9 June 1998

Date: Tue, 09 Jun 1998 11:34:00 -0400
From: Sunder <sunder@brainlink.com>
To: cypherpunks@cyberpass.net
Subject: SpookTech 98 - them spies are everywhere...

Okay, so last week on Friday, SpyKing had the SpookTech 98 convention.  I'm
not gonna get too deep into details of things as they've nothing to do with
the cypherpunks list's interests...

However, the following is of great interest:

1st, as offered they "broke" a PGP message.  Not by the traditional factoring
of keys, nor with any weakness in PGP, but rather by simply grabbing the
target's keyboard.   A simple key stroke grabber program installed on the
machine did the trick.  But there's more.

They've developed a program called "DIRT" which is aimed at LEA's tracking
for example pedophiles.  (Of course it's not just limited to those, and of
course it could be used in industrial espionage - a topic heavily discussed
by Winn Schwartau who also did a presentation.)

The program captures your keystrokes and saves'em for later.  When you
establish your PPP connection, it anonymously emails out the keystrokes about
every minute or so.  If your pedophile is online at the same time as you, the
program acts as a kind of ftp server and you can browse his hard drive,
download and upload files, and even run other software.

There was of course talk of "if there's a microphone (or camera) attached" to
the machine it could also be used - although that might generate a bit too much
traffic but whatever.

DIRT is so far only available against Win95 machines, with NT versions
possibly available in the future, so pedophiles using 95 will be caught,
however ANYONE with a bit of programming knowledge, can write such a beast
and use it to spy on anyone else.

I did get about 10 minutes on the "infected" machine in question and did the
obvious searches for places where programs could be run from in the system
files, and in the registry, and then because I saw the subject of the messages
sent by DIRT to it's mommy, I did a file search for strings on the subject and
on the keystrokes I typed in.  I turned up nothing.  At 1st glance, the machine
doesn't look changed, if you look at your system files, you don't see anything
there, don't see anything out of the ordinary.

Of course the machines in question didn't have any debuggers or else I would
have done a trace of the system calls to see what patched the keyboard handler,
but at a 1st glance, you won't notice this program running.

Since it sends out small little tiny email packets at a time, you won't notice
it generating any extraneous traffic.  So it's very very very hard to even
suspect that someone is spying on you.

As we all know so well, 95 is not a secure OS, but you could easily write
such a beast for NT, Mac, for various flavors of Unix, and whatever else.  
It's certainly not hard for most programmers who have a good refrence for the
OS they're targetting.

Hell, the spies from France and Japan probably already have written such
things and placed them on the PC's of every important person in companies
they wish to conduct industrial espionage against.

Given enough time one could spot this program and notice it, however, unless
you suspect something are you gonna even be looking for it?

Never mind that you might be running OpenBSD with tcp wrappers and ipf and
tripwire and cops and lsof...  if someone has access to your machine ONCE
they could modify enough of your OS and enough of the watcher programs so
you won't even notice such code!

Other stuff overheard from some ex-police dudes:  Turns out all the
construction at Grand Central recently has added some very nice hardware.  
(Now again this was part of a conversation, so again, it's hearsay, so take it
as it's given, it might not be 100% true.)  Turns out that there are various
cameras everywhere tied in to a computer system that watches for about 120,000
different well known "terrorist" faces.  If it recognizes as, the armed ninjas
will jump out of the walls and shoot, yes shoot, not arreset, but directly
shoot on sight.  They would then remove the body swiftly and quickly and
pretend they were shooting a movie or some such.  The incident wouldn't likely
even make the news.

I wonder how well tested the system is.  I wonder if there were any false
positives so far...

Other stuff.. Winn was there going over infowar stuff (old news to most of us),
I found his talk quite intelligent and mostly true to real life.  There was a
showing from EHAP - Ethical Hackers Against Pedophiles and the dude from EHAP
broke into someone's bind - usual buffer overflow against named... and the
usual PI bugging devices and TSCM...

The interesting bit (to me) was the amount of corporate spying out there that
mostly goes either undetected, or unreported against US corporations.  At the
rate it's been going the USA will technologically lose in something like 30
years (if I recall the numbers.)  Things like gifts of desk pen sets contain
bugs, to people mailing junk mail to executives and including small tiny bugs
in the lining of the envelope - so that day by day they can hear what's going
on, to people grabbing the nice spent film carts from fax machines, etc....

'nother cool thing was the freebie pinhole cameras given out... :)  Real nice
and tiny... now if I could only find a nice tiny small VCR with time 
lapse on it, maybe I could catch the book theif at work.... heh... :)


.+.^.+.|  Ray Arachelian    |Prying open my 3rd eye.  So good to see |./|\.
..\|/..|sunder@sundernet.com|you once again. I thought you were      |/\|/\
<--*-->| ------------------ |hiding, and you thought that I had run  |\/|\/
../|\..| "A toast to Odin,  |away chasing the tail of dogma. I opened|.\|/.
.+.v.+.|God of screwdrivers"|my eye and there we were....            |.....
======================= http://www.sundernet.com ==========================