Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Privacy United States

Carnivore No More 194

Posted by CowboyNeal from the calling-it-quits dept.
wikinerd writes "FBI has retired the controversial Carnivore software, strongly criticized by privacy advocates for its email capturing abilities. However, it is believed that unspecified commercial surveillance tools are employed now. What does that mean for Internet users' privacy?"
This discussion has been archived. No new comments can be posted.

Carnivore No More More

Carnivore No More

Comments Filter:

  • More of the same (Score:1, Insightful)

    by Anonymous Coward
    Just more stuff hidden from view.

  • In other news (Score:5, Funny)

    by detrino ( 444362 ) on Saturday January 15, 2005 @11:06AM (#11372950)
    FBI has begun to install its less intimidating sounding "herbivore" software accross the globe. Vegetarians rejoice.

    • Re:In other news (Score:5, Interesting)

      by JPriest ( 547211 ) on Saturday January 15, 2005 @11:55AM (#11373172) Homepage
      Exactly, I work for an ISP, we are still installing these things for the FBI. I don't know much about the new version of Carnivore but I can tell you they have some bugs to be worked out still. (eg. they are not entirely passive, and the IP space needs to be added into them.) This makes network changes a PITA because I don't have access to configure new IP blocks into the new Carnivore platform. If they are going to make us install these things they should at least make them work seamlessly :P

    • Re:In other news (Score:2, Informative)

      by Anonymous Coward
      Kidding aside, just the like alleged dismantling of the "Office of Strategic Influence [fair.org]" (i.e., intentionally lying to the press), things may go on [fair.org] [CNN [cnn.com]] under different project names. cf. also the Total, er, Terrorism, Information Awareness program [epic.org].
    • We can hope and PREY that our emails are now a little bit more secure
    • If I were them, I'd call it 'omnivore'.

  • Yea... (Score:5, Insightful)

    by Heem ( 448667 ) on Saturday January 15, 2005 @11:07AM (#11372954) Homepage Journal
    If they retired carnivore, it's likely only because now they have something "better".. or "worse" depending on how you look at it.
    • The cat is out of the bag, and the dogs are running free.
      V2.0 ?
      http://static.stileproject.com/rnd/th2/eye02.jp g
      Thank you eff.org
      Peace

  • Security update (Score:4, Insightful)

    by SilverspurG ( 844751 ) on Saturday January 15, 2005 @11:07AM (#11372958) Homepage Journal
    Instead, the bureau turned to unnamed commercially-available products to conduct Internet surveillance thirteen times in criminal investigations in that period.

    How much does it cost? I'm really sick of paying for this crap.

    • Re:Security update (Score:4, Insightful)

      by Mostly a lurker ( 634878 ) on Saturday January 15, 2005 @11:37AM (#11373092)
      The cost is not the issue for me. Law enforcement costs money, but a certain amunt of it is necessaey. What I DO object to is law enforcement being allowed to operate without proper controls. That leads to a police state.

      • Re:Security update (Score:3, Interesting)

        by SilverspurG ( 844751 )
        Good points but I've progressed past them. In reality, things are just the other way around.

        Objecting to law enforcement operating without proper controls is futile. Proper controls are always argued on a case by case basis anyways, as well they should be.

        Objecting to the cost of law enforcement is the only real consideration. This is the way it works. If we don't object to the cost there will always be a need for more money. Not putting a cap on the cost is inviting corruption.
        • In reality, both costs and limitations on police powers are a matter for debate. Sure, an excessive budget is an invitation to corruption. However, without safeguards on personal freedoms (enshrined by law and backed up with proper oversight) abuse of power becomes not only possible but likely.

          Law enforcement needs enough money and enough power to get the job done, but the guidelines should be decided by society as a whole, and the use of both the money and the power needs to be monitored.


    • > How much does it cost? I'm really sick of paying for this crap.

      Probably a lot less than our faith-based missile defense.

      BTW, the news says cities are using DoHS grants for everything from civic festivals to funding new speed traps, with an almost complete lack of oversight.

