CIA Uses ‘CouchPotato’ To Record Video Streams From Security Cameras #Vault7

CIA hacking tool.
Original Image: ++/Flickr

Short Bytes: Wikileaks’ second leak in the month of August is a CIA hacking tool called CouchPotoato which dates back to 2014. The tool can be controlled using the command line to extort footage from RTSP/H.264 video streams, mostly used for security cameras, and save them on a disk.

We have seen a considerable amount of CIA hacking stuff as a part of Wikileaks’ Vault7. Leaving no stone unturned, tools have been designed for various platforms, be it Windows, Linux, MacOS, Android, or some other hardware.

As per the new release by Wikileaks, CouchPotato is an alleged CIA hacking tool that can be used to secretly record H.264 videos streamed over the internet or a private network using RTSP protocol. The captured data is saved on a disk in the form of an AVI file.

Also, the tool can take snapshots from an ongoing video stream or capture a series of screenshots having significant changes and save them as JPEG images. An operator can issue instructions using the command line.

According to the leaked documents, CouchPotato leverages a modified version of FFmpeg – an open source library for encoding and decoding various audio/video formats. Many of the unwanted codecs and features have been stripped to reduce the size of the tool.

The tool only requires the URL of the video stream to sniff the data. Thus, it eliminates the need to compromise a network. In the case of restricted networks, the CouchPotato can be initiated from within the network.

The H.264 codec and RTSP protocol in the story are used for streaming media, like movies and other video content, over the internet. A well-known application is in the case of surveillance cameras. So, CouchPotato might have been designed to extract footages from such devices saving video streams to some storage over the internet or inside some private network.


The leaked documents also describe some shortcomings of the alleged CIA hacking tool. One of the significant issues observed is high CPU usage which was somewhere between 50% to 70% during the internal tests on a Windows 7 64-bit virtual machine.

There have been several years since the tool came into existence, the leaked user guide dates back to February 2014. CouchPotato is another addition to Wikileaks’ Vault7 series, under which they are publicizing CIA-related tools almost every week.

You can read the documents related to CouchPotato using this link.

If you have something to add? Drop your thoughts in the comments.

Find our complete Vault7 coverage here!

Aditya Tiwari

Aditya Tiwari

Aditya likes to cover topics related to Microsoft, Windows 10, Apple Watch, and interesting gadgets. But when he is not working, you can find him binge-watching random videos on YouTube (after he has wasted an hour on Netflix trying to find a good show). Reach out at [email protected]
More From Fossbytes

Latest On Fossbytes

Find your dream job