Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Your Rights Online

FBI Releases More Carnivore Information 139

tregoweth writes "CNet has a report about the FBI's release of new information concerning Carnivore, the result of a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center. Contradicting what the FBI has previously said, Carnivore can capture and archive 'unfiltered' Internet traffic."
This discussion has been archived. No new comments can be posted.

FBI Releases More Carnivore Information

Comments Filter:

  • Maybe the FBI can get FreeDevelopers.net [freedevelopers.net] to build a solution people would find less offensive. It would be the ultimate peer review for carnivore.

  • by Anonymous Coward
    Make FBI catch Slashdot trolls.
  • It's just a Solaris box.

    And carnivore is just snoop.

    That would have been a plum contract, oh yeah, after $500,000, we read the man pages to snoop.
  • by jcrb ( 187104 ) <jcrb@yaho o . com> on Friday November 17, 2000 @10:09AM (#616745) Homepage
    When they said that Carnivore only captured 'filtered' packets they just neglected to mention that they were using '*' as their filter....

  • ...worked on?

    As you may recall, the FBI let admitted pedophile Patr ick Naughton [zdnet.com] off with a light sentence because he helped the FBI write software.

  • by Anonymous Coward
    The FBI pays us Slashdot Trolls to keep a watch on you l337 hax0rz.

    We keep telling them how much of a menace you are, when most of you can barely install Linux.

    But hey, it keeps us in Macanudas.
  • user friendly carnivore [userfriendly.org]
  • Did anyone else find their selective blocking interesting? For example, the entire machine configuration was listed, but they blocked out the word that they use for "computer" on multiple occasions. Is it really that much of a security risk if we know their geeky slang?
  • by jms ( 11418 ) on Friday November 17, 2000 @10:12AM (#616750)
    RADIUS captures occurred as expected

    This is alarming because it has nothing to do with capturing email.

    RADIUS stands for "Remote Access DIal Up Service", and is a login password authentication protocol. If Carnivore is designed to capture RADIUS packets, then it is a password-stealing program, not an email collection program.

    I had never heard that Carnivore was designed to steal passwords. I heard that it was designed to collect email. Apparently the censors didn't realize that they left in evidence of a completely different purpose for Carnivore than was represented to the public, or was I misinformed?

  • by John_Prophet ( 78703 ) on Friday November 17, 2000 @10:13AM (#616751) Homepage
    There's very little new info in this current article. Mostly it says that according to new info, Carnivore is capable of capturing all unfiltered traffic that flows through it and archiving it for later investigation. That's a bad thing.... but then, we've all known that Carnivore was a bad thing the first time we heard about it. This is further confirmation, but hardly surprising.

    Did anybody really expect a secret surveillance project by a secretive government organization to be anything BUT invasive?

    What remains to be seen is whether or not all the public outcry will have any effect whatsoever on the implementation of this software. (My bet is "No, it will not.")


    -The Reverend (I am not a Nazi nor a Troll)
  • Yeah, and maybe Microsoft will start giving their shit away for free. The FBI is in this to catch subversives, not to give them work. No way any Federal agency would give work to a bunch of communist hippies.
  • They only start at about $11,995 for your basic one. Plum contract. Did you really say plum? Thanks for the compliment on the other thread. AM
  • Here is the big question I have, where can I find a list of ISP's that have Carnivore installed?

    We are never going to get the FBI to change their minds about Carnivore, but if people start to know about Carnivore and the ISP's that have it, then people will not use those ISP's.

    I can see it now, advertisements for ISP's who's big selling point is not having Carnivore installed.

  • The FBI is the first government organization to realize that PDF files with black bars overlaid on sensitive information isn't effective.
    Of course, that is bad for everyone that wonders what is under the redaction marks.

  • Maybe we could finally get a useful tcpdump clone on a Win platform!
  • We really need end to end encryption now.

    I mean, like, but, who DIDN'T expect this?

    PGP is good. SSH is good. SSL is good. But we really need IPSec / IPv6.

    Kinda makes all those expensive Layer-4 switches less useful though (if you encrypt at layer 3).

    Cyano.
  • Its a lot more fun when its dangerous. Script kiddies running around like characters from a role-playing game, only to be struck down by vicious carnivores when they aren't looking.
  • ..everything that the government tells you.

