CIA’s ‘Star Wars’ Tools Can Snip Passwords And Intercept Information From Secure Systems

0
1041

As per the most recent WikiLeaks Vault7 release, the CIA can invade secure Windows and Linux systems to take passwords and keep an eye on information sent over networks. It additionally uncovers an individual from the CIA is a major Star Wars fan.

As it is, “BothanSpy” and “Gryfalcon” projects are intended to catch and ex-filtrate SSH (Secure Shell) protocol credentials. Once the CIA is accessible to SSH credentials on a given system, it enables it to perceive what passwords and usernames are being utilized. It also allows the CIA to get to information sent over the network right from individual messages to vital documents.



SSH is a protocol for functioning network services safely. It takes into consideration secure remote login starting with one PC then onto the next. It’s regularly utilized as a part of corporate systems or private companies for secure accessibility, transfer of files and overseeing PC systems.

In addition to this, BothanSpy is the CIA embed that targets the SSH customer program Xshell on Microsoft Windows.

As indicated by a secretive 2015 CIA report, BothanSpy is produced by the Engineering Development Group (EDG). This is the division in charge of making the CIA’s hacking instruments. Version1.0 was made in March 2015. It takes client credentials for all active SSH sessions, which could be usernames, passwords or information.

BothanSpy enables the CIA to save the stolen credentials in an encoded document to be removed later on, or it can ex-filtrate the stolen credentials to a server controlled by the organization. In this manner, the BothanSpy never touches the target system’s disk and therefore, it can’t be traced.

The document clarifies: 

“BothanSpy takes a very paranoid approach when collecting credential information. However, there is always some risk (no matter how small it may be) to using BothanSpy against an untested/unofficial version of Xshell.”



The maker of the BothanSpy client manual seems, by all accounts, to be a fan of the Star Wars franchise. As it is, Bothan are a species in Star Wars which steal data about the Death Star for the Rebel Alliance.

The manual components Star Wars references under ‘Known Issues’ and “Troubleshooting.”

Some of the issues stated are;

“It does not destroy the Death Star, nor does it detect traps laid by The Emperor to destroy Rebel fleets.”

In Troubleshooting, it states;

“I went to destroy the Death Star with the information obtained by BothanSpy, but The Empire’s entire Star Ship fleet warped in, and the shield generators are not down on the Death Star, what gives?”

The answer given is, “I told you it would be a trap, that’s on you.”

In addition to this, “Gryfalcon” targets Linux platforms for example, ubuntu and suse. Linux is viewed as a more secure platform, yet the CIA can infiltrate its system as well.

A user guide from November 2013 clarifies that it catches client logins, as well as it can “execute commands on behalf of the legitimate user.”



It is a library stacked onto the OpenSSH of Linux platforms and contains an application that packs, encodes and stores information in a document on the Linux platform.

A third party application is required to transfer the “captured keystrokes” and information from the Linux to a CIA listening post. A listening post is utilized to monitor gadgets hacked with the CIA’s malware inserts. They can be physical or virtual and put away on a CIA computer server.  Furthermore, Gyrfalcon is a sort of bird, and not inspired by Star Wars.

Leave a reply

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.