no physical access to the device is necessary for a successful infection. Once the new firmware on the device is flashed, the router or access point will become a so-called FlyTrap. A FlyTrap will beacon over the Internet to a Command & Control server referred to as the CherryTree. The beaconed information contains device status and security information that the CherryTree logs to a database. In response to this information, the CherryTree sends a Mission with operator-defined tasking. An operator can use CherryWeb, a browser-based user interface to view Flytrap status and security info, plan Mission tasking, view Mission-related data, and perform system administration tasks.

Missions may include tasking on Targets to monitor, actions/exploits to perform on a Target, and instructions on when and how to send the next beacon. Tasks for a Flytrap include (among others) the scan for email addresses, chat usernames, MAC addresses and VoIP numbers in passing network traffic to trigger additional actions, the copying of the full network traffic of a Target, the redirection of a Target’s browser (e.g., to Windex for browser exploitation) or the proxying of a Target’s network connections. FlyTrap can also setup VPN tunnels to a CherryBlossom-owned VPN server to give an operator access to clients on the Flytrap’s WLAN/LAN for further exploitation. When the Flytrap detects a Target, it will send an Alert to the CherryTree and commence any actions/exploits against the Target. The CherryTree logs Alerts to a database, and, potentially distributes Alert information to interested parties (via Catapult).

(Source)

Top 5 Public Wifi Hack Attacks & Defense Solutions from AnonOps Covered:

Hacker News Cherry Blossom Article that i went over in the film: https://thehackernews.com/2017/06/cia-wireless-router-hacking-tool.html

I also cover the top 5 hack attacks using public wifi: http://www.makeuseof.com/tag/5-ways-hackers-can-use-public-wi-fi-steal-identity/

I go over Man in the Middle Attacks, using Fake Wifi Connections, packet sniffing, sidejacking and "shoulder surfing". See article above for more or watch the video!

Lastly I cover the Anonymous secret security handbook lulz, here is the link: https://newblood.anonops.com/security.html

If you wish to join #AnonOps or #OpNewBlood go here: https://newblood.anonops.com/basics.html

Defango Video I mentioned: Video Link

Please Enjoy My YouTube Film:

This Video is Also Available on Alternative Video Platforms (Vote with Your Views):

Alternate Platforms:

  1. @BitChute: https://www.bitchute.com/video/KpH2qAN3mNw/
  2. Vid.Me: https://vid.me/uWOr
Help me out by up-voting and re-steeming this and or by making me an Independent Journalist by funding me on Patreon with monthly support. My Patreon

Don't forget to follow me @TitusFrost for more of my work coming in the near future...


You can also connect with me on:

  1. My Patreon
  2. Titus Frost YouTube
  3. Lulz Machine YouTube
  4. Twitter: @ImperatorTruth (When I am not suspended)
  5. FedBook: "The Lost Truth"
  6. Minds.com: "TitusFrost"
  7. My Vid.Me Channel
  8. My Published Book: "The Lost Truth"
  9. Gab.ai: TitusFrost
  10. BitChute
  11. Check out my book on OpenLibrary
  12. Read my Book The Lost Truth for Free online

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

they have been using this kind of approach for a long time - along with the non military hackers too. it's useful to have the leaked documents to demonstrate to everyone else that this is the case though, for sure.

Good post @titusfrost i'm following you please follow me and give me upvoted

thank you for sharing

Great post can't wait for the next !