WikiLeaks isn’t done exposing the CIA’s arsenal of hacking tools used to infiltrate computer systems around the globe. Last month, we told you about Weeping Angel, which targeted select Samsung Smart TVs for surveillance purposes. Today, we’re learning about Archimedes, which attacks computers attached to a Local Area Network (LAN).
Although we have no way of knowing whether Archimedes is still in use by the CIA, the details of how it is unleashed on unsuspecting parties has been revealed in full. In its teaser announcing the exploit, WikiLeaks writes, “It allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA.
Fulcrum uses ARP spoofing to get in the middle of the target machine and the default gateway on the LAN so that it can monitor all traffic leaving the target machine. It is important to note that Fulcrum only establishes itself in the middle on one side of the two-way communication channel between the target machine and the default gateway. Once Fulcrum is in the middle, it forwards all requests from the target machine to the real gateway.
Archimedes can be deployed on machines running Windows XP (32-bit), Windows Vista (64-bit) and Windows 7 (64-bit) operating systems. The CIA documentation also says that the binaries required for Archimedes/Fulcrum will “run on any reasonably modern x86-compatible hardware”.