Big Brother's Surveillance Software

15 March 2002

These are responses to release of the D.I.R.T. program and user guide:

http://cryptome.org/dirty-war.zip (the program)
http://cryptome.org/dirt-guide.htm (HTML guide)

Considering the vile reputation of Codex Data Systems, it is worth pondering whether any of the leaked DIRT material contains code which reports back to Codex what is happening to the material and what machine is being used. Among its nasty snooping products, Codex markets BAIT, which plants such tracking and user-identification code in documents. DIRT has a feature which reports to Codex, or another designated party, information gathered by DIRT. Also, Codex proposes that its programs can be used to set up "dangles," that is, alluring bait to ensnare targets whose access to and use of the dangles are logged and reported back to the dangler. These are standard dirty-tricks and traps in the world of intelligence and covert surveillance.

Cryptome was assured by the dirty-tricks-knowledgeable source of the DIRT material that it had been carefully checked for covert hooks and code and none was found. However, users should beware that criminal products like DIRT are treacherous and could double-cross. Development of protection against treachery and double-cross of seemingly benign and covertly criminal products, not only from Codex, is the purpose of releasing DIRT.

===========================================

14 March 2002

I read the story on theregister about DIRT with interest and followed the link to your site.

You might want to reconsider having the DIRT software available for download - I downloaded it earlier and it is pathetically easy to enable the software for full unlimited account use giving a trojan creation software.(Though having thousands of trojans out there may kick the virus companies into action)

To activate it without requirement for a dongle took about 20 minutes of basic examination and only 6 bytes of change were required.

The software seems to work by shoehorning in the file CORE.DAT to whatever executable is tagged for 'bugging'. Disassembly of that file and the associated coredll.dat reveals the keylogging routines.

[Transmittal of an enabled DIRT implementation.]

I've included the listings for the relevant files along with the executables (they are labelled .lst in the main directory). The file "dummy1.lst" was created by disassembling the included dummy.exe file after 'bugging' it. dummy.lst is the file before bugging. In case you are wondering the name "Gary Colton" at the top of the listings comes from the copy of IDA pro I used to have a look :-). Perhaps he should be credited with their discovery :-)

Looking at the dates on the executables leads me to believe it may be an old version of the code.

Basically unzip, using the directory paths included. The file cctray can then be run and you can trojan/steal data/abuse human rights to your hearts content :-(

http://cryptome.org/moredirt.zip (866KB)

[The program is provided for public benefit research. Use of trojans like DIRT against other persons is immoral and illegal unless you are a government criminal; Frank Jones, an ex-New York City policeman and DIRT's producer, was convicted of this crime.]

===========================================

14 March 2002

An interesting article regarding "DIRT" and its implications to the unsuspecting. Having all the pass phrases for your own security become a moot point when the government or other arm of the local, state, or federal institutions can acquire access to your computer. Are there ways to detect this program running in the background. Can the bug be isolated and reverse engineered? Your sevices to the public are appreciated by all, and myself.

===========================================

["Spyking" is Frank Jones.]

15 March 2002

I don't know if you checked the "Way Back Machine", but I did. As you probably know, this guy is a punk, but here ya go anyway.

-----

December 18, 1996

http://web.archive.org/web/19971212062500/http://www.thecodex.com/c_howto1.html - The "spyking" walks you through the intricacies of invading somebodies privacy.

http://web.archive.org/web/19970117045426/http://www.thecodex.com/c_crookb.html -

Then he will sell you the "CrookBook" for only $ 75.00. "Who knows how long it will take before the government tries to ban the CrookBook. Get you copy today! Before it's to late!"

There is a lot more.

===========================================

15 March 2002

I'm going to take a wild guess at whats going on with DIRT here...

By releasing the current version of DIRT into the wild, the maker assures the ability to charge for upgrades. The documentation goes so far as to indicate this is a work in progress.

As we speak, highly intelligent white hats are tearing it apart. Soon a freely available detection program will be released.

A little further down the road, the makers of DIRT will announce a new stealth upgrade to get past said program. This upgrade will cost money, even if you previously received the free version of DIRT.

===========================================

15 March 2002

You might have already recieved a couple of these... and I dont know if you want to publish this on your website, but it could be helpful to people who want to try out D.I.R.T. I have only verified the initial HASP check is dead. The same call is used three different times and is the only call with any HASP error string references - so I believe that is all (if its an actual HASP dongle at all). I am cautious to play too much with this... Kaspersky AntiVirus reports the coredll.dat is Trojan.PSW.Johar, which makes DIRT almost useless if the person is running anti-virus software though. If D.I.R.T. were a serious product a custom trojan should have been written.

D.I.R.T. Spyware Exposed on Web

Software marketed as a computer surveillance tool for law enforcement investigators has its secrets laid bare on an anonymous Web site.
By Kevin Poulsen
Mar 14 2002 1:30AM PT

Full story:
http://online.securityfocus.com/news/354

ive known of people who i hoped had their phones tapped. there was this one guy i lived next to in the 80's who was running a chop shop, selling crack, and letting 12 - 17 year old buy. when the federal guys finally did show up, noone got hurt. except his 2 and 5 year olds. they were hurting before and hurting after daddy went to prison. probation would have killed them though. dude was wrotten.
i'd have bugged him if i had the credentials. and those dudes who convert the postban stuff to preban, tap them for sure, and the dudes with pipe bombs.
all the baddies. tap all the baddies. those people in the streets of u.s. cities with masks on, breaking things, tap them twice. anyone go busting up stuff in my country, where one quarter of my bood is native cherokee, and the remaining german/scottish has been here three hundred+ years.
while any of mine are still alive, im against you.
tap the busters.