Jump to content

Here's How CIA Spies On Its Intelligence Liaison Partners Around the World


Recommended Posts



WikiLeaks has just published another Vault 7 leak, revealing how the CIA spies on their intelligence partners around the world, including FBI, DHS and the NSA, to covertly collect data from their systems.

The CIA offers a biometric collection system—with predefined hardware, operating system, and software—to its intelligence liaison partners around the world that helps them voluntary share collected biometric data on their systems with each other.

But since no agency share all of its collected biometric data with others, the Office of Technical Services(OTS) within CIA developed a tool to secretly exfiltrate data collections from their systems.

Dubbed ExpressLane, the newly revealed CIA project details about the spying software that the CIA agents manually installs as part of a routine upgrade to the Biometric system.

The leaked CIA documents reveal that the OTS officers, who maintain biometric collection systems installed at liaison services, visit their premises and secretly install ExpressLane Trojan while displaying an "upgrade Installation screen with a progress bar that appears to be upgrading the biometric software."

"It will overtly appear to be just another part of this system. It’s called: MOBSLangSvc.exe and is stored in \Windows\System32," leaked CIA documents read. 

"Covertly it will collect the data files of interest from the liaison system and store them encrypted in the covert partition on a specially watermarked thumb drive when it is inserted into the system."

ExpressLane includes two components:

  • Create Partition — This utility allows agents to create a covert partition on the target system where the collected information (in compressed and encrypted form) will be stored.

cia hacking tool

  • Exit Ramp — This utility lets the agents steal the collected data stored in the hidden partition using a thumb drive when they revisit.
cia hacking tools

The latest version ExpressLane 3.1.1 by default removes itself after six months of the installation in an attempt to erase its footprints, though the OTA officers can change this date.
The biometric software system that CIA offers is based on a product from Cross Match, a US company specialized in biometric software for law enforcement and the intelligence community, which was also used to "identify Osama bin Laden during the assassination operation in Pakistan."

Link to comment
Share on other sites

  • Replies 5
  • Views 1.1k
  • Created
  • Last Reply

Why did CIA create a bogus software upgrade? To steal data from FBI, NSA

The CIA didn't trust its security service partners to share biometric information with it, so it created a bogus software upgrade to steal the data.


The data-stealing Trojan was created as part of a CIA project called ExpressLane, a piece of software installed by CIA Office of Technical Service (OTS) agents under the guise of upgrading the CIA's biometric collection system. 


This biometric system is installed at the 'liaison services' or partners such as the NSA, Department of Homeland Security, and the FBI, according to WikiLeaks, which released the ExpressLane documents as part of its Vault 7 collection. 


The CIA installed the biometric system at partner offices around the world and expected them to voluntarily share biometric data with the CIA.


Just in case they didn't, it installed ExpressLane to "verify that this data is also being shared with the Agency." It also had a feature to cut-off the liaison's access to the system if it didn't provide the CIA with access. 


"The systems are provided to Liaison with the expectation for sharing of the biometric takes collected on the systems. Some of these biometric systems have already been given to the Liaison services. OTS/i2c plans to revisit these sites with the cover of upgrading the biometric software to perform a collection against the biometric takes," it noted in one document. 


So that OTS agents could install the Trojan in the presence of partner agents, ExpressLane included a "splash screen with a progress bar" to look like an authentic Windows install. 

OTS agents would install the software with a USB stick and could set the installation time of the update as well as a kill date before visiting the target. 

Once installed the Trojan collects relevant files and stores them in a secret partition on a specially watermarked thumb drive that an OTS agent inserts during a subsequent maintenance visit.


The biometric system itself was provided by US identity management firm CrossMatch. It specifically didn't want the update to reference CrossMatch software. 


It's unlikely this specific version of ExpressLane is still supported given the documents are dated 2009 and describe functionality for Windows XP. 


Link to comment
Share on other sites

only happens in the great nation USA

why am I not surprised?


Link to comment
Share on other sites

2 hours ago, humble3d said:

Does anyone remember a Mad Magazine cartoon titled SPY VS. SPY ?  :lol:

Yes indeed, I do remember.  I guess only us senior citizens will be able to remember.  Most members of this forum were not even born when it was published.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...