  • Instead.... (Score:4, Funny)

    by chipster ( 661352 ) on Saturday January 15, 2005 @11:08AM (#11372964)
    they decided to use free alternatives that work better;
    • tcpdump
    • ettercap
    • Ethereal
    • Kismet

  • No change (Score:5, Funny)

    by kahei ( 466208 ) on Saturday January 15, 2005 @11:09AM (#11372965) Homepage

    It means no change for Internet user's privacy, but confirms that the FBI weren't up to managing a large project, even in their core area.

    Which leads me to the inescapable conclusion:

    Privatize the FBI! I'm sure Halliburton would love that contract, but McDonald's would surely also be in the bidding. After all, who would suspect a few Ronald McDonalds wandering around the neighbourhood of being agents? Nobody, that's who! And by the time you notice their guns and badges -- TOO LATE, criminal!

    • Your so right, after all the American governement is allready privatized, so including the FBI is just natural!

    • [..] After all, who would suspect a few Ronald McDonalds wandering around the neighbourhood of being agents? [..]

      ..Could I have a Quarter-Pound-Me-In-The-Ass with those McCuffs, Occifer please?
    • That would explain those wireless headsets they wear.

      And if you see a Ronald McDonald talking into his sleeve, it's a god chance he's an undercover RM..
    • In certain urban areas, it might be hard to tell the difference between a McDonald's employee carrying a gun and a McDonald's employee who's actually a field agent.
    • Hey, you forgot Wal-Mart!

      After all, they have proven skill in maintaining large [ajc.com] databases [teradata.com], and everyone knows that they're trustworthy [walmartfacts.com] when it comes to consumer's privacy, not to mention their being an all-around good corporate citizen. [aflcio.org]
    • Privatize the FBI! I'm sure Halliburton would love that contract, but McDonald's would surely also be in the bidding.

      You seem awfully confident that the contract would be open to bidding...

  • Itanium/Carnivore Connection (Score:2, Funny)

    by Anonymous Coward
    Clearly this is evidence that Carnivore ran on a Microsoft Windows and Itanium platform.
  • Can Carnivore read email that is SSL encrypted during transfer?

  • Oh, the humanity! (Score:5, Interesting)

    by Lisandro ( 799651 ) on Saturday January 15, 2005 @11:10AM (#11372968)
    Check this little image [securityfocus.com] from the article. "Carnivore's official logo shows bload-soaked incisors closing over a stream of data". EVIL!

    It's a packet sniffer that reconstructs data (mail and web sites, as it seems from the article), not a boogieman! I agree, it can be a dangerous tool for privacy in the wrong hands, but still, it's not like you can just put it in your PC and start reading your neighour's mail.

  • I have doubts... (Score:2, Insightful)

    by camcloud1 ( 758094 )
    They wouldn't have retired it unless they 1. Created a new app that supercedes it or 2. Found another way to retrieve the same information more effectively. Federal security agencies are kinda funny like that.

    • Re:I have doubts... (Score:3, Interesting)

      by Lisandro ( 799651 )
      The article mentions it was ran on ISPs with no capabilities to monitor their users' Internet usage. I wonder how many they are; for starters, mail is a no brainer to monitor, unless it's webmail on remote server (Hotmail, f.ex.). And even then, the conection is encrypted.
    • This is not necessarily true. They could have developed a system that was so unusable and with so high development costs, that the only thing to do was to pull the plug on the project. The IRS has had to do this at least once in the last decade.

      The better path for the FBI would be to develop a gradual improvement in software, thoroughly testing each app for compatibility with the existing system. That's not the type of project that Federal empire builders and big contractors want.

  • Really (Score:1, Insightful)

    by Anonymous Coward
    What does that mean for Internet users' privacy?


    I think it is a very useful software and should be distributed publically. I mean if FBI can go through all my spam and junk and filter the non-sense, I will assume my tax dollars are working. And ofcourse these FBI will get something better to do than chasing UFOs. I am all for it. Come on FBI, please go through my emails before I come for work and sort the SPAM too.
    .

  • ... oh, maybe I shouldn't say exactly what it means. :/

  • Internet users' privacy? (Score:3, Insightful)

    by jbrandv ( 96371 ) on Saturday January 15, 2005 @11:13AM (#11372988)
    HaHaHaHa!
  • ...hello new echelon iteration?

    They didn't just give up a method of infiltration - that's just foolish.

    no news here. move along. nothing has changed.

