4 April 2002. Thanks to Anonymous.

Date: Thu, 4 Apr 2002 17:15:35 -0500

This is the minutes from the meeting where Frank Jones initially scammed the government and got them to invest hard money into the development of DIRT. It is a gold mine of government spooks who can be contacted and interviewed about what other illegal projects they are working on.


The bottom line is that the US government paid a convicted felon to create a tool that they could misuse to plant illegal evidence, and even allowed Jones to build a series of backdoors in the products so that even HE could access the suspects computer

Nothing like letting the inmates run the prison... or letting felons run the investigation.

small Spock logo

Spock Program

Security Proof of Concept Keystone

Web/Internet release permission for these minutes was granted on October 1, 1997

Conference Report

Minutes of SPOCK Meeting
Date: 1 September 1998
Personnel in Conversation: See attachment.

Old Business

This meeting was held to discuss the status of several SPOCK Proof of Concepts, and listen to presentations on the Cybershield Security Product and a Discovery tool affectionately called ‘DIRT”.

The meeting was opened 10.02. by Terry Losonsky, NSA/V2. Attendees were introduced and the minutes of the August meeting were reviewed and approved with no changes.

New Business

Major Mike Davis briefed the forum on the status of the Entrust Report. The draft is being circulated electronically to the participants and will shortly enter the pre-publication review phase within NSA.

The ATLAS ATM product proof of concept demonstration is entering its’ seventh week. This is because of the ironing out of some compatibility issues with ancillary equipment which must be fully understod before programming them to support the ATLAS using three different ATM protocols in a real life interconnected ATM environment. Several delays appear to have resulted from some ‘problems’ within devices other than the ATLAS. To date, the ATLAS has held up extremely well in adhering to the established ATM protocols, and performing as claimed in the security areas for which protective measures have been incorporated The testing is about 90 per cent completed. Apparently the participants are very happy with their involvement and the test results, as they continue to support the extra effort required to complete all of the scripts.

The NSA Red Team organization is interested in what commercial products can protect, detect, react, and analyze data, systems, and networks within the security arena. If you have anything you especially want to bring to their attention, call SPOCK at COACT on 301-498-0150, or e-mail at spock@coact.com. The information will be passed to them, and we will see what we can do on your behalf.

Claims have been submitted on the PN7 product, which configures routers, etc. for DEFCON exercises. This is from Unified Access Control Corp.

Netlock is requesting a proof of concept in November, and Fortress’ HeatSeeker Pro has expressed their intent to request a proof of concept, but with no set date.

SPYRUS’ media encryptor is also about ready to start the claims process.

And finally, Microsoft has been briefed on the SPOCK program and processes. They have expressed an interest in a demonstration of the Kerebros functionality in NT5.0. (No firm details yet.)


Two presentations were given. The first was on the Cybershield Product by William F. Dawson from TRW . The second was on the software regulated by Title III for capturing intelligence, named DIRT, by Frank Jones of Codex Data Systems.

First briefing

The presentation was done by William F. Dawson from TRW (which bought BDM Inc.) He may be reached at 703-848-5282, FAX 703-848-5282, and e-mail: wdawson@bdm.com

Cybershield is the most secure Web Server on the market today.
One year use at NSA.
Joint Chiefs and NATO are using it.
It will be fully integrated with the DOD Public Key Infrastructure (PKI).
TRW has a joint agreement with RSA which results in a free license to the U.S. Government.

The product fulfills the need to run untrusted programs securely in ‘containment’ areas, thereby merging the server and firewall together.

There are three pieces to the product architecture:

Data General UX (with the ‘B2” security option.)

BDM Secure Internet/Intranet Software

AViiON hardware platform

There are also many options, (to be discussed later.)

  1. Features:
  2. Solves Commercial problems:
  3. System Overview
  4. Architecture:

Essentially, these regions are laid out in a ‘lattice’ arrangement (i.e. grid), with ‘write equal’ across the horizontal rows and ‘read down’ along the vertical rows.

The permissions are accomplished using hierarchical relationships, labeling, etc. This containment approach accomplishes the following : can read selected areas, but cannot reach and change it (due to the host’s B2 architecture). Some parts cannot be seen without a secure logon.

It was noted that it took $26 million and 5 years to get here!

Version 2.7 is the current offering:

‘Does it all’ including multi-lingual support, management tools, mail filtering, trusted proxies, I&A and a B2 operating system.

V2.7 options:

Anti virus toolkit (Dr. Solomons)

Security Dynamics Technologies SecureID

Racal WatchWord authentication

IRE’s FIPS 140 encryption devices

SAIC’s CMDS (computer misuse detection)

Next release, 3.0, due in 3rd quarter: will support UX4.20 (NUMA architecture




Browser based admin interface

multi-level News Groups

Additional authentication (biometrics)

Additional proxies (SSL, Lotus Notes, SAP)

X400/500 Gateway (incl. DMS)

support for more languages

port to additional platforms, i.e. NT, HP, SUN (noting assurance will not be at the same level as B2).

