Skip to content

The CIA has been hacking dozens of Wi-Fi routers and using them as covert listening points for at least a DECADE, leaked documents reveal


Leaked CIA documents have revealed the agency has been hacking people’s Wi-Fi routers and using them as covert listening points.

Infected routers are used to spy on the activity of internet-connected device, according to decade-old secret documents leaked on Thursday by Wikileaks.

Home routers from 10 US manufacturers, including Linksys, DLink, and Belkin, have been used by the CIA to monitor internet traffic.

Wikileaks released the entire 175-page CIA user manual for the implant, which is codenamed ‘CherryBlossom’.


In total, the manual says that the firmware runs on 25 router models, but could run on more than 100 with minor modifications.


‘The Cherry Blossom (CB) system provides a means of monitoring the internet activity of and performing software exploits on targets of interest,’ the document reads.

‘In particular, CB is focused on compromising wireless networking devices, such as wireless (802.11) routers and access points (APs), to achieve these goals.’

The firmware is especially effective against some D-Link-made DIR-130 and Linksys-manufactured WRT300N models because they can be remotely infected even if they have a strong administrator password.

An exploit codenamed ‘tomato’ can extract passwords from these routers if a default feature known as universal plug and play is left on.

Missions tasks include copying some or all of the user’s internet traffic, email exchanges and private chat usernames.

All exchanges between the Flytrap and device and the CIA’s CherryTree server are encrypted and and cryptographically authenticated.

The documents date back to 2007, meaning the agency has been using the Wi-Fi hack for at least a decade.


Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: