Cryptome dishes the Dirt

Controversial spying and bugging software, Dirt, exposed by vnunet.com last summer, was revealed to be a bit more than vapourware when it turned up on a Dutch website last week.

Dirt first hit the headlines last May, when it emerged that Codex Data Systems was marketing a password-stealing Trojan, similar to the infamous Back Orifice or the FBI's mysterious Magic Lantern, to law enforcement authorities.

The company, headed up by Frank Jones, a convicted felon and known fraudster currently on probation for illegal possession of surveillance devices, denied that the product was vapourware but could not offer vnunet.com any proof.

But over the last few days, Dirt and a wealth of accompanying manuals and information, including details of a system to mass-distribute Dirt, appeared on a Dutch free hosted site at Xs4all.nl.

Needless to say it was quickly shut down by Xs4all after Codex got wind of it, but was subsequently republished on cypherpunk favourite Cryptome.org.

Dirt was marketed as an undetectable Trojan and password thief, to be used by licensed authorities for keeping track of criminals' activities. Many of the product's claims were embroiled in mystique and could not be supported because vnunet.com did not have a government licence to tap communications. Even if we did see it, we would have had to sign an NDA (non-disclosure agreement).

But what is available on Cryptome appears to be a fully functional version of the software. It did require a key to unlock it, but one Cryptome reader solved that.

"It is pathetically easy to enable the software for full unlimited account use, giving a Trojan creation software," he said. "To activate it without requirement for a dongle took about 20 minutes of basic examination and only 6 bytes of change were required."

Now the full downloadable version available from Cryptome allows you to "trojan/steal data/abuse human rights to your hearts content".

The discovery has been accompanied by a slew of conspiracy theories, claiming the program was intentionally leaked to the public in order to force existing users to upgrade their licences with Codex, now that the older version of the software is likely to be tracked by antivirus products.

Some parts of the program available in the Cryptome version date from as far back as 1998, and it has been pointed out that the Dirt Trojan is picked up by existing antivirus software as the Johar Trojan.

But what is perhaps more worrying is an update on Cryptome yesterday, which revealed marketing presentations for a mass distribution system for Dirt, known as Hope (Harnessing the Omnipotent Power of the Electron).

This allows for the implementation of user identification codes in documents which can gather information on designated targets.

Another feature is the creation of "dangles" - alluring bait such as servers claiming to contain interesting documents, which tracks access and reports on who views and downloads the documents.

Cryptome said: "Users should beware that criminal products by Codex are treacherous and could double-cross. Development of protection against treachery and double-cross of seemingly benign and covertly criminal products, not only from Codex, is the purpose of releasing the Codex material."