    Do you think that email packets are different from RADIUS packets? or from Instant Messenger packets? Or HTTP POSTs containing your password and credit card numbers?

    Repeat after me..

    A packet sniffer is a packet sniffer is a packet sniffer..

    It sniffs whatever the user wants, and if you can't figure out that the FBI wants to sniff EVERYTHING then you are living in fantasy land.
  • by spankenstein ( 35130 ) on Friday November 17, 2000 @10:18AM (#616760) Homepage

    Ok... Carnivore is Windows NT, which isn't the most stable OS (i say this as an occasional user) and the filters are written in Visual Basic

    Hilarious.

  • There's a long history of Really Dirty Shit coming out about the United States. The real problem is that the event horizon for this sort of thing is 10 to 30 years. At that point, news about the heinousness may or may not come out. The media gets to make a big stink about it, while keeping an implicit attitude that says "That sort of thing couldn't happen these days". For example, Operation Shamrock [odci.gov], the secret bombing of Cambodia, heinous shit in all of Central and South America, UKUSA [fas.org], Nixon's dirty tricks, Crypto AG [mediafilter.org], and the list goes on.

    The real problem is that nothing is done to fix the system. The people involved are not taken outside and shot, they're still where they were before. What's the current set of semi-atrocities? If you read a lot of the foreign or independent press, you might find out sooner.
  • I wouldn't completely bet on this... They will probably be put under a "LOT" of pressure.

  • Pardon me for going against the tide of slashdot opinions, but I still don't understand what has everyone so riled up. Perhaps I should blame the FBI for choosing a menacing sounding name like "Carnivore," but certainly their intentions are not to destroy or harm. The FBI is a very major government organization paid for by our tax dollars. I may not agree with their moves all the time, but I trust that they are only concerned about the best interest of our country. Why would they go out of their way to harm the very citizens who keep them running?

    Government monitoring is nothing new. The FBI have long had many wiretapping systems set up to catch criminals. The USPS scans threatening mail trying to prevent people from mailing bombs and traps to their enemies. Cameras are installed along many city streets to watch crimes and catch traffic violations. I don't understand why these survelaince methods aren't coming under fire as well... why is the internet so incredibly different?

    Besides, look at the results of these efforts. Many major crimelords and killers have been caught by slipping up in the presence of wiretapping. Mail monitoring has prevented possible serial terrorists from doing something like send mail bombs. And street cameras catch amazing ammounts of crime, from murders to robberies to prostitution to speeding. I expect Carnivore to be extremely helpful in capturing pedophiles, pirates, terrorists, and other criminals.

    Yes, I may be concerned about my own e-mail being read. But I know that I am a law abiding citizen, my messages to people are trivial to the FBI, and that I feel like I need to hide nothing. And even if you *need* privacy, what about encryption? PGP is extremely hard to crack from my knowledge. Use that. I know the Slashdot mentality may contradict it, but it's unrealistic to expect the internet to remain unregulated forever. Regardless, some form of government restricition and monitoring will come eventually, and having read a little about Carnivore, I am satisfied with their efforts.

  • Yeah.. so ? Sue the FBI calling them unscrupulous fraud artists ? No go.. because 1. They already know. 2. They can subpoena you for your password. and finally 3. Anyone talking against the FBI gets 'taken care of' quickly. I see the FBI as the inverse but not opposite of Hells Angels.. because they work in exactly the same ways, but with different business models.
  • Actually some of them are hanging out with their kids, trying to win the Presidency back by any means available. Anyone know how many years Bush Sr. was head of the CIA?
  • by LauraLolly ( 229637 ) on Friday November 17, 2000 @10:23AM (#616766)
    In 1928, in his dissent from Olmstead vs. the United States, Louis Brandeis wrote,
    "The makers of the Constitution... conferred, as against the government, the right to be let alone - the most comprehensive of rights, and the right most valued by civilized men."
    Nowadays, the protection of the fourth ammendment as protection against search and seizure without a specific warrant is extended to wiretapping.

    By gum, that standard should be used today! My traffic in e-mail or anything else is not and should not be seen by anybody without a search warrant. If a warrant is obtained to intercept and read all of my email, the traffic of my neighbors should still be inviolate.

    In practice, this means that something needs to look at the headers, but all that needs is a filter. The storage of unfiltered traffic is not only dangerous, it smells illegal as all get out to me.

