When we talk about cyber crime, we usually talk about things like phishing scams, malware, and other ways that attackers can gain access to your computer via some mistake that you’ve made. However, a recent WikiLeaks report has revealed another method that hackers — specifically, the CIA — have been using to gain access to your computer that you probably had little to nothing to do with: Your router.

Wired reports that the documents are the latest in a slow-drip leak that WikiLeaks has named “Vault7.” They reveal a complex setup that the CIA has created in order to exploit vulnerabilities in home routers from popular companies, including Linksys, D-Link, and Belkin.

According to the documents, CherryBlossom can run on 25 router models, with the potential to run on upwards of 100 more. Hacks on routers are virtually impossible to detect, due to the fact that there’s no interface that the consumer interacts with regularly, making home routers an excellent target for exploitation.

Here’s how it works:

The implant itself is called “CherryBlossom.” The very first move that the CIA makes is to run a tool called Claymore to scan your network. It can then gain access to your router either via an easy-to-guess password or through physical access to the router itself (which often has the default password printed on it). Some router models — including D-Link’s DIR-130 and Linksys’ WRT300N — can be infected even when they have a strong password: There’s an exploit code called Tomato that has the ability to extract passwords from those routers if they have the default “universal plug and play” feature enabled. The WikiLeaks papers mention another exploit code called “Surfside,” but it’s not clear how that one works.

Once they’ve gained access via one of the exploit codes, the CIA can install firmware that they’ve named “FlyTrap.” That firmware becomes a beacon, sending information back to a CIA server that’s nicknamed “CherryTree.” The initial information that FlyTrap sends to CherryTree includes device status and security information for that network.

Once CherryTree has that info, it sends back a “Mission,” which is a set of specific things that the CIA wants done to the infected router. Meanwhile, back in CIA headquarters, agents have their own browser-based user interface called “CherryWeb” that lets them view the status and security information of all of their FlyTraps, plan missions, view information about ongoing missions, and do system administration. All of the information sent back and forth between the FlyTrap and CherryTree is encrypted and disguised as an exchange of request/response for an image file.

So what information are they gathering? According to reporting by Ars Technica, the Missions cover everything from copying all or some internet traffic, email addresses, chat user names, and VoIP numbers. Some experts say that the vulnerabilities can be closed if people update their routers regularly, but that’s not a common customer behavior. That means that a lot of people will continue to be wide-open to hacking by the CIA.