9 June 1998
Date: Tue, 09 Jun 1998 11:34:00 -0400 From: Sunder <sunder@brainlink.com> To: cypherpunks@cyberpass.net Subject: SpookTech 98 - them spies are everywhere... Okay, so last week on Friday, SpyKing had the SpookTech 98 convention. I'm not gonna get too deep into details of things as they've nothing to do with the cypherpunks list's interests... However, the following is of great interest: 1st, as offered they "broke" a PGP message. Not by the traditional factoring of keys, nor with any weakness in PGP, but rather by simply grabbing the target's keyboard. A simple key stroke grabber program installed on the machine did the trick. But there's more. They've developed a program called "DIRT" which is aimed at LEA's tracking for example pedophiles. (Of course it's not just limited to those, and of course it could be used in industrial espionage - a topic heavily discussed by Winn Schwartau who also did a presentation.) The program captures your keystrokes and saves'em for later. When you establish your PPP connection, it anonymously emails out the keystrokes about every minute or so. If your pedophile is online at the same time as you, the program acts as a kind of ftp server and you can browse his hard drive, download and upload files, and even run other software. There was of course talk of "if there's a microphone (or camera) attached" to the machine it could also be used - although that might generate a bit too much traffic but whatever. DIRT is so far only available against Win95 machines, with NT versions possibly available in the future, so pedophiles using 95 will be caught, however ANYONE with a bit of programming knowledge, can write such a beast and use it to spy on anyone else. I did get about 10 minutes on the "infected" machine in question and did the obvious searches for places where programs could be run from in the system files, and in the registry, and then because I saw the subject of the messages sent by DIRT to it's mommy, I did a file search for strings on the subject and on the keystrokes I typed in. I turned up nothing. At 1st glance, the machine doesn't look changed, if you look at your system files, you don't see anything there, don't see anything out of the ordinary. Of course the machines in question didn't have any debuggers or else I would have done a trace of the system calls to see what patched the keyboard handler, but at a 1st glance, you won't notice this program running. Since it sends out small little tiny email packets at a time, you won't notice it generating any extraneous traffic. So it's very very very hard to even suspect that someone is spying on you. As we all know so well, 95 is not a secure OS, but you could easily write such a beast for NT, Mac, for various flavors of Unix, and whatever else. It's certainly not hard for most programmers who have a good refrence for the OS they're targetting. Hell, the spies from France and Japan probably already have written such things and placed them on the PC's of every important person in companies they wish to conduct industrial espionage against. Given enough time one could spot this program and notice it, however, unless you suspect something are you gonna even be looking for it? Never mind that you might be running OpenBSD with tcp wrappers and ipf and tripwire and cops and lsof... if someone has access to your machine ONCE they could modify enough of your OS and enough of the watcher programs so you won't even notice such code! Other stuff overheard from some ex-police dudes: Turns out all the construction at Grand Central recently has added some very nice hardware. (Now again this was part of a conversation, so again, it's hearsay, so take it as it's given, it might not be 100% true.) Turns out that there are various cameras everywhere tied in to a computer system that watches for about 120,000 different well known "terrorist" faces. If it recognizes as, the armed ninjas will jump out of the walls and shoot, yes shoot, not arreset, but directly shoot on sight. They would then remove the body swiftly and quickly and pretend they were shooting a movie or some such. The incident wouldn't likely even make the news. I wonder how well tested the system is. I wonder if there were any false positives so far... Other stuff.. Winn was there going over infowar stuff (old news to most of us), I found his talk quite intelligent and mostly true to real life. There was a showing from EHAP - Ethical Hackers Against Pedophiles and the dude from EHAP broke into someone's bind - usual buffer overflow against named... and the usual PI bugging devices and TSCM... The interesting bit (to me) was the amount of corporate spying out there that mostly goes either undetected, or unreported against US corporations. At the rate it's been going the USA will technologically lose in something like 30 years (if I recall the numbers.) Things like gifts of desk pen sets contain bugs, to people mailing junk mail to executives and including small tiny bugs in the lining of the envelope - so that day by day they can hear what's going on, to people grabbing the nice spent film carts from fax machines, etc.... 'nother cool thing was the freebie pinhole cameras given out... :) Real nice and tiny... now if I could only find a nice tiny small VCR with time lapse on it, maybe I could catch the book theif at work.... heh... :) -- =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian |Prying open my 3rd eye. So good to see |./|\. ..\|/..|sunder@sundernet.com|you once again. I thought you were |/\|/\ <--*-->| ------------------ |hiding, and you thought that I had run |\/|\/ ../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/. .+.v.+.|God of screwdrivers"|my eye and there we were.... |..... ======================= http://www.sundernet.com ==========================