    IANAL, but I'd be happy to help pay for some good ones to argue this in front of the Supremes.

  • They only start at about $11,995 for your basic one.

    That's not much, but then I've gotten used to the snazzy Enterprise rack mounted ones with the flat panel ones here.

    Oh yeah, and the crappy Ultra 10's and 30's.

    You're welcome, I've been a fan of your site for a long time!
  • What makes you think the FBI can be trusted? Was it something I said?

    The point is, Carnivore was advertised as a way of specifically wiretapping email. This is very different from deliberately writing code to capture passwords.

    Yes, you are absolutely right. email packets are no different than RADIUS packets. The point is that the FBI is saying, "Trust us, we won't look at anything that we aren't allowed to look at", yet the document clearly shows that password-stealing capabilities were not only built into the program, but worked "as expected."

    This just shows that they have been lying about the capabilities and purpose of their software.

  • Did anyone else find their selective blocking interesting?

    All the officer patients in the ward were forced to censor letters... After the first day he had no curiosity at all. To break the monotony he invented games. Death to all modifiers, he declared one day, and out of every letter that passed through his hands went every adverb and every adjective. The next day he made war on articles. He reached a much higher plane of creativity the following day when he blacked out everything in the letters but a, an, and the...

    Yes, it's true. Yossarian lives.

  • Or alternately, the FBI is suddenly able to produce incriminating email that came from your account that you swore you never sent.
  • I'll mail you a copy if you mail me a copy, ad infinitem...

    FatPhil
  • That I had assumed all along they were lying, and as a result I was not particularly shocked by the discovery of the truth.

    I'm not happy about it, I'm just not surprised by it.

  • this thing can monitor all your habits, which is much more of a privacy issue than people thought. it's one thing if they look at your email, but would you want to have the fbi wondering what you're doing visiting the "free kevin mitnick" websites? And if the thing has internal zip and jaz drives as stated in the document, the fbi can just walk in and switch the stuff without having to even open up their little black box and stop monitoring. Next time i go isp shopping i have a few more things to add to my list of "good things".
  • Excuse the ignorant question, but WTF is 'DragonWare'? The last paragraph mentions Carnivore as being part of the DargonWare Suite... what other stuff is running around out there?

    And does any of it fall into the "We're fucked if this gets into the wrong (ie, script kiddie) hands" category?

  • From the article

    Omnivore was replaced by Carnivore running on a Windows NT-based computer in June 1999.

  • Why is everyone so shocked at this "outrageous" behavior? The FBI and other government agencies are doing things like this all over the place.

    Giving Americans cancer for research purposes, capturing radio transmissions, listening in all all kinds of information transfer, this is nothing new.

    I'm sure there are lots more things that we don't know about. Maybe Carnivore has been around for a lot longer in a more primitive form, capturing passwords, emails and other dubious info.

    What people should realized is that maybe the paranoid people out there aren't paranoid, maybe everyone else is just too naive. I think people put too much faith in their government and assume it will take care of them and respect them as individuals. People want to believe that the government will handle all the problems of the world and will allow certain rights to privacy to be taken away to get this safety net. Do you really think those millions of AOL subscribers care that their email may be read?

    Apathy is a common problem in the US these days and I don't think we should be surprised to learn that someone is trying to do some sneaky things to citizens who don't really care anyway.

    =-=-=-=-=
    "Do you hear the Slashdotters sing,

  • Yeah, I was thinking the exact same thing. In the first paragraph on the second page, they just blacked out words seemingly at random. The only thing I can think is that the document used the word CPU (referring to a whole box) and the FBI has some secret CPUs (chips) for specialized processing that they don't want us to know about.

    In the 2nd paragraph on the 2nd page, they marked out what appear to be either the bandwidth or the capacity of the storage media. Hardly secret information. The last mark-outs may be the times of day that they move data, so that I can understand keeping hidden.

    I wonder if the FOI Act has any penalties for blocking out information that has no reason to be kept secret. Unfortunately, I doubt that the Act has any teeth in that regard.
  • The mating call of the facist. The Nazi's were really fond of saying that, as they asked for your travel papers. Is that the kind of country you want to live in?

    I think it was Thomas Hume who said first "It is seldom that liberty of any kind is lost all at once". This is a perfect example of that, and of the attitudes of the lazy, self-centered people that got us there.

