Another covert information collection tool used by the CIA surfaces. It goes by the name ExpressLane. What is interesting is that the CIA exploits this aid to secretly exfiltrate biometric data. Furthermore, this is conducted against the liaison services of the U.S. Central Intelligence Agency (CIA).
The latest Vault 7 leak of the Wikileaks shows how CIA keeps a check over other intelligence agency around the globe. This supposedly includes the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and the Department of Homeland Security (DHS).
The Office of Technical Services (OTS) and Identity Intelligence Center (I2C) fall under the Directorate of Science and Technology of the CIA. Both the OTS and I2C are responsible for excavating data from target systems using cyber espionage.
Wikileaks have released the confidential documents of CIA marked as ‘Secret’, which has exposed this methodology. ExpressLane was developed to collect details from the companies, even without their permission
The biometric software of the ExpressLane enables it to discreetly copy the required data. It can later be disabled if the duped firm did not call for continued access.
The modus operandi of the ExpressLane tool is quite amusing. The OTS agents visit the liaison services claiming to upgrade the system. It connects a USB device for the same. But, the liaison officers keeping a watch over this procedure would not come not know of the simultaneous hack of the biometric data from their system.
This is because a fake Windows installation splash screen appears on the system. Behind this measure, the software for data exfiltration disguises itself. In the background, the compression, encryption and copying of the required biometric data into the USB drive takes place successfully. While the download process shows up for a specific time set by the agent.
The CIA can then extract this accumulated data with the help of ExitRamp utility. A Kill Date switch specifies the duration for which the software would operate. This is enabled at the time of installation and is set to 6 months as a default configuration.
ExpressLane also entitles the CIA to disable this Kill Date tool anytime. The firmware’s license expires if the OTS agent does not return within the stipulated time. Nonetheless, once the ExpressLane runs on the PC, the Kill Date extends.
Wikileaks also mentions that this software has been developed by Cross Match. This Florida-based company manufactures the core components of the cyber espionage tool.
The ExpressLane dubbed software was primarily designed for Windows XP systems. It might have, however, altered its functionality if it is still being run on other networks as well.