23 December 2001. Wayne Madsen writes in CorpWatch that Magic Lantern was developed by Booz-Allen-Hamiltion:
19 December 2001: Add reader responses. See conviction and probation documents of Frank Jones, which names the programmer who wrote D.I.R.T. as Eric Schneider:
18 December 2001. Thanks to Anonymous.
Codex Data Systems is the producer of D.I.R.T., an electronic surveillance program restricted for sale only to law enforcement and governmental agencies, which allegedly can invade and surveil a private computer without the owner knowing. For D.I.R.T. snooping claims made by Codex see:
Codex is reportedly a contributor to the Magic Lantern covert computer surveillance program to be used by the Federal Bureau of Investigation, and the firm is said to have promoted Magic Lantern to several federal agencies in addition to the FBI. D.I.R.T./Magic Lantern is also claimed to be a likely program used by the FBI in the Scarfo key-logging case to surreptitiously get PGP passphrases from Scarfo's computer, although these claims are disputed by readers below.
Both D.I.R.T. and Magic Lantern are reportedly based on Back Orifice as modified by a Back Orifice programmer working under contract to Codex, though this claim is also disputed by readers below. (See also separate file naming of Eric Schneider as programmer of D.I.R.T.)
DLA is the US Defense Logistics Agency. Most of its contracts for security services are classified. More on its Information Technology program: http://www.dla.mil/infoTechMain.asp
+++++++++++++++++++++++++++++++++ PARTIES EXCLUDED FROM FEDERAL PROGRAMS BY NAME AS OF 17-DEC-2001 NAME: Codex Data Systems, Inc. CLASS: Firm RECORD TYPE: Primary TYPE: Reciprocal CEC: SSN/TIN: ADDRESS 1: 167 Route 304, No. B-4 Bardonia, NY 10954 - Domestic CT ACTIONS - CT-CODE 1: A AGENCY: DLA ACTION-DATE: 09-MAR-2001 TERM-DATE: 17-OCT-2003 CT-CODE 2: J AGENCY: DLA ACTION-DATE: 09-MAR-2001 TERM-DATE: 06-DEC-2003 CRNAME 1: Jones, Francis Edward CRNAME 2: Jones, Frank NAME: Jones, Francis Edward CLASS: Individual RECORD TYPE: Cross Reference TYPE: Reciprocal CEC: SSN/TIN: ADDRESS 1: 250 Ehrardt Rd. Pearl River, NY 10965 - Domestic CT ACTIONS - CT-CODE 1: A AGENCY: DLA ACTION-DATE: 09-MAR-2001 TERM-DATE: 06-DEC-2003 CT-CODE 2: J AGENCY: DLA ACTION-DATE: 09-MAR-2001 TERM-DATE: 06-DEC-2003 PRIMARY NAME: Codex Data Systems, Inc. NAME: Jones, Frank CLASS: Individual RECORD TYPE: Cross Reference TYPE: Reciprocal CEC: SSN/TIN: ADDRESS 1: 250 Ehrardt Rd. Pearl River, NY 10965 - Domestic CT ACTIONS - CT-CODE 1: A AGENCY: DLA ACTION-DATE: 09-MAR-2001 TERM-DATE: 06-DEC-2003 CT-CODE 2: J AGENCY: DLA ACTION-DATE: 09-MAR-2001 TERM-DATE: 06-DEC-2003 PRIMARY NAME: Codex Data Systems, Inc. +++++++++++++++++++++++++++++++++ Procurement Cause and Treatment Codes Descriptions A Cause Debarment by an agency pursuant to FAR 9.406-2, GPO Instructions 110.11A, or PS Publication 41, for one or more of the following causes (a) conviction of or civil judgment for fraud violation of antitrust laws, embezzlement, theft, forgery, bribery, false statements, or other offenses indicating a lack of business integrity; (b) violation of the terms of a Government contract, such as a willful failure to perform in accordance with its terms or a history of failure to perform; or (c) any other cause of a serious and compelling