    So what you're saying is that since it doesn't bother you, or affect you, you don't see a problem with it? It's all about you, eh? Way to look out for #1, bud. Just go back to playing your N64 and forget all about that nasty world outside.

    Sheep.
  • This is really quite scary. It's not because I do anything illegal, but Carnivore makes interception of all my net traffic possible. Just think of what they can use this for! If there is ever a return to McCarthyism, and I read something about, say, Karl Marx, I could immediately be marked as a "Red" - draw any parallels with any other "subversive" elements. While I feel that "Big Brother" is useful for the prevention and detection of internet-related crime, such as "immoral" BO2000 use etc, the flip-side is that we lose a part of our freedom. How legal is this? Is it, for example, legal here in Britain? Can any intelligence agency in the world just switch it on and type in my name and monitor my activities? This seems to enable monitoring from a distance - therefore, though I am in Britain, could the FBI snoop on me and get away with it because they're on US soil?
  • A little misconception here. To my understanding ISPs will not have a "static" Carnivore box. Instead what happens is that the agents will identify the ISP(s) to be tapped and show up with the Carnivore box to be installed while the investigation is going on.

    Or has something passed under my radar about this?


    Andrew Borntreger
  • It hasn't been submitted for peer review. They're running NT4. *shudder*

    ----
  • Actually, they would capture RADIUS packets to determine when a particular user logs in to the ISP's network. Then they get an IP address for the user. Then they can filter all email coming from that address. Or all packets from that address, as the case may be. To me, this actually shows that they are trying to filter traffic from only one IP address. (Not proof, mind you, but an indication.)
  • Junkbuster reports: "No such domain: news.cnet.com"

    Plus that, the eipc site appears /.'ed already. :( I wonder what was said in either. I wonder if I'll I'll hear are replies to some mistaken AC, etc.

    Bah, some days suck in /.-ville.

  • ...And now (soon?) that digital sigs are real sigs...

    It absolutely, positively was you that sent the incriminating email.

    EC
  • Hopefully this will force them to admit that the system uses transparent redirection (like on high end switches) to redirect smtp/pop/imap traffic through the carnivore box. There is absolutely no other way for a 350MHz pII to log "all unfiltered" traffic at a pop site to a 1GB hard drive.

    The real question is exactly where this redirection occurrs, and what subscriber links bypass it (if any).

    This should dispell any idea that Carnivore was just to be put in front of the ISP's email srevers.
  • Two words: ROT 13.
  • > where can I find a list of ISP's that have Carnivore installed?

    That'd be ISPs using IP addresses in the ranges 1.0.0.0/8 through 255.0.0.0/8 inclusive ;-)

  • by Anonymous Coward
    First they came for the Jews
    And
    I did not speak out -
    Because
    I was not a Jew.

    Then they came for the communists
    And
    I did not speak out -
    Because
    I was not a communist.

    Then they came for the trade unionists
    And
    I did not speak out -
    Because
    I was not a trade unionist.

    Then
    they came for me -
    And there was no-one left
    To
    speak out for me.

    Pastor Niemöller, 1938
  • blah blah blah ... "if you aren't doing anything wrong you have nothing to hide" ... blah blah blah

    I'm doing nothing wrong, and I still don't want people reading my email. Why? Because (in this country at least) it is my right. People who give up freedom for protection from the "bad guys" are pathetic.
  • Beep! Godwinn's Law. You're done.

    ---

  • Carnivore is capable of capturing all unfiltered traffic that flows through it and archiving it for later investigation. That's a bad thing.... but then, we've all known that Carnivore was a bad thing the first time we heard about it.

    Wrong. Carnivore is a good thing. The bad things are: 1) the search string is not in the warrant ordering the tap, and 2) their is no accountability or prevention for overstepping this search string. The sole problems with Carnivore stem from the lack of oversight, and basically a "blank check" of stepping on privacy where the citizens are counting on the police to fill in the amount with only what they are allowed.

  • I work at a regional ISP. If my boss agrees with the feds to investigate me or someone else, I'd like to know what one looks like when it shows up in the server room. :)

    Is the FBI a Dell customer? Or do they use Gateways? Or just build their own?

