WikiLeaks Exposes CIA ExpressLane Spying Tool That Allegedly Steals Data From The NSA And FBI

WikiLeaks, the non-profit organization that publishes secret information provided by anonymous sources, released details about a tool that was used by the United States Central Intelligence Agency (CIA) to ensure that other government intelligence agencies were sharing the biometric information they collected. That includes the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Department of Homeland Security (DHS).

That's right, the CIA has (or had) a tool to spy on the government's spy agencies. The tool is called ExpressLane and it would be installed and run under the cover of upgrading the biometric software by intelligence officials who visit liaison sites. ExpressLane could also be dumped onto a system provided by the CIA to its partners prior to deployment, or doled out as a software update.

Image Source: Flickr (Phillip Sidek)

"The OTS (Office of Technical Services), a branch within the CIA, has a biometric collection system that is provided to liaison services around the world— with the expectation for sharing of the biometric takes collected on the systems. But this 'voluntary sharing' obviously does not work or is considered insufficient by the CIA, because ExpressLane is a covert information collection tool that is used by the CIA to secretly exfiltrate data collections from such systems provided to liaison services," WikiLeaks explains.

In other words, the CIA either discovered that other agencies were holding back biometric data they collected, or it wanted to safeguard against the possibility of this happening. Either way, it is interesting to discover that government agencies used cyber spying tools on each other.

ExpressLane was designed to evade detection by appearing as just another part of the system. It would hide in plain site within the Windows\System32 directory as MOBSLangSvc.exe.

"It will covertly collect the data files of interest from the liaison system and store them compressed and encrypted in the covert partition on a specially watermarked thumb drive when it is inserted into the system. Additionally, it manages a 'kill date' to disable the software by corrupting a specific configuration file associated with the software," the documentation reads.

This is the latest leak to come from Vault 7, the name WikiLeaks has given to collection of documents outlining the CIA's hacking tools. WikiLeaks has been releasing these documents at a clip of about one per week or every other week.