Search /
Advanced search  |  Help  |  Site map
Click for Layer 8! No, really, click NOW!
Networking for Small Business
Where's my gigabit Internet, anyway?
How a cyber cop patrols the underworld of e-commerce
For Red Hat, it's RHEL and then…?
Will the Internet of Things Become the Internet of Broken Things?
Kill switches coming to iPhone, Android, Windows devices in 2015
Israeli start-up, working with GE, out to detect Stuxnet-like attacks
Galaxy S5 deep-dive review: Long on hype, short on delivery
Google revenue jumps 19 percent but still disappoints
Windows XP's retirement turns into major security project for Chinese firm
Teen arrested in Heartbleed attack against Canadian tax site
Still deploying 11n Wi-Fi?  You might want to think again
Collaboration 2.0: Old meets new
9 Things You Need to Know Before You Store Data in the Cloud
Can Heartbleed be used in DDoS attacks?
Secure browsers offer alternatives to Chrome, IE and Firefox
Linksys WRT1900AC Wi-Fi router: Faster than anything we've tested
Heartbleed bug is irritating McAfee, Symantec, Kaspersky Lab
10 Hot Hadoop Startups to Watch
Server makers rushing out Heartbleed patches
Fortinet, McAfee, Trend Micro, Symantec, Bitdefender battle in socially-engineered malware prevention test
Net neutrality ruling complicates US transition to IP networks
6 Social Media Mistakes That Will Kill Your Career
Canonical's new Ubuntu focuses on the long haul
4 Qualities to Look for in a Data Scientist
Big bucks going to universities to solve pressing cybersecurity issues

It's getting easier to dig up DIRT on criminals

Imagine being able to monitor and intercept data from any PC in the world, anytime you want. If you find such a notion appealing, then DIRT's for you.

DIRT stands for Data Interception by Remote Transmission. Frank Jones, DIRT's inventor and president of Codex Data Systems, is hoping that DIRT will become a major law enforcement tool for stopping the bad guys.

Cops are having a terribly hard time dealing with cybercrime, and they all put online child pornographers at the top of the most wanted list. Suspected terrorists, drug traffickers and money launderers are also potential DIRT targets, as are various criminal organizations that use anonymity, remote control and encryption to hide themselves.

DIRT operates as surreptitiously as a Trojan horse. It is transmitted secretly to a target via e-mail in several ways, including as a proprietary protocol, self-extracting executable, dummy segment fault, hidden zip file or macro.

Once the DIRT-Bug is successfully embedded in the target machine, two things occur. First, all keystrokes made at the target's keyboard are captured secretly. When the machine is connected online, it will stealthily transmit captured keystrokes to a remotely located DIRT-Control Central for analysis. This is how encryption keys are discovered and later used to develop evidence in criminal cases.

Second, when the target PC is online, it will invisibly behave like an anonymous File Transfer Protocol (FTP) server, giving the folks at DIRT-Control Center 100 percent access to all resources on a targeted computer.

Codex Data Systems' Web site notes that the sale of DIRT technology is "restricted to military, government and law enforcement agencies" (www.the Nevertheless, DIRT represents a questionably legal and ethical means of information gathering.

Dave Banisar, staff counsel at the Electronic Privacy Information Center in Washington, D.C., notes that DIRT raises disturbing questions about enforcement and abuse: "The only way to control this technology is after the fact, during the trial when the police have to show how they obtained evidence."

When I saw DIRT demonstrated last month, I thought, "What if this gets out to the entire Internet community ... what will happen if we no longer trust our e-mail?"

All that someone with DIRT needs to know is your e-mail address, period. All he has to do is send you an e-mail with the embedded DIRT Trojan horse, and he's home free while you are a clueless victim.

Large organizations usually worry about hackers breaking into and entering their networks. Now they have reason to worry that DIRT-Bugs could invade their networks as well, whether launched by an investigating law enforcement authority, international competitors, spies or just hackers.

There are a few steps you can take to increase your systems' resistance to DIRT:

  • At your Internet nexus, institute a policy that no executables are to enter your organization without examination.

  • Disable macros at your browser as a matter of policy.

  • If possible, do not enable file and printer sharing.

  • Do not use NT File System unless absolutely necessary.

  • Make remote FTP useless by using your own cryptographic protection for critical files.

  • Use cryptographic controls that do not require users to enter encryption keys at their keyboards.

  • Replace conventional password access with token-based or one-time passwords.

  • Remove all floppy disks from networked environments.

Unfortunately, most firms with which I deal do not enforce even the few minor security policies they have developed. This makes it almost impossible to keep DIRT out. However, organizations that use Network Address Translation and proxies in their firewalls achieve some degree of confidence that DIRT's remote access capability will not function.

According to the folks at Codex Data Systems, if you have a solitary PC sitting on a dial-up or a cable modem, there is nothing you can do - today - except refrain from clicking on your e-mail attachments. Of course, ignoring e-mail from strangers is always a good idea. But if I were a cop or a bad guy using DIRT, I would certainly go after your home PC as well as the one at work. It's a whole lot easier, and I am going to learn just as much.

With the advent of more powerful Trojan horses such as DIRT (which only occupies 20K bytes), the threat to our networked systems gets clearer. As Codex Data Systems' Jones says, "There are no more secrets with DIRT."

Related Links

DIRT Web site

Schwartau is chief operating officer of The Security Experts, Inc., an information security consulting firm, in Seminole, Fla., and president of He can be reached at or What do you think? Jump into and start a thread.

More On Security columns

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.