  • Atkins is meat. (Score:4, Insightful)

    by Doc Ruby ( 173196 ) on Saturday January 15, 2005 @11:17AM (#11373011) Homepage Journal
    The FBI has announced that their universally criticized Carnivore system has been retired. Who wants to bet that it's just been renamed, and expanded with those "commercial" search tools? You are, since you're reading this. And if you're American, you're paying for the casino! Don't you feel safer, with the government lying to you for your own good, to protect you from the terror of $500M FBI projects that don't work?

  • It Means (Score:4, Interesting)

    by CastrTroy ( 595695 ) on Saturday January 15, 2005 @11:19AM (#11373015)
    It means that it's time to start encrypting your email. 4096 bit public key encryption should suffice. I can't believe this isn't more prevalent in today's world. We need WDIV Chopper News 4 to do an expose on how everyone is spying on your email. Maybe that would get the public's attention. What I'm surprised about is that AFAIK, none of the webmail providers support encrypting email. You could probably get the browser to encrypt it using Javascript or even with a Java applet. Anyway, having the option would be nice.
    • What about just integration with GPG and PGP?
      • That would be nice. but that would mean that they needed to have your private key. and that you would post it to their site in plaintext. It would be much better if it was encypted before it travelled over any network.

    • Re:It Means (Score:4, Insightful)

      by tabdelgawad ( 590061 ) on Saturday January 15, 2005 @11:51AM (#11373149)
      There's a tradeoff with encryption. On the one hand, you make your email harder (impossible? do we really know?) to read for unauthorized third parties. On the other hand, given the percentage of people who use encryption, your emails will stick out like a sore thumb to the FBI/NSA/whoever as something worth investigating.

      I know this is not fair; I don't have to be doing something criminal in order to want privacy. But I really wouldn't be surprised if encrypting your email nowadays raises a red flag in whatever carnivore-replacement program they're running.

      • So ... the trick is to use some form of plain-text encryption that doesn't appear to be anything but a somewhat long-winded normal message discussing the weather or the latest playoffs. There was something along those lines mentioned on Slashdot some time ago. I'm surprised that encryption hasn't been completely outlawed for private use, on some kind of antiterrorism grounds. Obviously, if Congress tries to tell banks and major corporations that they can't encrypt their data there will be a revolution in Wa

        • steganography (Score:4, Interesting)

          by whovian ( 107062 ) on Saturday January 15, 2005 @12:15PM (#11373263)
          So ... the trick is to use some form of plain-text encryption that doesn't appear to be anything but a somewhat long-winded normal message discussing the weather or the latest playoffs.

          Something like text based steganography (demo 1 [secretmaker.com], demo 2 [fourmilab.ch])? Slashdot has covered [slashdot.org] steganography before.
      • I don't mind that, as I'm not emailing anything that really matters. But I still don't want it read. And if I attract attention from TLAs, I'm just distracting them from others. Which is good.

    • Re:It Means (Score:2, Informative)

      by EodLabs ( 722242 )
      Hushmail does, and it was free last time I checked. The pay service has alot more features, but for a hotmail/gmail/etc.. substitue it's note bad.

  • why call it carnivore? (Score:5, Funny)

    by budcub ( 92165 ) on Saturday January 15, 2005 @11:20AM (#11373021) Homepage
    You'd think they'd name it something like "Perfectly harmless investigating program that would never ever violate your privacy"

    Calling it Carnivore was asking for an uproar.

  • they hired a research firm... (Score:1, Interesting)

    by Anonymous Coward
    in this article [iht.com] one of the things they note is "a rapid turnover among the bureau's information technology personnel." in addition to which they appear to have as many problems as any other large organization trying to manage their tech infrastructure.

  • Conspiracy theory! (Score:4, Interesting)

    by Black Parrot ( 19622 ) on Saturday January 15, 2005 @11:21AM (#11373030)


    Hmmmm. MS gets into the anti-spyware business, and the FBI suddenly decides it doesn't need its custom spyware anymore...

    • Carnivore is not spyware in the accepted meaning of the word. It's installed in the ISP's computers and not in the users' desktops.
    • You forgot to include a few steps.

