It's getting easier to dig up DIRT on criminals

Imagine being able to monitor and intercept data from any PC in the world, anytime you want. If you find such a notion appealing, then DIRT's for you.

DIRT stands for Data Interception by Remote Transmission. Frank Jones, DIRT's inventor and president of Codex Data Systems, is hoping that DIRT will become a major law enforcement tool for stopping the bad guys.

Cops are having a terribly hard time dealing with cybercrime, and they all put online child pornographers at the top of the most wanted list. Suspected terrorists, drug traffickers and money launderers are also potential DIRT targets, as are various criminal organizations that use anonymity, remote control and encryption to hide themselves.

DIRT operates as surreptitiously as a Trojan horse. It is transmitted secretly to a target via e-mail in several ways, including as a proprietary protocol, self-extracting executable, dummy segment fault, hidden zip file or macro.

Once the DIRT-Bug is successfully embedded in the target machine, two things occur. First, all keystrokes made at the target's keyboard are captured secretly. When the machine is connected online, it will stealthily transmit captured keystrokes to a remotely located DIRT-Control Central for analysis. This is how encryption keys are discovered and later used to develop evidence in criminal cases.

Second, when the target PC is online, it will invisibly behave like an anonymous File Transfer Protocol (FTP) server, giving the folks at DIRT-Control Center 100 percent access to all resources on a targeted computer.

Codex Data Systems' Web site notes that the sale of DIRT technology is "restricted to military, government and law enforcement agencies" (www.the codex.com/dirt.html). Nevertheless, DIRT represents a questionably legal and ethical means of information gathering.

Dave Banisar, staff counsel at the Electronic Privacy Information Center in Washington, D.C., notes that DIRT raises disturbing questions about enforcement and abuse: "The only way to control this technology is after the fact, during the trial when the police have to show how they obtained evidence."

When I saw DIRT demonstrated last month, I thought, "What if this gets out to the entire Internet community ... what will happen if we no longer trust our e-mail?"

All that someone with DIRT needs to know is your e-mail address, period. All he has to do is send you an e-mail with the embedded DIRT Trojan horse, and he's home free while you are a clueless victim.

Large organizations usually worry about hackers breaking into and entering their networks. Now they have reason to worry that DIRT-Bugs could invade their networks as well, whether launched by an investigating law enforcement authority, international competitors, spies or just hackers.

There are a few steps you can take to increase your systems' resistance to DIRT:

• At your Internet nexus, institute a policy that no executables are to enter your organization without examination.

• Disable macros at your browser as a matter of policy.

• If possible, do not enable file and printer sharing.

• Do not use NT File System unless absolutely necessary.

• Make remote FTP useless by using your own cryptographic protection for critical files.

• Use cryptographic controls that do not require users to enter encryption keys at their keyboards.

• Replace conventional password access with token-based or one-time passwords.

• Remove all floppy disks from networked environments.

Unfortunately, most firms with which I deal do not enforce even the few minor security policies they have developed. This makes it almost impossible to keep DIRT out. However, organizations that use Network Address Translation and proxies in their firewalls achieve some degree of confidence that DIRT's remote access capability will not function.

According to the folks at Codex Data Systems, if you have a solitary PC sitting on a dial-up or a cable modem, there is nothing you can do - today - except refrain from clicking on your e-mail attachments. Of course, ignoring e-mail from strangers is always a good idea. But if I were a cop or a bad guy using DIRT, I would certainly go after your home PC as well as the one at work. It's a whole lot easier, and I am going to learn just as much.

With the advent of more powerful Trojan horses such as DIRT (which only occupies 20K bytes), the threat to our networked systems gets clearer. As Codex Data Systems' Jones says, "There are no more secrets with DIRT."

DIRT Web site

Schwartau is chief operating officer of The Security Experts, Inc., an information security consulting firm, in Seminole, Fla., and president of infowar.com. He can be reached at winn@securityexperts.com or winn@infowar.com. What do you think? Jump into nwfusion.talk and start a thread.

More On Security columns