The Vault 7 leaks have exposed a bunch of tricks from CIA’s books. Well, seriously speaking the leak details how the CIA is building a surveillance system that encompasses advanced tools, hackers, and state of the art technology. Amidst all the WikiLeaks dump of CIA Hacking Tools, one that grabs my attention is the Fine Dining, the name sounds like a gastronomic delight but it isn’t, in fact, it’s quite the opposite.
Fine Dining attacks to hijack DLL files
Fine Dining is referred to a project whose purpose is to provide CIA field agents who already have insider access to a target organization with decoy versions of hacked app that will put a blanket on their sniffing efforts which will include tools running in the background as well. The list of apps that figures out in the list will leave you aghast.
The decoy apps include clones of VLC Player Portable, IrfanView, Chrome Portable, Opera Portable, Firefox Portable, ClamWin Portable, Kaspersky TDSS Killer Portable, McAfee Stinger Portable, Sophos Virus Removal Tool, Thunderbird Portable, Opera Mail, Foxit Reader, Libre Office Portable, Prezi, Babel Pad, Notepad++, Skype, Iperius Backup, Sandisk Secure Access, U3 Software, 2048, LBreakout2, 7-Zip Portable and Portable Linux CMD Prompt.
Reports have been pointing towards a vulnerability called DLL hijacking in the app. The fine dining attack alters each of the apps and the modified app is then handed over to the field agent. The technique involves adding or subtracting a DLL for each app and thus its called “DLL hijack.” Ideally, the DLL’s are protected in a computer and are not easily subjected to unauthorized modification however in this case the agents introduce their apps from outside and run it at will.http://www.thewindowsclub.com/dll-hijacking
Yet another noteworthy aspect of this entire exercise is hiding behind the curtains in style, yes the CIA could instead clone the entire programs or they could even install the apps themselves with admin apps but the DLL hijacking is a smoother and more effortless alternative as opposed to the others. Thanks to the elegance of the modus operandi the method is often referred to as Fine Dine.
Read more on wikileaks.org.
Related read: Old WikiLeaks post detailing how to skip Windows Activation surfaces.