nature affecting responsibility. (See Code N- Debarment pursuant to FAR 9.406 2(b)(2) Drug Free Workplace Act of 1988.) Treatment Contractors are excluded from receiving contracts, and agencies shall not solicit offers from, award contract to, renew or otherwise extend the duration of current contracts, or consent to subcontracts with these contractors, unless the acquiring agency's head or a designee determines that there is a compelling reason for such action. Government prime contractors, when required by the terms of their contract, shall not enter into any subcontract equal to or in excess of $25,000 with a contractor that is debarred, suspended, or proposed for debarment, unless there is a compelling reason to do so. Debarments are for a specified term as determined by the debarring agency and as indicated in the listing. Also, J Cause Debarment by an agency pursuant to Federal Property Management Regulations (FPMR) 101-45.6 for one or more of the following causes: (a) conviction of or civil judgment for fraud, violation of antitrust laws, embezzlement, theft, forgery, bribery, false statements, or other offenses indicating a lack of business integrity, (b) violation of terms of a Government contract, such as a willful failure to perform in accordance with its terms or a history of failure to perform; or (c) any other cause of a serious and compelling nature affecting responsibility. Treatment Contractors are excluded from receiving contracts to purchase Federal personal property, and agencies shall not solicit offers from, award contracts to, renew or otherwise extend the duration of current contracts, or consent to subcontracts with these contractors, unless the acquiring agency's head or a designee determines that there is a compelling reason for such action. Debarments are for a specified term as determined by the debarring agency and as indicated in the listing (see Note following Code K). +++++++++++++++++++++++++++++++++ The DLA contact for this action is: DLA Cynthia Gaitley / DPAC-G (808)477-1225 +++++++++++++++++++++++++++++++++ Cryptome telephoned Cynthia Gaitley who said information on this case would have to come from Mr. Norm Lussiei, Contracts and Remedies, DLA, Ft. Belvoir, VA; telephone: (703) 767-5032. Ms. Gaitley said her office handles DLA Pacific matters. Which raises a prospect that Codex products were to be deployed in that region.
Date: Wed, 19 Dec 2001 11:53:45 -0500 (EST) From: security curmudgeon <firstname.lastname@example.org Reply-To: security curmudgeon <email@example.com To: William Knowles <firstname.lastname@example.org cc: email@example.com Subject: Re: [ISN] DIRT-Magic Lantern Firm Barred from Gov Work bah, this is false btw. codex has nothing to do with Magic Lantern. good to see the rest about him getting out though. On Wed, 19 Dec 2001, InfoSec News wrote: http://cryptome.org/dirty-lantern.htm
From: "Lou Dolinar" <firstname.lastname@example.org To: "John Young" <email@example.com Subject: DIRT Date: Wed, 19 Dec 2001 12:02:56 -0500 How do we know this guy (Francis Edward "Frank" Jones) is peddling (or was peddling) DIRT to the FBI? Lou Dolinar, Newsday: 631-843-2994 Home: 631 583-9335 For back columns, see www.dolinar.com
Cryptome: We've asked the source for substantiation of the FBI/DIRT/ Magic Lantern claim. Will post when available.
