TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

How CIA used Fine Dining attack to hijack DLL files

The Vault 7 leaks have exposed a bunch of tricks from CIA’s books. Well, seriously speaking the leak details how the CIA is building a surveillance system that encompasses advanced tools, hackers, and state of the art technology. Amidst all the WikiLeaks dump of CIA Hacking Tools, one that grabs my attention is the Fine Dining, the name sounds like a gastronomic delight but it isn’t, in fact, it’s quite the opposite.

wikileaks

Fine Dining attacks to hijack DLL files

Fine Dining is referred to a project whose purpose is to provide CIA field agents who already have insider access to a target organization with decoy versions of hacked app that will put a blanket on their sniffing efforts which will include tools running in the background as well. The list of apps that figures out in the list will leave you aghast.

The decoy apps include clones of VLC Player Portable, IrfanView, Chrome Portable, Opera Portable, Firefox Portable, ClamWin Portable, Kaspersky TDSS Killer Portable, McAfee Stinger Portable, Sophos Virus Removal Tool, Thunderbird Portable, Opera Mail, Foxit Reader, Libre Office Portable, Prezi, Babel Pad, Notepad++, Skype, Iperius Backup, Sandisk Secure Access, U3 Software, 2048, LBreakout2, 7-Zip Portable and Portable Linux CMD Prompt.

Reports have been pointing towards a vulnerability called DLL hijacking in the app. The fine dining attack alters each of the apps and the modified app is then handed over to the field agent. The technique involves adding or subtracting a DLL for each app and thus its called “DLL hijack.” Ideally, the DLL’s are protected in a computer and are not easily subjected to unauthorized modification however in this case the agents introduce their apps from outside and run it at will.http://www.thewindowsclub.com/dll-hijacking

Yet another noteworthy aspect of this entire exercise is hiding behind the curtains in style, yes the CIA could instead clone the entire programs or they could even install the apps themselves with admin apps but the DLL hijacking is a smoother and more effortless alternative as opposed to the others. Thanks to the elegance of the modus operandi the method is often referred to as Fine Dine.

Read more on wikileaks.org.

Related read: Old WikiLeaks post detailing how to skip Windows Activation surfaces.

Updated on Tags:

MahitHuilgol@TWC

Mahit Huilgol has been using Windows on PC and Mobile since long. He has been following Microsoft developments from close quarters and loves writing about it.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap