DIRT Bugs Strike! ----------------- By Winn Schwartau Network World - July 1998 Imagine being able to monitor and intercept data from any PC in the world anytime you want. Then DIRTs for you. DIRT stands for Data Interception by Remote Transmission, and if Codex Data Systems in Bardonia, New York has anything to say about it, will become the next law enforcement tool to help stop the bad guys. The cops are having a terrifically hard time dealing with cybercrime, and they all put on-line child pornography at the top of the list because of the emotional response to it. Suspected terrorists, drug traffickers, money launderers, are also potential targets for DIRT as are various criminal organizations which employ anonymity, remote control and encryption to hide themselves. DIRT represents a fabulous, but questionably legal/ethical means of information gathering by intelligence agencies as well as private investigators. Thus Frank Jones and Codex Data Systems begat DIRT. "We have to give law enforcement the tools they need to get real criminals. So many of them are now using encryption, DIRT allows law enforcement to read encrypted messages." DIRT operates surreptitiously like a Trojan Horse. It is transmitted secretly to a target via email in several ways: either as a proprietary protocol, self extracting executable, dummy segment fault, hidden ZIP file, application specific weakness, macro, a steganographic attachment or other methods the companys technical wizard, Eric Schneider will not divulge. Once the DIRT-Bug is successfully embedded in the target machine, two things occur. One, all keystrokes at the keyboard are secretly captured and when the target machine is connected on-line, it will stealthily transmit the captured contents to a remotely located DIRT-Control Central for analysis. This is how encryption keys are to be discovered and later used to develop evidence in criminal cases. Secondly, when the target is on-line, his PC will invisibly behave like an anonymous FTP server, giving the folks at DIRT-Control Center 100% access to all resources. So much for privacy! Dave Banisar Staff Counsel at the Electronic Privacy Information Center in Washington, DC. said DIRT "Sounds like something the Stasi would have developed." The problem is enforcement and abuse he points out. "The only way to control this technology is after the fact, during the trial when the police have to show how they obtained evidence." When I first saw DIRT demonstrated in New York (June 5, 1998), I thought, "What if this gets out to the entire Internet community what will happen if we no longer ever trust our email?" The vast majority of computer crime goes unrecognized, unreported and unprosecuted. Despite the fact that the use of DIRT or a DIRT-like clone developed by the computer underground violates the Computer Abuse Act of 1984 and an assortment of other laws, the ability to control it remains extremely slim. And the uses for DIRT-like software stagger the imagination. All that someone with DIRT needs to know is your email address. Period. All he has to do is send you an email, with the embedded DIRT-Trojan Horse and hes home free, and you are a clueless victim. Large organizations usually worry about hackers breaking and entering their networks. Now they have reason to worry that DIRT-Bugs could invade their networks as well; whether launched by an investigating law enforcement authority, international competitors or spies, or just hackers. The last thing in the world they want is for critical workstations to be broadcasting passwords, encryption codes and providing complete system access to whoever controls DIRT-Central. Unfortunately, most firms with whom I deal have little implementation of the minor policies they have developed. Thus, defending against DIRT can be difficult. However, organizations which utilize NAT and proxies in their firewalls achieve some degree of confidence that DIRTs remote access capability will not function. Just the keyboard strokes (and associated private information) will be broadcast to DIRT-Central. According to the developers at Codex Data Systems, if you are a solitary PC sitting on a dial-up or a cable modem, there is nothing today you can do except dont click on your email attachments. Of course, ignoring email from strangers is always a good idea. But, if I were a cop or a bad guy using DIRT, I would certainly go after your home PC as well as the one at work. Its a whole lot easier, and I am going to learn just as much. With the advent of more and more powerful Trojans, such as DIRT (which only occupies 20K), the threat to our networked systems gets clearer and clearer. As Frank Jones, the inventor says, "There are no more secrets with DIRT."