conference logo

Playlist "36C3: Resource Exhaustion"

Harry Potter and the Not-So-Smart Proxy War

Jos Wetzels

In this talk we will take a look at the 'Vault 7' Protego documents, which have received very little attention so far, and challenge the assertion that Protego was a 'suspected assassination module for [a] GPS guided missile system ... used on-board Pratt & Whitney aircraft' based on system block diagrams, build instructions and a few interesting news items. In addition, we will discuss hypothetical weaknesses in systems like it.

In March 2017, WikiLeaks published the 'Vault 7' series of documents detailing 'cyber' activities and capabilities of the United States' Central Intelligence Agency (CIA). Among a wide variety of implant & exploit frameworks the final documents released as part of the dump, related to a project code-named 'Protego', stood out as unusual due to describing a piece of missile control technology rather than CNO capabilities. As a result, these documents have received comparatively little attention from the media and security researchers.

While initially described by WikiLeaks as a 'suspected assassination module for [a] GPS guided missile system ... used on-board Pratt & Whitney aircraft', a closer look at the documents sheds significant doubt on that assertion. Instead, it seems more likely that Protego was part of an arms control solution used in covert CIA supply programs delivering various kinds of weapons to proxy forces while attempting to counteract undesired proliferation.

In this talk we will take a look at the Protego documents and show how we can piece quite a bit of information together from a handful of block diagrams, some build instructions and a few news articles.

Finally, we will discuss the potential weaknesses of such 'lockdown' systems which have been proposed for and are deployed in everything from theft prevention solutions and livestock management to firearms control and consumer UAVs.