Date: 19 Dec 2001 To: John Young <firstname.lastname@example.org Subject: Re: Responses to Codex Report First there was an indictment and a trial of Frank Jones. During the trial/court proceedings a freeware program by the name of "Back Orifice" came out, and one "Frank Jones" started asking for a programmer to help him tweak it up as a resalable product (which he had done before). While out on bail, Jones traveled to Maryland to a Postal Inspectors conference on Child Pornography (with his attorney) to convince the FBI, Secret Service, and US Postal Inspectors that they should give him $50k to develop a "proof-of-concept". Jones has his programmer in tow, and what they demo (poorly) is Back Orifice with a modified graphical user interface. Jones then takes the 50K he is given and he, the attorney, and the programmer incorporate "Codex Data Systems" and funnel most of the money to fund Jones criminal defense fund (which the programmer was not aware of). The few dollars that are left they use to put on rigged demos, to wine-and-dine witnesses, and basically to load up his PR machine with puffery. One of the reasons Jones needed to incorporate is that the government doesn't like doing business with sole proprietorships, and Jones needed to be operate under a new business name to conceal his prior fraudulent business activities. There is also another reason for him to incorporate: it gives him an umbrella to shield his assets from the probation department investigation that was about to happen once he pled guilty (so he could avoid being fined). It also gave him a bogus employer to report to the court. Now during all of this Jones and crew simply couldn't get the klutzy software to work. They did multiple demos, Jones hyped it to death, claimed it had amazing capabilities. The only problem was that it couldn't live up to his claims (and it was highly unstable). Jones's dissimulation got so bad that his "programmer" told him to get stuffed and divorced himself from anything to do with Jones... so Jones (a little over two years ago) started begging various hackers and programmers to help him out. However, these folks wanted to be paid for their work. So what does Jones do? He starts looking for investors, and finds a believer in England who drops about 100 grand on him in American Express Travelers Checks. Jones and his partner-attorney then countersign the AMEX Checks, and deposit them into their wives' personal bank accounts. The respective wives then LOAN the money back to Codex Data Systems in a classic case of money laundering. By now Jones has formally pled guilty, is a convicted felon, is on probation and any kind of basic check would have revealed a criminal background. But Jones was not doing business under his own name and so avoids exposure. Skip forward to the Summer of 2000. DIRT will not work right, the $100,000 English investor is suing Jones for fraud, and the attorneys at Defense Logistic Agency is screaming for his head for not delivering on his contract. DLA goes though all kinds of motions to help him fill the contract, but he finally misses the last deadline so is formally placed in default in late Fall. Over the winter the government takes steps to formally ban Codex, Jones, and crew, and in the early spring the ban is filed and made a public record. By early Spring Jones is going nuts, the programmers he contracted for the fixes to DIRT have been unable to deliver their goods, and every time he tries a rigged demos it completely backfires on him. So what does he do? He announces more new products, and gives his programmer (actually his ISP) some means to redeem himself. Hence comes "BAIT" and related puffery which Jones puts into his PR machines. By late Spring/Early summer the U.S. Attorney's office in NY has gotten involved (due to dozens of complaints) and Jones' parole officer has been reprimanded for permitting Jones to commit felonies while on probation. In May Jones is given one month a completely shutdown all of his mailing lists, newsgroups, and so on, so he starts claiming that he is too busy to support his "Over 11,000+ Members Worldwide " and on June 22, 2001 issues his final newsletter. Oddly, he was only sending it to just over 1100 email addresses at a time, so that means he was lying by a ten-fold factor. OK, fast forward to the more recent days, Jones lies his ass off to the the Wall Street Journal, and promptly gets debunked. His attorney initiates damage control to keep Jones out of jail, and the Journal's competitors have a field day. The ONLY thing keeping Jones out of jail right now is that he is falling all over himself to inform on everybody around him, aggressively working to entrap folks, providing detailed reports on his associates, and so on, as a low level snitch. Jones then tries to pawn his crippled software in the form of source code in an attempt to stay out of jail, and supposedly the FBI has him and his crew visit Quantico for a few days in May (or so I am told) where they take delivery of several thousand pages of paperwork, debrief his programmer, and take over the raw materials in exchange for not violating his probation. The alleged reason the FBI wanted the "original documents" was to develop their own controlled version in-house to supplement a small arsenal of "munitions suitable for information warfare," using DIRT as a seed. The "new tool" was supposed to be called "lantern" something. The FBI likely went to an outside contractor to develop the "new tool" which would probably be the "... under contract for the FBI..." firm being talked about.