      (1) Microsoft dominates market with OS & IE
      that has more holes than swiss cheese
      (2) FBI deploys "Carnivore" to monitor email
      (3) FBI blows 1/2 billion dollars on virtual
      data access
      (4) Poindexter (of TIA fame) moves to new
      project & TIA gets "scrapped" (MATRIX?)
      (5) Google releases Desktop Search tools
      (6) Microsoft enters "anti-spyware" business
      (7) ???
      (8) profit (???)

      Sorry, but beyond Bush administration cutting
      Microsoft loose from the DoJ anti-monopoly

  • What about the budget (Score:4, Interesting)

    by digitalgimpus ( 468277 ) on Saturday January 15, 2005 @11:26AM (#11373051) Homepage
    They budgeted quite a bit of hard cash to develop Carnivore...

    so who is going to be held responsible for that wasted cash due to bad planning?

    IMHO that's a ton of money that can be used for many useful things... it was taken from our taxes... and now just sits on some cvs server (assuming they save it).

    That cash could have been used to pay for some armor for troops deployed in Iraq. Or perhaps fund development of improved airline security equipment... something that would be beneficial.

    Why the hell did this get approved if commercial equivilants were in the works? What seriously ill planning went into that?

    If the FBI were a company... heads would roll. This wouldn't be acceptable.

    BTW: This page [securityfocus.com] has a small image of the carnivore logo (for anyone interested).
    • In other news, the money could have also stayed in the pockets of citizens, where it belongs. Not forcibly taken by the government via taxes in the first place.

    • Re:What about the budget (Score:4, Insightful)

      by sam_handelman ( 519767 ) <samuel...handelman@@@gmail...com> on Saturday January 15, 2005 @12:02PM (#11373200) Journal
      Someone is perhaps unaware of how the economy *actually* works.

      The FBI paid to develop carnivore - and then the developers took side jobs developing these commercial equivalents, which they sold to the FBI. These commercial equivalents would never have come into existence if the Feds hadn't taken on the cost of the initial phase of development, and, from the look of things, provided an initial customer base for this software. The exact same thing happened with total information awareness (now a product being sold out of a cayman islands holding corporation or the like), in case you were not paying attention.

      You may not like this sort of arrangement, but in that case you must really hate all the money the Feds wasted on information technology, automation, container shipping, or avionics, all of which were developed more-or-less the same way.

      Of course, you can approve of this sort of arrangement without approving of it's use in this particular case, but that isn't the objection you raise.

      If the FBI were a company... heads would roll. This wouldn't be acceptable.

      How adorable! A Capitalist! Does woo believe in the free market? Does woo? Yes woo does!

    • Don't you understand how it works yet? As long as a congressthing brings home enough cash from Washington to satisfy the monied interests, he/she will continue to have a nice warchest come time for re-election. Since American voters are either to entrenched in the entitlements they receive, or they are just too stupid to understand what's going on, these people keep getting re-elected. It's a systemic problem- a cancer of sorts, and it will take something fairly significant to clean it up.

  • We have never been at war with Eurasia. (Score:3, Insightful)

    by Anonymous Coward on Saturday January 15, 2005 @11:42AM (#11373110)
    We have always been at war with Eastasia.

  • Carnivore has offshoots (Score:5, Informative)

    by itpr15061 ( 844859 ) on Saturday January 15, 2005 @11:46AM (#11373124)
    Carnivore relied heavily on a product called SilentRunner. SilentRunner was purchased by Computer Associates and given a new name, Network Forensics.

    http://www3.ca.com/Solutions/Product.asp?ID=4856

    It has the ability to decode email on the fly. I have the product and while it does have some "wow" factor, the usability and stability is atrocious. Another fine cobbled together product from CA.
  • What does that mean for Internet users' privacy?

    Same as it always does ... there will be less. Privacy, that is.

  • Ok, but now will they (Score:4, Funny)

    by pair-a-noyd ( 594371 ) on Saturday January 15, 2005 @11:50AM (#11373146)
    Open Source it or give it abandonware status?
    That would be fun!
  • FBI agents lugged it with them to ISPs that lacked their own spying capability.

    Are people going to realize that everyone (good & bad & corporate) are spying on you? Or at the very least, they are logging everything you do.

