4 April 2002. Thanks to Anonymous.
Date: Thu, 4 Apr 2002 17:15:35 -0500
This is the minutes from the meeting where Frank Jones initially scammed the government and got them to invest hard money into the development of DIRT. It is a gold mine of government spooks who can be contacted and interviewed about what other illegal projects they are working on.
http://www.coact.com/spock/spmin.sep98.html
The bottom line is that the US government paid a convicted felon to create a tool that they could misuse to plant illegal evidence, and even allowed Jones to build a series of backdoors in the products so that even HE could access the suspects computer
Nothing like letting the inmates run the prison... or letting felons run the investigation.
|
Spock ProgramSecurity Proof of Concept Keystone |
Web/Internet release permission for these minutes was granted on October 1, 1997
Minutes of SPOCK Meeting
Date: 1 September 1998
Personnel in Conversation: See attachment.
| Old
Business _____________________________________________________________________ |
|
This meeting was held to discuss the status of several SPOCK Proof of Concepts, and listen to presentations on the Cybershield Security Product and a Discovery tool affectionately called ‘DIRT”.
The meeting was opened 10.02. by Terry Losonsky, NSA/V2. Attendees were introduced and the minutes of the August meeting were reviewed and approved with no changes.
| New
Business _____________________________________________________________________ |
|
Major Mike Davis briefed the forum on the status of the Entrust Report. The draft is being circulated electronically to the participants and will shortly enter the pre-publication review phase within NSA.
The ATLAS ATM product proof of concept demonstration is entering its’ seventh week. This is because of the ironing out of some compatibility issues with ancillary equipment which must be fully understod before programming them to support the ATLAS using three different ATM protocols in a real life interconnected ATM environment. Several delays appear to have resulted from some ‘problems’ within devices other than the ATLAS. To date, the ATLAS has held up extremely well in adhering to the established ATM protocols, and performing as claimed in the security areas for which protective measures have been incorporated The testing is about 90 per cent completed. Apparently the participants are very happy with their involvement and the test results, as they continue to support the extra effort required to complete all of the scripts.
The NSA Red Team organization is interested in what commercial products can protect, detect, react, and analyze data, systems, and networks within the security arena. If you have anything you especially want to bring to their attention, call SPOCK at COACT on 301-498-0150, or e-mail at spock@coact.com. The information will be passed to them, and we will see what we can do on your behalf.
Claims have been submitted on the PN7 product, which configures routers, etc. for DEFCON exercises. This is from Unified Access Control Corp.
Netlock is requesting a proof of concept in November, and Fortress’ HeatSeeker Pro has expressed their intent to request a proof of concept, but with no set date.
SPYRUS’ media encryptor is also about ready to start the claims process.
And finally, Microsoft has been briefed on the SPOCK program and processes. They have expressed an interest in a demonstration of the Kerebros functionality in NT5.0. (No firm details yet.)
| Presentations _____________________________________________________________________ |
|
Two presentations were given. The first was on the Cybershield Product by William F. Dawson from TRW . The second was on the software regulated by Title III for capturing intelligence, named DIRT, by Frank Jones of Codex Data Systems.
| First
briefing _____________________________________________________________________ |
|
The presentation was done by William F. Dawson from TRW (which bought BDM Inc.) He may be reached at 703-848-5282, FAX 703-848-5282, and e-mail: wdawson@bdm.com
Cybershield is the most secure Web Server on the market today.
One year use at NSA.
Joint Chiefs and NATO are using it.
It will be fully integrated with the DOD Public Key Infrastructure (PKI).
TRW has a joint agreement with RSA which results in a free license to the
U.S. Government.
The product fulfills the need to run untrusted programs securely in ‘containment’ areas, thereby merging the server and firewall together.
There are three pieces to the product architecture:
Data General UX (with the ‘B2” security option.)
BDM Secure Internet/Intranet Software
AViiON hardware platform
There are also many options, (to be discussed later.)
Essentially, these regions are laid out in a ‘lattice’ arrangement (i.e. grid), with ‘write equal’ across the horizontal rows and ‘read down’ along the vertical rows.
