--- begin forwarded text
----- Original Message -----
From: "Tommy Gober"
To: "Lee Keohan"
Sent: Sunday, January 21, 2001 13:05
Subject: Re: [utmf] D.I.R.T. & email problems
i heard about that (DIRT)... i also heard its just a big hoax. Most
anything of that nature will be shot down by the hacking community.
Kinda like Carnivore. but anytime you're ever suspicious of anything
"hacking" your system just drop by astalavista.box.sk and visit their
new0rder section... you can have the anti-hack in just a few
seconds... or goto eeye.com and get a copy of Retina Security
scanner... it'll tell you exactly what your computer is saying to
others and whether or not you're hackable. very nice tool to have if
you're worried about security.
D.I.R.T. in the News
Codex files 20 million dollar defamation suit
in U.S.Federal Court
pressrelease.txt
pressrelease.doc
CDSsuit.pdf
D.I.R.T. premieres June 5, 1998 at SpookTech98 in New York City
Network World - July 1998
DIRT Bugs Strike!
By Winn Schwartau
"Imagine being able to monitor and intercept data from any PC in the
world anytime you want.
Then DIRT's for you.
DIRT stands for Data Interception by Remote Transmission, and if
Codex Data Systems in Bardonia, New York has anything to say about
it, will become the next law enforcement tool to help stop the bad
guys.
The cops are having a terrifically hard time dealing with
cybercrime, and they all put on-line child pornography at the top of
the list because of the emotional response to it. Suspected
terrorists, drug traffickers, money launderers, are also potential
targets for DIRT as are various criminal organizations which employ
anonymity, remote control and encryption to hide themselves. DIRT
represents a fabulous, but questionably legal/ethical means of
information gathering by intelligence agencies as well as private
investigators.
Thus Frank Jones and Codex Data Systems begat DIRT. "We have to give
law enforcement the tools they need to get real criminals. So many of
them are now using encryption, DIRT allows law enforcement to read
encrypted messages."
DIRT operates surreptitiously like a Trojan Horse. It is transmitted
secretly to a target via email in several ways: either as a
proprietary protocol, self extracting executable, dummy segment
fault, hidden ZIP file, application specific weakness, macro, a
steganographic attachment or other methods the company's technical
wizard, Eric Schneider will not divulge.
Once the DIRT-Bug is successfully embedded in the target machine, two
things occur. One, all keystrokes at the keyboard are secretly
captured and when the target machine is connected on-line, it will
stealthily transmit the captured
contents to a remotely located DIRT-Control Central for analysis.
This is how encryption keys are to be discovered and later used to
develop evidence in criminal cases.
Secondly, when the target is on-line, his PC will invisibly behave
like an anonymous FTP server, giving the folks at DIRT-Control Center
100% access to all resources. So much for privacy!
Dave Banisar Staff Counsel at the Electronic Privacy Information
Center in Washington, DC. said DIRT "Sounds like something the Stasi
would have developed." The problem is enforcement and abuse he points
out. "The only way to control this technology is after the fact,
during the trial when the police have to show how they obtained
evidence."
When I first saw DIRT demonstrated in New York (June 5, 1998), I
thought, "What if this gets out to the entire Internet community.
what will happen if we no longer ever trust our email?"
The vast majority of computer crime goes unrecognized, unreported and
unprosecuted. Despite the fact that the use of DIRT or a DIRT-like
clone developed by the computer underground violates the Computer
Abuse Act of 1984 and an assortment of other laws, the ability to
control it remains extremely slim. And the uses for DIRT-like
software stagger the imagination.
All that someone with DIRT needs to know is your email address.
Period. All he has to do is send you an email, with the embedded
DIRT-Trojan Horse and he's home free, and you are a clueless victim.
Large organizations usually worry about hackers breaking and entering
their networks. Now they have reason to worry that DIRT-Bugs could
invade their networks as well; whether launched by an investigating
law enforcement authority, international competitors or spies, or
just hackers. The last thing in the world they want is for critical
workstations to be broadcasting passwords, encryption codes and
providing complete system access to whoever controls DIRT-Central.
Unfortunately, most firms with whom I deal have little implementation
of the minor policies they have developed. Thus, defending against
DIRT can be difficult. However, organizations which utilize NAT and
proxies in their firewalls achieve some degree of confidence that
DIRT's remote access capability will not function. Just the keyboard
strokes (and associated private information) will be broadcast to
DIRT-Central.
