DYC Studio posts an update on Kiri

Last week, we published details on Kiri, a project that promises to make you anonymous on the Internet with a $40 USD Raspberry Pi and some lifted code. On June 3rd, Taheer Jokhia posted an update on the KickStarter:

Closed Source GP2 License Issues

It has come to light that we will not be able to distribute our code as closed-source. Therefore we are announcing that Kiri OS will be open-source and made available to the public.

About Dyc Studio and some history on Kiri

Please note: Employees of Dyc Studio have chosen to stay anonymous for their own personal reasons, so they will not be named. Please respect this. 

Dyc Studio started as a design company in 2010. During that time the company was very small and not yet registered as the private limited company it is today and our managing director, Taheer, had begun learning the fundamentals of cyber security. About a year later Dyc Studio moved on to start producing websites and software for various companies at a very small scale. Over time (until 2015) the company grew, gained more clients and eventually became a registered company, still only with 2 employees; the director and a designer. As for Kiri OS, our director, Taheer began development on it in 2013 and has been slowly building it’s components since then.

It was only during the beginning of 2016 that Taheer decided that Kiri OS should be distributed to the world, however he knew it would not be complete for at least another 5 years. So he reached out to friends and family in search of help. He gained one extra developer who is experienced in cyber security to help out. In February 2016, the team had become 3 people; Taheer, another software engineer and a designer. It was then the team decided Kiri OS needs external funding to pay for the team to work on Kiri fulltime as well as hire extra help, so we began focusing on a Kickstarter campaign and put all development on standby until the team is able to work full-time on it.

I hope this clears things up for a lot of you.

You’d think that Taheer would have at least read the licence when going over this source code he was trying to lift for this Kiri project.

Based on a CV posted on one of DYC Studio’s websites from around 2012 (we have opted to not share a copy of this due to it revealing some personal information), there is no indication of an interest in cyber security, operating system development, or anything that would inspire some level of confidence in the project.

This is an excerpt from said CV:

Weirdly, the CV is shared between him and his former business partner. Being that said business partner does not appear to be involved any further and that Taheer has asked that we respect privacy for his anonymous (read: “probably fake”) employees, we won’t name him.

Taheer should also update his LinkedIn profile because so far I just see that he’s into marketing and web design:

Screen Shot 2016-06-05 at 22.20.58

We see software development, game development, and app development, but how about languages? How about cyber security? You updated your profile to state that you’re doing a KickStarter, but haven’t updated it to tell us more about your development past?

Also, when did DYC Studio start? 2011 or 2008? Your weird CV says 2011, your other LinkedIn profile says 2011, and yet your current one says 2008? Are you a Director or are you a Founder?

It also does appear that we’ve touched a nerve:

Screen Shot 2016-06-05 at 22.40.05

If you want to raise money for your lifted OS, you could at least try and lie better. You already engage in spamming as part of DYC Studio, so you’d think that you would have picked up a few tricks by now.

Please provide us with a copy of the source code to ease confusion.

Kiri - The Anonymous Computer -- Kicktraq Mini

Kiri is nonsense and likely stolen code

Another person has decided that a Raspberry Pi and a seemingly stolen operating system is good enough to promote a KickStarter project that promises complete computer security.

Here’s the promise:

It is the Mini Computer that is designed to make all of your internet activity un-traceable and un-watchable. With this small computer you can perform your everyday tasks as well as creation/transfer of sensitive data without worrying about hackers or curious enterprises. When using Kiri, the feeling of freedom is truly unreal.

And now the disclaimer:

Please note: the work we are doing is NOT the hardware, we are building an operating system and optimizing it to run on Raspberry Pi hardware. We are also designing and manufacturing cases to enclose the computer.

Since most of the magic happens on the software side of things, we decided to build an operating system that is as secure as possible while also being extremely easy to use. After looking at a variety of hardware solutions (including manufacturing our own) and with ease of use in mind, we finally chose the Raspberry Pi to bring our software to life. This is because it is powerful, portable and very effective in running Kiri OS.

Cute. And they’re looking to raise 20,000 GBP, or about $29,000 USD for a lifted OS and a $40 computer.

Details given on Kiri OS

Little is known about where they lifted the operating system from other than it’s some sort of Linux with Gnome atop. Let’s go over some points in the KickStarter itself:

It is the Mini Computer that is designed to make all of your internet activity un-traceable and un-watchable.

[…]

We are also designing and manufacturing cases to enclose the computer.

[…]

The operating system itself is based on Linux and uses Gnome Shell to provide an incredibly easy to use and familiar interface (for Mac OSX users). Although it is based on an existing operating system, Kiri OS is VERY far from being just Linux.

[…]

In fact we have built most software from scratch, meaning there is nobody, except the engineers, who is able to determine how our security software works.

[…]

Kiri is simple to use but a lot happens in the background to make you anonymous. All of your activity is passed through the Tor network which relays your traffic across over seven thousand ip-addresses.