Other facts and testimonies:

Y2K compliant (can’t guarantee 3rd party applications)

Common Criteria EAL4 evaluation underway in UK (Jul 98)

Cybershield began in FY93 under the DockMaster II program.
Data General computer added in FY96
DockMaster IOC occurred in FY97
Japan using Cybershield now.
SPAWAR began use in Feb 98
Pentagon in May 98
NATO secure web server in Aug 98
SABI (to be determined)

Requesting a SPOCK proof of concept demonstration in Nov 98. NSA has run 5-6 penetration tests. ALL Passed. (Note: NSA representatives verified this verbally at the SPOCK meeting.)

Encryption: Cybershield is classed as a Guard. Current encryption is provided by STU III. FORTEZZA is currently being used for I&A only. FORTEZZA encryption is being investigated.

SABI and ICSA evaluations are planned.

There are currently 17 government deployments, and 35 commercial operational deployments.

$50K for the typical ’Departmental‘ System
$100-150K for large scale enterprise server applications

Support, and custom development are available.

In conclusion: TRW will support a SPOCK demonstration with pilot system and engineering support.

Second briefing

The presentation was done by Frank Jones of Codex Data Systems

DIRT can monitor and intercept data from any PC (Windows based) in the world.

It was briefed that DIRT can bypass encryption programs, capture keystrokes, capture screens, access hard drives, is Windows 95 based,and can be transmitted to targets in a very Stealthy manner without physical access. Return ‘e-mails’ are then processed by the ‘Control Center’ software to glean information encoded in those E-mails.

DIRT has full ‘Root’ access. Because of the full keystroke capture, the loading of a file, and the act of hiding it or encrypting it is also captured up front, thereby allowing access to the information later (the same as the user.)

The DIRT user must use a legally pre-determined internet address.

The DIRT control center software can monitor multiple cases simultaneously.
The Agent cannot be detected by current signature anti-virus software.
The e-mail returns could be detected with a sniffer.


logon accounts and passwords

all sent and received e-mail

e-mail address books

bypasses PGP and other forms of encryption

typed pass phrases

graphics files

swap files

recycle bin

personal address/contact files

financial records


remote file access

network access

system management (i.e pirate and control their system!)

keystroke capture

audio capture - if mike attached

video capture - if camera attached

The briefer acknowledges that the DIRT solution only supports WINDOWS 95, but points out 85% of the world’s platforms are Windows and that figure is rising to 95% by the year 2000. They are working however on an NT version.

Only for sale to law and authorized military. Cost: $1895 per target, $250K unlimited.

The briefer concluded that Back Orifice, a somewhat similar approach, now has 50,000 copies ‘loose’. A brief comparison between Back Orifice and DIRT took place.

Personnel in Conversation

Larry B. McGinness, COACT
Michael Davis, NSA/V2
Terry Losonsky, NSA/V2
Nicholas Brigman, Red Creek
Eric Grimes, COACT
Kirk Finch, ASI
Julie Mehan, DOD
John Deasy, DOD
Paul Miller, SETA
Bob West IITRI
Dawn Faber, COACT
David Cox, USCS
Tom Jackson, USCS
Clay Holland, INS Inc.
Charlie Scruggs, Spyrus
Gary Rumsaas, DOD
Roger Guerrini, ISC Ins.
David Dustin, JHU/APL
Fred Sanborn, BAH
James Lipshultz, USPIS
Mark Shafernich, DEA
Steve Zaveri, LTC
Matt Joyce, TASC
Fred Tompkins, UniSys
Jom Litchko, IMSI
Louis Jurgens, Spyrus
Al Horning, ADH Inc.
John Ryan, RNW
John Taylor, NCI
Ralph Spinelli, Sytex
Alex Wheeler, DCFL
Jim Lightburn, IOA
Luis E. Acosta, DOD
Bill Norvell, IITRI
Dan Lincoln, ASIC Int.
Timothy Poole, USAF/DCFL
Cheri Carr, USAF/DCFL
Ed Paglee, DOD
Joseph Bergman, EURUS
Lalit Jain, UAC
Ray May, RTC
Joe Dente, Fortress Tech
Gary Doughery, UAC
Paul Walczak, USARL
James Barnes, DOD
A. Friedman, Fortress Tech
Dennis Joyce, Fortress Tech
Bill Dawson, TRW
Jeff Bowes, TASC
Ken Olthoff, NSA
Tom Jackson, USCS
Stephen Reipoures, DOD
Mark Ridenour, DOD
Needham Laugston, Army
CPT Doug Miner, LIAWA
Mike Cameron, BAH
Ed Paglee, DOD
Ray May, RTC Inc.
Perry Witinac, DISA-D6