Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Report: US FCC to allow payments for speedier traffic
China working on Linux replacement for Windows XP
FCC adds $9 billion to broadband subsidy fund
Raspberry Pi alternatives emerge to fill need for speed
It's now possible to wirelessly charge 40 smartphones from 16 feet away
Ex-FCC commissioner to head CTIA in latest Washington shuffle
Go time traveling with Google Maps
While Heartbleed distracts, hackers hit US universities
Survey respondents shun much-hyped mobile shopping technologies
Survey respondents shun much-hyped mobile shopping technologies
7 Ways to Advance Your Project Management Career
How Apple's billion dollar sapphire bet will pay off
US to vote on sharp increase in broadband subsidies
iPhone 6 rumor rollup for the week ending April 18
NSA spying revelations have tired out China's Huawei
Arista co-founder may have switch maker by its jewels
Apple kicks off public OS X beta testing
Open source pitfalls – and how to avoid them
AT&T's expanded 1 Gbps fiber rollout could go head to head with Google
BlackBerry Releases BES 10 Security Update to Address 'Heartbleed' Flaw
Verizon: Web apps are the security punching bag of the Internet
Cisco announces security service linked with new operations centers
Dell launches virtual storage accelerator, aims to boost SAN performance
Free OS X Mavericks now powers half of all Macs
/

It's getting easier to dig up DIRT on criminals

Imagine being able to monitor and intercept data from any PC in the world, anytime you want. If you find such a notion appealing, then DIRT's for you.

DIRT stands for Data Interception by Remote Transmission. Frank Jones, DIRT's inventor and president of Codex Data Systems, is hoping that DIRT will become a major law enforcement tool for stopping the bad guys.

Cops are having a terribly hard time dealing with cybercrime, and they all put online child pornographers at the top of the most wanted list. Suspected terrorists, drug traffickers and money launderers are also potential DIRT targets, as are various criminal organizations that use anonymity, remote control and encryption to hide themselves.

DIRT operates as surreptitiously as a Trojan horse. It is transmitted secretly to a target via e-mail in several ways, including as a proprietary protocol, self-extracting executable, dummy segment fault, hidden zip file or macro.

Once the DIRT-Bug is successfully embedded in the target machine, two things occur. First, all keystrokes made at the target's keyboard are captured secretly. When the machine is connected online, it will stealthily transmit captured keystrokes to a remotely located DIRT-Control Central for analysis. This is how encryption keys are discovered and later used to develop evidence in criminal cases.

Second, when the target PC is online, it will invisibly behave like an anonymous File Transfer Protocol (FTP) server, giving the folks at DIRT-Control Center 100 percent access to all resources on a targeted computer.

Codex Data Systems' Web site notes that the sale of DIRT technology is "restricted to military, government and law enforcement agencies" (www.the codex.com/dirt.html). Nevertheless, DIRT represents a questionably legal and ethical means of information gathering.

Dave Banisar, staff counsel at the Electronic Privacy Information Center in Washington, D.C., notes that DIRT raises disturbing questions about enforcement and abuse: "The only way to control this technology is after the fact, during the trial when the police have to show how they obtained evidence."

When I saw DIRT demonstrated last month, I thought, "What if this gets out to the entire Internet community ... what will happen if we no longer trust our e-mail?"

All that someone with DIRT needs to know is your e-mail address, period. All he has to do is send you an e-mail with the embedded DIRT Trojan horse, and he's home free while you are a clueless victim.

Large organizations usually worry about hackers breaking into and entering their networks. Now they have reason to worry that DIRT-Bugs could invade their networks as well, whether launched by an investigating law enforcement authority, international competitors, spies or just hackers.

There are a few steps you can take to increase your systems' resistance to DIRT:

  • At your Internet nexus, institute a policy that no executables are to enter your organization without examination.

  • Disable macros at your browser as a matter of policy.

  • If possible, do not enable file and printer sharing.

  • Do not use NT File System unless absolutely necessary.

  • Make remote FTP useless by using your own cryptographic protection for critical files.

  • Use cryptographic controls that do not require users to enter encryption keys at their keyboards.

  • Replace conventional password access with token-based or one-time passwords.

  • Remove all floppy disks from networked environments.

Unfortunately, most firms with which I deal do not enforce even the few minor security policies they have developed. This makes it almost impossible to keep DIRT out. However, organizations that use Network Address Translation and proxies in their firewalls achieve some degree of confidence that DIRT's remote access capability will not function.

According to the folks at Codex Data Systems, if you have a solitary PC sitting on a dial-up or a cable modem, there is nothing you can do - today - except refrain from clicking on your e-mail attachments. Of course, ignoring e-mail from strangers is always a good idea. But if I were a cop or a bad guy using DIRT, I would certainly go after your home PC as well as the one at work. It's a whole lot easier, and I am going to learn just as much.

With the advent of more powerful Trojan horses such as DIRT (which only occupies 20K bytes), the threat to our networked systems gets clearer. As Codex Data Systems' Jones says, "There are no more secrets with DIRT."

Related Links

DIRT Web site

Schwartau is chief operating officer of The Security Experts, Inc., an information security consulting firm, in Seminole, Fla., and president of infowar.com. He can be reached at winn@securityexperts.com or winn@infowar.com. What do you think? Jump into nwfusion.talk and start a thread.

More On Security columns


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.