    -Chris
    ...More Powerful than Otto Preminger...
  • Who's to say what we find to be compleatly moral, and right today won't be outlawed tomorow. In the US anyone can drink, but ever heard of prohabition? Sometimes america outlaws some of the wierdest things. We pride ourselves on freadom of speach and freadom of religeon. The government anymore seems to want to take our guns, speach, and fredome from us all. I know what it is like to not be able to own a firearm(even to hunt with). I know what it's like to be told you can't worship that way because I don't like it. I know what it is like to have your voice quelled. Carnivore is about power in the government, not about criminals. It's the same as having a 24 Hour a day tap on your line that they can listen in to your conversations any time they want. Or better yet a monitoring station that Listens to your house 24 hours a day (Some of us have our house pluged into the net 24 hours a day, with web cams, et al).
    Incidently who's to say that some corupt FBI official doesn't use the information to blackmail you, not just about criminal offences, but also about your marriage. If you write your online "friend" and tell them that you had fun "playing with them" and it gets intersepted by your spouce.... Just think about it.
  • Bush Sr. was head of the CIA in 1976 and 1977, for less than a year. I always laughed when I heard the press talking about the Russian president who was previously head of the KGB. I mean, Jesus Fuck, we had our own version of the KGB president in George Herbert Walker Bush.
  • by Anonymous Coward
    The government is now implementing, in "tacular" stages, a system to invade your privacy, and you're just talking about it as though it's a foregone conclusion. What a bunch of total sissies. 1984 was not written so we can sit around and marvel at how well a person can predict the future. Where's the outcry?
  • Anything that will take a little freedom away from the criminals and give it back to the law abiding people is a good thing.

    Sounds great, except the law abiding folks aren't getting any back, and we're just giving any criminals in the FBI more power.

    Yes, criminals. Corruption happens -- for example, the FBI did some things that were not exactly legal to Martin Luther King (illegal surveilance/wiretaps, as I recall). The people who broke the law in that case were in the FBI, and they were also, by definition, criminals.

    Learn some recent history.

    If, instead, you acknowledge this, but believe that that sort of thing can't or won't happen again, please be prepared to explain why in fifty words or less.[1]

    ---
    [1] Other than "Martin Luther King is dead now"
  • by Plasmic ( 26063 ) on Friday November 17, 2000 @10:50AM (#616798)
    If Carnivore is designed to capture RADIUS packets, then it is a password-stealing program
    According to the presentation given at NANOG (North American Network Operators Group) by the FBI on Carnivore, RADIUS is used to associate the user ID of the person whose traffic is being intercepted with their dynamically-assigned IP address.

    Without giving the targetted individual a static IP (that would be too suspicious), it's extremely difficult to design Carnivore in a way that would allow it to function without searching through all traffic on an entire IP subnet without using RADIUS.

    As an aside, RADIUS packets are not sent in clear-text; they are encrypted using a common plain-text key that is (usually) manually assigned on both the RADIUS client and server. Is it breakable? Sure. But, then again, any value given to the FBI's explanation is derived from the notion that they aren't lying to you.

    The bottom line(s):
    • Carnivore isn't stealing passwords
    • It actually makes a lot of sense to use RADIUS to allow the monitoring of a user with a dynamic IP address
    • Regardless of how little you trust the FBI, the design and implementation methodology that they claim to be using is actually not phenomenally bad

  • All we need is the list of ISPs running this thing and to figure out whose packets have been sniffed and according to 18 USC 2520 [cornell.edu] we can each get $500 from the FBI for their unauthorized taping of our communications.....

    Any lawyers in the room care to start the class action suit?

  • ...because it's good to remember that good soldiers Adapt and Overcome.

    EC
  • Actually.. why don't we just find out what isps have it.. and send /alot/ of traffic through it. flood them with incredibly useless information.. sure they can archive.. but.. can they archive several TB of data? for every isp? eventually this kind of software will be darned useless because of the noise to content ratio..
  • by isaac ( 2852 ) on Friday November 17, 2000 @10:54AM (#616802)
    Yes, Carnivore (or whatever it's called this week) does more than just sniff email. This is no surprise.

    I don't see enough people recognizing the importance of routing information, email headers, connection logs, etc - all information which the FBI steadfastly maintains it does not need a warrant to collect.

