-Caveat Lector- shoulder, so to speak, as you use your computer. It could be you are using a bootleg copy of Photoshop to manipulate that new JPG your cyber-friend from <alt.sex.bestiality> sent you. Maybe you're encripting instructions for your connection about when and where to drop off the shipment. Perhaps you're cheating on your significant other who owns a Smith and Wesson. Then again maybe your computer privacy problems are more mundane. Maybe you just need to enter some proprietary data that in your competitor's hands could be used to drive your company out of the marketplace and with it your loving family out of that nice new home you haven't paid for yet. Meet Frank Jones <[EMAIL PROTECTED]>. For all you know for sure, Frank Jones may already have met you and you didn't even notice. This retired New York City detective has written a widely used, but little-known software program called D.I.R.T. D.I.R.T stands for Data Interception by Remote Transmission. Like a telephone wiretap for computers, it gives its users the ability to intercept and monitor data from any Windows PC in the world. It also allows them to take almost complete remote control of your computer and all it's functions any time it's online. They can, for example, turn on that little camera you think is off and watch you doing whatever it is you do when you think you can't be seen. Most people feel secure when they encrypt their data, but it's only an illusion if a keystroke monitor is in action. D.I.R.T. can defeat Pretty Good Privacy in a matter of minutes simply by stealing the user's key as it is typed in. Then there's the microphone. D.I.R.T. is a tiny Trojan horse. It only occupies 20k. A Trojan horse usually comes disguised as an ordinary OS command or other program which it replaces and is able to mimic. Then it goes looking for a unused corner of your hard drive where it deposits a "secret" file with sinister instructions such as go contact its sender and report everything it has seen. It can then replace itself with the original command or program and delete itself, leaving you none the wiser. There are a number of different ways a Trojan Horse can be snuck onto a target system, but most enter via an email attachment or as part of a downloaded binary. If you are a Linux user you are not necessarily faced with the Trojan horse problem since you can see everything that goes on in your open source code OS. With Linux, and sufficient vigilance, you can defend yourself against Trojan horses and a variety of other threats as well. But even with Linux you cannot guarantee that your every keystroke is not instantly viewed by covert, prying eyes. You probably aren't under surveillance. Most people aren't. But it is impossible to know for sure. As Frank Jones himself says<http://www.thecodex.com/c_tempest.html>, "Surveillance technology has progressed to the point that is possible to identify individuals walking city streets from satellites in orbit. Telephone, fax and e-mail communications can routinely be monitored. Personal information files are kept on citizens from cradle to grave. There is nowhere to run . . . nowhere to hide . . ." But not all hackers and crackers work for Big Brother. D.I.R.T has already inspired a dangerous imitation, Back Orifice<http://www.irchelp.org/irchelp/security/bo.html>. Back Orifice is a highly effective backdoor designed by a group of crackers called the Cult of the Dead Cow. Just because the interest of the powers that be hasn't been invoked by some slip of your tongue or your email use of an Eschelon<http://users.erols.com/johnster/echelon.htm> keyword doesn't mean that some techno-geek somewhere isn't looking "over your shoulder" at this very moment, or even into your bedroom. If Back Orifice, D.I.R.T., Eschelon and even PROMIS <http://www.pinknoiz.com/covert/inslaw.html> are old news to you and you've disconnected from the internet and only run Linux, are you safe from surveillance? Not if that high tech peeping tom across the street trades his binoculars for a working knowledge of TEMPEST and Van Eck. People often confuse these two, but they are quite different TEMPEST is a set of standards used to gauge and reduce electromagnetic emanations from electronic equipment. The point of knowing TEMPEST is to prevent a Van Eck device from being effective. A Van Eck device is a passive, standoff computer surveillance tool that can also be used to covertly monitor any television set, even one in use with a VCR. It does not allow the user to access the target computer but rather to allows him to monitor via radio wave what is displayed on the target computer's CRT screen. The Tempest project has been a joint research and development effort of the U. S. National Security Agency (NSA) and the Department of Defense (DoD). Even the program's name had been classified for most of that period. Depending on whose version of the story you believe TEMPEST either stands for Transient ElectroMagnetic Pulse Emanation Standard or it stands for nothing at all. Some TEMPEST technical data are available from a "woman owned small business consulting firm"<http://www.blackmagic.com/ses/ses.html> in Maryland who market an 800 page manual for $200. They warn potential customers that "Although unclassified, the TEMPEST books are considered sensitive information not sold or releasable to foreign nationals." The Van Eck device takes its name from Wim van Eck. In Volume 4, Number 4 of Computers & Security in December 1985, van Eck described, " . . . the results of research into the possibility of eavesdropping on video display units, by picking up and decoding the electromagnetic interference produced by this type of equipment. During the research project, which started in January 1983, it became more and more clear that this type of information theft can be committed very easily using a normal TV receiver." Effective range of a Van Eck device depends on the receiver and antenna system used by technician. One device<http://www.thecodex.com/datascan.html> on the market ("authorized government agencies" only please) is said to have been effective in field tests at distances in excess of 100 meters with basic scanner type receiver and antenna. Since each computer has it's own electromagnetic "signature" a single computer out of hundreds in an office building can be focused upon effectively. Once it has been "sighted" on its target, the unit can be left unattended, with a time-lapse VCR to shoot the screens. All the spy has to do is come to the equipment van periodically and replace the video tape, transfer the video tape data to a computer disk, and search for keywords or critical numbers. All one needs to build this device is moderate expertise in both computers (particularly VDTs) and TVs. This combination of skill sets is not unusual. One techie claimed he was able to duplicate Van Eck's experiments from what he learned reading a four column-inch newspaper article. He said he kicked himself for not conceiving this technique before Van Eck did. Plans for a unit reputed to be effective at up to a kilometer are available<http://www.tsc-global.com> by mail to anyone with $29 and a stamp. That unmarked van across the street will never look the same again. DECLARATION & DISCLAIMER ========== CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substance—not soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om