The permissions are accomplished using hierarchical relationships, labeling, etc. This containment approach accomplishes the following : can read selected areas, but cannot reach and change it (due to the host’s B2 architecture). Some parts cannot be seen without a secure logon.
It was noted that it took $26 million and 5 years to get here!
Version 2.7 is the current offering:
‘Does it all’ including multi-lingual support, management tools, mail filtering, trusted proxies, I&A and a B2 operating system.
V2.7 options:
Anti virus toolkit (Dr. Solomons)
Security Dynamics Technologies SecureID
Racal WatchWord authentication
IRE’s FIPS 140 encryption devices
SAIC’s CMDS (computer misuse detection)
Next release, 3.0, due in 3rd quarter: will support UX4.20 (NUMA architecture
Future:
UPN
PKI
Browser based admin interface
multi-level News Groups
Additional authentication (biometrics)
Additional proxies (SSL, Lotus Notes, SAP)
X400/500 Gateway (incl. DMS)
support for more languages
port to additional platforms, i.e. NT, HP, SUN (noting assurance will not be at the same level as B2).
Other facts and testimonies:
Y2K compliant (can’t guarantee 3rd party applications)
Common Criteria EAL4 evaluation underway in UK (Jul 98)
Cybershield began in FY93 under the DockMaster II program.
Data General computer added in FY96
DockMaster IOC occurred in FY97
Japan using Cybershield now.
SPAWAR began use in Feb 98
Pentagon in May 98
NATO secure web server in Aug 98
SABI (to be determined)
Requesting a SPOCK proof of concept demonstration in Nov 98. NSA has run 5-6 penetration tests. ALL Passed. (Note: NSA representatives verified this verbally at the SPOCK meeting.)
Encryption: Cybershield is classed as a Guard. Current encryption is provided by STU III. FORTEZZA is currently being used for I&A only. FORTEZZA encryption is being investigated.
SABI and ICSA evaluations are planned.
There are currently 17 government deployments, and 35 commercial operational deployments.
Pricing:
$50K for the typical ’Departmental‘ System
$100-150K for large scale enterprise server applications
Support, and custom development are available.
In conclusion: TRW will support a SPOCK demonstration with pilot system and engineering support.
| Second
briefing _____________________________________________________________________ |
|
The presentation was done by Frank Jones of Codex Data Systems
DIRT can monitor and intercept data from any PC (Windows based) in the world.
It was briefed that DIRT can bypass encryption programs, capture keystrokes, capture screens, access hard drives, is Windows 95 based,and can be transmitted to targets in a very Stealthy manner without physical access. Return ‘e-mails’ are then processed by the ‘Control Center’ software to glean information encoded in those E-mails.
DIRT has full ‘Root’ access. Because of the full keystroke capture, the loading of a file, and the act of hiding it or encrypting it is also captured up front, thereby allowing access to the information later (the same as the user.)
The DIRT user must use a legally pre-determined internet address.
The DIRT control center software can monitor multiple cases simultaneously.
The Agent cannot be detected by current signature anti-virus software.
The e-mail returns could be detected with a sniffer.
Captures:
logon accounts and passwords
all sent and received e-mail
e-mail address books
bypasses PGP and other forms of encryption
typed pass phrases
graphics files
swap files
recycle bin
personal address/contact files
financial records
Features:
remote file access
network access
system management (i.e pirate and control their system!)
keystroke capture
audio capture - if mike attached
video capture - if camera attached
The briefer acknowledges that the DIRT solution only supports WINDOWS 95, but points out 85% of the world’s platforms are Windows and that figure is rising to 95% by the year 2000. They are working however on an NT version.
Only for sale to law and authorized military. Cost: $1895 per target, $250K unlimited.
The briefer concluded that Back Orifice, a somewhat similar approach, now has 50,000 copies ‘loose’. A brief comparison between Back Orifice and DIRT took place.
| Personnel
in Conversation _____________________________________________________________________
|