Tor is a software developed by the US Government and is the same network used by government agents to keep their identities and locations hidden. This network is not generally easy to access, but now with Kiri, it is.

The best part of Kiri Os is that it connects through our own VPN servers in an un-disclosed location. The VPN servers are dedicated to Kiri OS users, but don’t make that think its easier to pin-point you. Our VPN network will be optimized to automatically switch users between ip-addresses on the server infrastructure at random intervals.

For those who don’t understand how VPNs work: It is a private network of servers which will route all of you internet traffic via encrypted signals. Since the VPN servers are dedicated to Kiri OS users, it will perform faster than any other shared VPN server. 

And best of all, there are no subscription costs for our VPN service it’s just free with Kiri Computer.

So it promises the following:

  • To be untraceable and unwatchable
  • They’re designing their own custom case for the Raspberry Pi–an unnecessary expense to say the least
  • Runs atop of Linux and Gnome, yet claims that it’s far-removed from being Linux itself
  • It’s all written “from scratch” (although runs atop of some Linux and Gnome) and nobody but the engineers knows how it works
  • It uses Tor but also some sort of VPN in an “undisclosed location”?

None of the above really makes sense but it really reads as it’s based on Tails, which is a Debian-based operating system with Gnome. However, Tails is only available for Intel processors (officially) so we’d have to look elsewhere. It may be possible that it may be based on something like this post from Cipherpunks.

No source code has been made available in the KickStarter nor on the creator’s website.

They also have an “elite” hacker working with them:

We have also had help from a certain un-named ‘elite’ hacker who was able to hack in to our first prototype. With his help we are able to test how safe Kiri can be, and it has reached a stage where even an elite hacker cannot penetrate the system. 

I’d be curious to know how this “elite” hacker broke into the device. Did they have physical access?

Screen Shot 2016-06-01 at 20.59.33

Really. It’s tough to understand whether or not they need to develop an operating system or if they have a prototype of one and need to improve upon it. The money desired to create such an operating system like promised is simply not enough especially when we examine the background of the creator.

About DYC Studio and Taheer Jokhia

DYC Studio was registered in the United Kingdom by Mohamed Taheer Jokhia (referred to as just “Taheer Jokhia”) in September 2015 (you can see the government filing here). According to the filing, there has been only a single appointment and the address given is an apartment near Paddington Station in London.

DYC Studio’s KickStarter bio claims the following:

Dyc Studio is a team of professional designers, software engineers and user experience specialists with over 50 years of experience combined.

We have built a variety of softwares including intranet based operating systems for companies. Kiri OS will be our first full operating system, but that does not mean we cannot do it better than anyone else. We have team members who have built full operating systems in the past.

Taheer’s original LinkedIn claims that he was an unemployed freelancer living in Manchester, but a different account which also mentions DYC Studio claims that he graduated with a Bachelor of Arts in Advertising Design from the University of Salford. His development career started in early 2015 with various developer roles scattered across four companies, none of which mention anything security-related.

Taheer went out of his way to scrub the DYC Studio website because if you search for just the domain dycstudio.com, you get plenty of results relating to their own website yet all of them are 404’d.

However, fortunately some results are cached and we were able to get some information on who DYC Studio actually is. Here’s what Google had cached from their about page:

DYC Studio is a creative team with a mixture of skills that worked best together. We develop website and design solutions for a massive range of industries internationally. We are a world class professional web development and marketing agency that creates digital solutions for any kind of business or individual.

We employ some of the best graphic designers, web developers and SEO marketers who specialise in small and large businesses. We keep up with the latest design trends and technology so you don’t have to.

If you are seeking a trustworthy reputable web design company to create your website and/or app.

[…]

We specialise in the following services:

Website Design and Development
Search Engine Optimisation
App Development
Software Development
Digital Automation
Creation of Innovative Business Solutions and Tools

Nothing to say about cryptography or operating system development here. We can also see its marketing past evident in the Twitter account they’re using to promote the KickStarter:

Screen Shot 2016-06-01 at 19.16.38

Even as recent as of this past January, there were still tweets about their traditional business:

Screen Shot 2016-06-01 at 20.45.39

This company is all nonsense. No other person other than Taheer mentions working for DYC Studio on their LinkedIn profile.

What I can say is that DYC Studio’s Instagram shows a Twitter follower bot being used:

Screen Shot 2016-06-01 at 22.11.40

I wonder if this is included in the OS.

This is not their first rodeo

So it turns out that Taheer has attempted a KickStarter in the past and failed. DYC Studio (aka “Design You Creative”) claimed to be a game developer studio in Manchester:

Small indie games development studio based in Manchester, UK. We are beyond creative and have a range of crazy minds with amazing ideas.

The details on this KickStarter can be used to find this Facebook page, which again does not indicate any ability to develop their own OS or implement security.

Verdict

There is very little likelihood that this is what it claims to be and is likely violating a number of licences.