According to the developers at Codex Data Systems, if you are a
solitary PC sitting on a dial-up or a cable modem, there is nothing -
today - you can do except don't click on your email attachments. Of
course, ignoring email from strangers is always a good idea. But, if
I were a cop or a bad guy using DIRT, I would certainly go after your
home PC as well as the one at work. It's a whole lot easier, and I am
going to learn just as much.
With the advent of more and more powerful Trojans, such as DIRT
(which only occupies 20K), the threat to our networked systems gets
clearer and clearer. As Frank Jones, the inventor says, "There are no
more secrets with DIRT."
TechWeek - Sept. 1998
Beware the Keystroke Cops
by Sarah Ellerman
Getting DIRT on criminals
"There is another powerful tool for surreptitiously intercepting
data, but it is only available to law enforcement and the military.
Called DIRT (Data Interception and Remote Transmission), it was
released in June by Codex Data Systems, Inc. Investigators need only
know your e-mail address to secretly install the program. Once they
do, investigators can read your documents, view your images, download
your files and intercept your encryption keys. DIRT was developed to
assist law enforcement in pedophilia investigations, but future uses
could include drug investigations, money laundering cases and
information warfare.
How is DIRT different from Back Orifice? The sale of DIRT is
restricted, while Back Orifice is
free for the downloading. Also, there are already fixes available for
Back Orifice, but no way yet to defend against DIRT. "
Most feel secure when they encrypt their data, but it's an illusion
of comfort if a keystroke monitor is involved. DIRT defeated Pretty
Good Privacy in a matter of minutes at a recent conference simply by
stealing the user's key as it was typed in."
Internet & Intranet Business & Technology Report - Oct. 1998
D.I.R.T. - The Ultimate Competitive Intelligence Tool by Deb Cameron
"Codex Data Systems, Inc. of New York has created Data Interception
for Remote Transmission (DIRT), a surveillance tool designed for law
enforcement professionals. DIRT is similar to BO in some respects,
but it is smaller (less than 18K versus 120K for BO) and yet more
stealthy. It runs as a much lower level process and is virtually
undetectable. In addition, it cannot be stopped by firewalls.
DIRT was originally developed to aid in the investigation of child
pornographers and other isolated criminals using standalone PCs. By
becoming a spy in the user's computer, the law enforcement official
can gather needed evidence to successfully prosecute a criminal case.
Frank Jones, creator of DIRT, surveyed the market for computer
surveillance tools to aid law enforcement professionals. When he
found no suitable products, he began developing DIRT, which he
continues to enhance.
DIRT logs all keystrokes on the target workstation and transmits them
the next time that system is online. Because users type in their
encryption pass phrases at the keyboard, which are then transmitted
via DIRT, the product helps law enforcement officials decrypt
documents and provides them with substantial evidence for criminal
investigations. All DIRT communications are encrypted on their way
back to the DIRT Control Center, protecting them in case they are
intercepted by a random system administrator.
In the latest version of DIRT, the agency need not send the software
as an e-mail message at all; the law enforcement agency needs only
the e-mail address or the IP address of the target system. (At the
very least, the variety of techniques described here should make
users wary of dismissing the idea that a third party could install
software without their knowledge.)
DIRT currently runs on Windows 95, 98, and NT systems and a Unix
version is being developed. Only qualified law enforcement agencies
can purchase DIRT; furthermore, Codex currently sells the software
only to U.S. law enforcement agencies.
Jones emphasizes that surreptitious surveillance tools, such as Back
Orifice and keystroke logging facilities, are illegal to develop or
possess in the United States, according to U.S. code 2512. These
tools are illegal even if they are used by network administrators
unless each end user explicitly agrees to the monitoring.
DIRT is legal because it is a law enforcement tool that can only be
sold to law enforcement agencies. DIRT itself is not a threat to the
average corporate network, but the knowledge that such a tool exists
should make users consider whether their networks are secure.
Security is clearly a relative term, and organizations ignore
security issues at their own risk."
Detailed Info & Pricing on D.I.R.T. ?
Sale of this technology is restricted to military, government and law
enforcement agencies only... For additional information we require a
written request on official letterhead signed by an authorized
official...
Codex Data Systems, Inc. will be happy to provide a demonstration to
any authorized agency
Codex Data Systems, Inc.
167 Route 304
Bardonia, New York 10954 USA
Tel: 914-627-0011
Fax: 914-627-0211
--
--
Robert Guerra , Fax: +1(303) 484-0302
WWW Page http://pgp.greatvideo.com, ICQ # 10266626
PGPKeys http://pgp.greatvideo.com/keys/rguerra/
