Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

Elsa User Manual.doc
1
SECRET//NOFORN
1. (U) Scope
(S) This document establishes the User Manual for ELSA v1.0.
1.1 (U) System Overview and Description
(S) ELSA is a software system that geolocates wifi-enabled computers. Elsa provides
pattern of life geolocation information by recording the details of wifi access points near
the target machine and transmitting that metadata to 3
rd
Party databases for resolution
into latitude, longitude and an accuracy measure. These 3
rd
party databases exist to
support location services in the Firefox, Chrome and Internet Explorer browsers
according to the w3c specification. ELSA uses HTTPS connections to query these 3
rd
party services and saves its data into a 128 bit AES encrypted file.
D. 3
rd
Party Database
A. Operator Terminal
C. Wifi Access Points
B. Windows Target
B. Windows Target
2
1
3
5
4
6
Figure 1 - (S) Operational scenario for Elsa
(S) See Figure 1 above for a typical operational scenario. As shown, the Elsa software
system consists of two major components. First, the processing component (A. Operator
Terminal) will typically reside on an operator’s ICON attack box. Second, the implant (B.
Windows Target) will typically be deployed on a target Windows host. Elsa can either
directly resolve locations from the 3
rd
party database (D. 3
rd
Party Database), or
optionally return unresolved wifi data to the operator terminal so that it can be resolved
from there.

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh