UNM4SK3D: CIA, Dragonfly 2.0, and Siri

September 8, 2017 | Views: 2948

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here


As expected, Wikileaks has added yet another leak to the Vault 7 collection, one that leaves Harry Potter fans speculating. This time, rather than being a hacking tool or surveillance method focused leak, this project focuses on a Missile Control System, complete with blueprints. 

‘Project Protego’ as it’s called, is a PIC-based missile control system installed onboard a Pratt and Whitney Aircraft (PWA). It has the ability to hit air-to-air and air-to-ground targets using its’ missile launch system. Four secret documents, along with “37 related documents (proprietary hardware/software manuals from Microchip Technology Inc),” detail system design, configuration and Protego structure images. These documents also suggest that “all micro-controller units exchange data and signals over encrypted and authenticated channels.” The missile will only launch, however, when the Master Processor (MP) receives three valid signals.

While there is no confirmation as to why this project was included in the repositories belonging to the CIA’s Engineering Development Group, now in possession by Wikileaks, but it was noted that Protego was developed in partnership with one of a major defense contractor, Raytheon. You may recall Raytheon as the agency hired by the CIA for analyzing advanced malware and hacking techniques used in the wild by hackers and cyber criminals. Individuals have speculated that the name of the project, ‘Protego’ specifically, derives from the magical Shield Charm used in the Harry Potter movies, meaning the objective of this missile control system could be to defend something secret (a facility or base), from external physical attacks. Mischief managed?

The missile system has micro-controllers for the missile itself (‘Missile Smart Switch’, MSS), the tube (‘Tube Smart Switch’, TSS) and the collar (which holds the missile before and at launch time). -Wikileaks

Want to get caught up on last week’s Vault 7 leak? Read the September 1st edition of UNM4SK3D for details.


It appears ‘Dragonfly,’ a well-resourced, Eastern European hacking group has reemerged on the cyber scene, this time with the campaign ‘Dragonfly 2.0,’ meaning a potential ‘lights out’ for the United States and European energy sectors.

Over the past couple years, Dragonfly has been responsible for sophisticated cyber-espionage campaigns against the critical infrastructure of energy companies across the globe. Back in 2014, reports circulated about the group’s ability to mount sabotage operations against petroleum pipeline operators, electricity generation firms and other Industrial Control Systems (ICS) equipment providers in the energy sector. Now, researchers from Symantec are warning on their new 2.0 campaign, saying “the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so.”

Although Symantec researchers did not find any evidence of the use of zero day vulnerabilities, researchers did find the group utilizing publically available administration tools like PowerShell, PsExec, and Bitsadmin, which makes attribution more difficult. In their latest report, Symantec outlines many of Dragonfly’s activities including: targeting the critical energy sectors in the U.S., Turkey, and Switzerland, using a toolkit called Phishery to perform email-based attacks that host template injection attack, and spreading malware that involves multiple remote access Trojans masquerading as Flash updates called Backdoor.Goodor, Backdoor.Dorshel and Trojan.Karagany.B. Attacks against energy grids are not new, but the resurfacing of this threatening group is a terrifying reminder of the threat looming in the ‘dark.’

The Dragonfly 2.0 campaigns show how the attackers may be entering into a new phase, with recent campaigns potentially providing them with access to operational systems, access that could be used for more disruptive purposes in future. -Symantec

Get further insight on Dragonfly 2.0 in this post from Tripwire.


“Siri, browse the Dark Web.” This could be the command a hacker gives to the virtual assistant on your phone, leaving your device open to being manipulated, a team of security researchers from China’s Zhejiang University reports. Looks like it may be time to revert back to flip phones. 

The researchers have discovered a cunning new way of activating your voice recognition systems without uttering a word, allowing hackers to make calls, send text messages, and browse malicious websites on the Internet without user permission. This tactic is made possible by exploiting a security vulnerability that is common across all major voice assistants. Lovingly named the ‘DolphinAttack,’ this technique works by feeding the AI assistants (Siri, Alexa, etc.) commands in ultrasonic frequencies. These frequencies are too high for humans to hear but are audible to the microphones on smart devices. Using ‘DolphinAttack,’ criminals can ‘silently’ whisper into your smartphones to hijack the voice assistants, and forcing them to execute tasks even if you have lock features installed.

In the researcher’s experiment testing this technique, they “first translated human voice commands into ultrasonic frequencies (over 20 kHz), then simply played them back from a regular smartphone equipped with an amplifier, ultrasonic transducer and battery—which costs less than $3.” The malicious capabilities possible range from visiting a malicious website and spying to injecting fake information, DOS attacks, and concealing attacks. Perhaps most terrifying, The Hacker News reports,”the attack works on every major voice recognition platform, affecting every mobile platform including iOS and Android. So, whether you own an iPhone, a Nexus, or a Samsung, your device is at risk.” Not to mention that the voice commands can be accurately “interpreted by the speech recognition (SR) systems on all the tested hardware” and work even if the hacker does not have direct access to your device.

DolphinAttack voice commands, though totally inaudible and therefore imperceptible to [a] human, can be received by the audio hardware of devices, and correctly understood by speech recognition systems. -Zhejiang University researchers

This isn’t the first time audio capabilities have been under attack. Dubbed “Speake(a)r,” the malicious code is able to hijack a computer to record audio even when its’ microphone is disabled or completely disconnected from the computer. Dive into this previous edition of ‘UNM4SK3D‘ for more.


CyberDegrees.org, a Washington, D.C.-based publisher of informational websites on higher education, has ranked the top 20 schools for cybersecurity, based on subject expertise, scholarship opportunities, and designation as a national security agency national center of academic excellence in cyber defense. Purdue University received the top ranking. 


Olivia Lynch (@Cybrary_Olivia) is the Marketing & Communications Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. why charge people when you say you are trying to give a free course??any way, use parrot os for linux heres the url address.https://www.parrotsec.org/
    i use parrot because its linux and it has a bunch of user rerady tools too heep yourself safe and untracable.

  2. vvh57’5 +h3 |001n7 0|: +|-|15 5173??

  3. Thanks for the Raytheon mention.

  4. i read a lot of these articles; they’re one of the best things(that i regularly use) about this site, but i don’t even get what these cybytes do, exactly. why is it asking me to tip a person who works for the website? also, the dude who does the comptia a+ teaching is terrible but i dk where i’m supposed to tell anyone. i tried starting posts but they get deleted. the dude constantly stops mid sentence and starts talking about something new, he flails his hands & arms around, he never seems to have anything he needs on hand, he must have done every single video in a single take, and again, the jumping around from subject to subject mid sentence is very difficult to follow. i’m only about 1/2 way through it, but i’m constantly having to go elsewhere to read up on the lessons because they can not be fully understood by the videos here on cybrary alone. i was very happy when i found this site and i really hope other courses aren’t the same way. i started a few others, just to see what they were like, and they didn’t seem to be as poorly prepared or hastily put together. is there any chance cybrary will re-do the course any time soon?

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?