    Why doesn't MPAA & RIAA just get it over with and buy the rest of the ISPs?
  • If it is retired and non-commercial then they should release the source upon request, right? Right?
  • With GWB in office again, it's no longer needed.
  • http://www.cloudshield.com/ [cloudshield.com]

    The box does operations on packet streams based on programmed rules. With the packet inspection capabilities it can do things like copy email packets to/from particular users and have them archived... From a 5Gps data stream.

    I actually used to joke with a friend who worked there, saying they were building the next generation carnivore.
  • Justin Frankel is working for now! Check out his "assniffer". It recreates files from HTTP streams ;)

    http://www.cockos.com/assniffer/ [cockos.com]

  • E-Mail is just as secure as a postcard. Don't send secret information via either one.

  • Clearsight Network Analyser (Score:1, Informative)

    by Anonymous Coward
    Ever heard of Clearsight or AppDancer? Same product, they just changed their name. It's technically a network analyzer, but you can also "see" all sorts of network traffic.

    You can watch an FTP session while it happens, telnet as well. You can listen in on SIP conversations, watch web pages be downloaded (not in a web browser but you can see what files they are and then click to see).

    If it can do that, then you should not be surprised that it can also read e-mails, and the viewer mimics a standard e-mail c
  • Is that they're using software that they have procured without any oversight by congress. Remember they had to pay millions for carnivore and it came under congressional oversight. Today they're probably paying less than a million and that's pocketchange in the DOHS budget.

    If you're still concerned then write your congressmen that you dont believe the retirement of carnivore does not mean that they quit but are now more than likely using commercial software that is flying under the radar of congress.
  • If the FBI is willing to dump Carnivore, then that means they don't need it anymore and there must be another method they are using.
  • or so they want you to believe!

  • I'm sure the techies at FBI headquarters get lonely sorting through all the false positives these programs churn up. Instead of encrypting our email, I say include a friendly message for them. Hey, they're geeks too. (probably read slashdot)

    First, make sure you include one or more key words, (pr3sid3nt, b0mb, j1h4d) then include a hello to the kind folks who snoop your correspondence for you.

  • DOWN WITH AMERI... I hear a knock at the door...
  • O/S vulnerabilties are dime-a-dozen (more like dime-a-million). At the risk of flame-fest and my excellent karma, this means SE-Linux and BSD too!

    All FBI has to do is contract out a couple of spywares, adwares and L0pht-like Heavy Industries.

    No further need for Carnivore.

  • Maybe back in the days of ARPAnet when it was military only, but people somehow think that the internet, with its *free-flow* of information, should be private. How can there be a free-flow of information and privacy? This has been stated before: with the internet it's not whether or not you have privacy, but to what degree. Another question: Is there a "right" to privacy on the internet? If so by whom was this granted? By just using something that provides "free-flow" of information and ideas, do we g

    • There's a big difference between John Q. Hacker, and perhaps some waywardly curious employee somewhere spying on what I do, and the government doing the same thing. Because the government makes and enforces the rules, it is held to a higher standard. That standard is elaborated in the 4th Amendment- there has to be a REASON for the the government to be looking at anyone's mail, and that reason must suggest that they have either broken the law, or there is good reason to believe that they are about to break
  • the same thing that wiretap laws/capability have meant for the privacy of phone users for the last however many decades.
  • Whatever happened to Omnivore, the open source Carnivore that was superior in every way?
  • There is no privacy from the government..

    THey have more resources then you can imagine, and they make the rules...

    You might be able to keep things private from your neighbors, and small companies ( that arent your ISP ).. but that is about as far as it goes.
  • Forget the FBI. Everything you send that is unencrypted can be read by every tom, dick, and harry that manages the ISP or routers used to send your message, or even has access to loggin databases.

    When you send an email or post in a forum somewhere, you might as well just assume that you scrawled it across your naked body in permanent marker and went streaking through the streets of your local city, passing through a CNN shoot.

    That's how "private" you email is, long before the FBI enters the picture. So

Slashdot Top Deals

THEGODDESSOFTHENETHASTWISTINGFINGERSANDHERVOICEISLIKEAJAVELININTHENIGHTDUDE

Close