A couple months back we had a discussion here on the forums about the US government now being able to spy on your computer without a warrant. The program of choice is DIRT v2.2. For those interested in what's going on please follow this link
http://cryptome.org/dirt-guide.htm


------------------
All the king's HORSES and all the king's men? Are you kidding me? No wonder they couldn't put Humpty together again. Just what did those idiots expect the horses to do, anyway? - Jerry Seinfeld

I found this-

What's New in Version 2.2?

Technically speaking, D.I.R.T.™ Version 2.2 has a number of new useful features:

• The e-mail data shows the target's current IP address in the "Subject Field."
• The target's hard drive serial number is included in the information captured and is transferred to the Command Center software.

• The bug can now be programmed to automatically terminate itself on a specific date.

• The import and decoding process is refined and improved for easy use.

• The bug can now perform a screen capture and send the image to the Command Center via the remote access terminal.

• The D.I.R.T.™ "bug" can now be installed inside MS Word, and Excel files. We are working on PowerPoint and auto run files as well as several other methods at this time. Contact Customer Service for details.

• D.I.R.T has also added the ability to set the time frame in which the bug will operate. This enables the user to comply with a directive that states that the surveillance must end by a fixed date, whether the user has access to the target by remote terminal or not.

• D.I.R.T.™ no longer relies solely on TCP-IP connections for transmittal. D.I.R.T.™ is now able to transmit through proprietary protocols, such as those now used by AOL and CompuServe, network connections, and is now Windows NT compatible.

-

very interesting!

http://www.PCGuide.com/ubb/eek.gif http://www.PCGuide.com/ubb/eek.gif http://www.PCGuide.com/ubb/eek.gif http://www.PCGuide.com/ubb/eek.gif http://www.PCGuide.com/ubb/eek.gif




------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)

I've always found this to be very interesting, and not to downplay the possible abuses that this technology could allow, BUT, I doubt that this technology will be any more invasive to most people than phone tapping and surveillance techniques have been in the past.

Here's my reasoning: let's say they could install this on everyone's computer (which they can't) there is no way that volume of data could ever be sifted through. Even if criminals always used exactly the words they meant (meaning no code words for bomb, no time shifting, etc.) and always spoke english, what amount of computer and human time would it take to check it???

This will be the same thing as a phone tap. A judge will issue a warrant, they'll install the program on a suspect's computer and listen.

------------------
When all else fails, read the instructions.

Microsoft Knowledge Base (http://support.microsoft.com/default.aspx?scid=fh;rid;kbinfo)

Drivers (http://www.driverguide.com)

Google (http://www.google.com)

I'm with you Hired. Even with todays technology and computer horsepower, it would be ridiculous to invest the necessary manpower to go thru all the information that even a small group of random individuals would produce.

I do have a question or two for the more technicly inclined than myself.
Can this prog bypass a firewall? Isn't that the purpose of a firewall?

I didn't read the artical in detail (maybe I better) but I'm guessing, since this prog was written for government use, it would have a doller value that would put it out of reach of nearly any non-gov. entity.
How long do you think before a street version is out? This is where the real threat leys.

------------------
A real Christian is one who can give his pet parrot to the town gossip.
Frank's Place (http://dreamwater.net/tech/frankscomp/)

From what I've read so far ,you could build a Dirt type tool set using free "hacker" tools from the net right now.

And defeating it would be easy. First setup your Office programs to "prompt" before running macros or better yet disable them. Make sure that your Windows email programs are patched. Run a firewall that allows email traffic only to your ISP's email server and does not allow any outside connections to be initiated by outside computers. And ,if you can afford to, run "tripwire" which will inform you when files have been altered or added to your system.


You would do pretty much the same thing to detect and remove Dirt that you would do for any other hacker tool.


IMHO the tool's method of delivery isn't all that great. If I send you an email "bug" how am I to know it was downloaded and installed on the computer with the information I want? Who's to say I didn't download it to my pocket pc. It would take some good old fashion intel to first find the right email address and then make sure that you might be able to get the subject to download the bug onto a critical system.

Okay, saw a tv episode (so already a bit suspect) where a company searched the Net, got a worm on a person's puter so they could obtain credit card info and bank info and such, and then the company sold all that info to whomever asked and paid for it. The premise was that EVERYTHING one did or said on the Net was available and could be tracked down. So I would add this question to Bassman's question...is that possible? When I am here at the forum..I know that I am "in public" and most other places too, but getting into my email is another ball game entirely. I agree that would be like phone tapping and therefore unlikely, but still feels like invasion of privacy. When my friend and I are emailing each other on female stuff..well, that's no man's business! http://www.PCGuide.com/ubb/biggrin.gif

Using the various security exploits that you hear about, it is possible to install programs on someone's computer, track what they do, get any persoal information that they have on the computer, etc.

BUT, if you keep your security patches up to date, run a firewall, use antivirus software, don't open files unless you know what they are, etc. you greatly reduce the odds that it can happen to you...

And just to add to what GH already said about tripwire...WinXP has a feature that replaces core windows files with good versions in case they become altered. This isn't a cure-all, but it could help with some types of viruses (although sometimes it's a pain in the butt)

------------------
When all else fails, read the instructions.

Microsoft Knowledge Base (http://support.microsoft.com/default.aspx?scid=fh;rid;kbinfo)

Drivers (http://www.driverguide.com)

Google (http://www.google.com)

Thanks. I try hard not to get TOOOOO paranoid...lol. http://www.PCGuide.com/ubb/smile.gif

More good info, although somewhat editorial...

http://theregus.com/content/55/24327.html

------------------
When all else fails, read the instructions.

Microsoft Knowledge Base (http://support.microsoft.com/default.aspx?scid=fh;rid;kbinfo)

Drivers (http://www.driverguide.com)

Google (http://www.google.com)

lol hiredgoonz!

the DIRT on D.I.R.T huh??

http://www.PCGuide.com/ubb/wink.gif




------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)

http://www.PCGuide.com/ubb/mad.gif big brother is watching you http://www.PCGuide.com/ubb/eek.gif

------------------
resistance is invigorateing lol

MS's new ".NET" has the ability to track you through the net, thus giving MS (and whom-ever they chose to share with) a detailed track of where you have been, and details of hotmail in and out. MS's aim is to retain all you info (bank details - passwords etc)I have read somewhere that AOl has\is going to be doing the same. Netscape Navigator (latest version) also gathers and sends info back about you when you go on-line, (I think that I read that it is listed spy-ware)

------------------
Ernie

Nice...
http://theregus.com/content/55/24350.html

------------------
When all else fails, read the instructions.

Microsoft Knowledge Base (http://support.microsoft.com/default.aspx?scid=fh;rid;kbinfo)

Drivers (http://www.driverguide.com)

Google (http://www.google.com)