    This is probably the most important purpose of Carnivore - to build an interconnected dataset of who's talking to whom, who's visiting what sites when, etc. The message body isn't nearly as important or useful (from the law-enforcement perspective) as this information. You may be encrypting all your mail with 4096-bit PGPG but who it came from and where it's going is all right there at the top. Same with your browsing habits, telnet/ssh , voice-over-IP connections, etc. etc.

    Build a nice database of who's talking to whom and when, and it's much easier to find people to lean on. ("I see you emailed Bob on April 43, while he was chatting on IRC with known subversives planning protests at the Government, Inc. convention in Topeka - explain yourself citizen!")

    To me, the collection of header information is the scariest part about Carnivore, especially considering the FBI's self-styled and sordid role in "ensuring domestic tranquility" by secretly attempting to undermine dissident groups and leaders (The muckraking and attempts at blackmailinng MLK Jr. being merely the most famous of many examples).

    It's bad enough that they conduct illegal wiretaps - this information is considered today to be perfectly legal to snoop and store without a warrant or even probable cause. Dirty business.

    -Isaac

  • I always thought Carnivore would be installed everywhere and then turned on when needed.

  • you think that no one else is able to capture your email? come on..the 'wrong people' already own your ass.
  • by dmuth ( 14143 ) <doug,muth+slashdot&gmail,com> on Friday November 17, 2000 @10:58AM (#616806) Homepage Journal
    About halfway through page 2, the document mentions refrers to "long term stability" as being 48 hours or more. Is it just me, or does that sound kinda um, ridiculous?

    I can see it now... FBI agents showing up at an ISP every other day because they need to reboot Carnivore... :-)


  • one can only consider some public domain facts:

    1. m$ word has an owner i.d. number attached to EVERY document.

    2. the f.b.i. are not the only group that internet 'sniffs'.

    3. some mental cripple's entertainment is worth peanuts when compared to the value of a business idea...

    4. corperate espionage exists

    who has access to m.$.'s list of authorized users of m.$.word? *grin*

  • The FBI is the first government organization to realize that PDF files with black bars overlaid on sensitive information isn't effective.

    Neither is ink on normal text; depending on the resolution of the document they actually have there's surely the possibility of some vestigial remnant of the original text even under the darkest blackout ink.

    But i expect they've thought about that, and these are faxes or photocopies of the censored texts, diluting the resolution beyond recovery....

  • A list I am a member of had an 'anti-echelon' day where we all mailed each other with lots of random stuff including words like 'Clinton', 'Death by Mutilation' 'President', 'Assasination' and 'Firearms'.

    It was quite fun actually.

    Elgon
  • Too late Yanamr,

    Echelon and the RIP bill have already taken care of this for us. I doubt that the FBI would give a toss about either of us to be quite honest but we have our own security services to worry about.

    Elgon
  • Really now?

    Do you use envelopes for your snailmail letters, or do you only use postcards that are (more easily) readable?

    Do you have curtains or blinds in your office or residence, and use them rather than leave them open?

    Do you leave meeting room and bedroom and other doors open, allowing anyone to look in as they please?

    Do you use transparent trash bags?
    How about a transparent backpack or briefcase?

    No?

    Gee, what do you have to hide?

    It's about privacy. No one here is saying that the FBI shouldn't go after criminals. But the wanton removal of privacy is a removal of freedom. And the removal of freedom must be always guarded against.

    If you really are comfortable with being monitored by government, there's this warm island some miles of Florida...
  • by Raymond Luxury Yacht ( 112037 ) on Friday November 17, 2000 @11:10AM (#616812) Homepage
    I go to the link, and there is the document, and there are all these bits blacked out.

    I tell ya, censorship really burns my ***! I mean granted that they want to keep *********'s name hidden, and that information about ****** with the ***** and the ***** with the sheep, it stands to reason. There are still laws about that in most states. But I tell you **** *** ********* **** **** and another thing *** ** ****** ** ***** ** ***** *** ****** ***** government security!?!?! Well they can take their ******* and shove it right ** ** ***** ****** *************!


    "Put a glide in yo stride and a dip in yo hip, and come on to the Mothership!"
  • by Gendou ( 234091 ) on Friday November 17, 2000 @11:15AM (#616813) Homepage
    I may be wrong (I think I might be, but I'm still curious). Isn't the FBI not allowed to seize snail mail in transit? If I send a letter to someone and it doesn't violate any of the postal service's policies (no flamables, no biohazards, etc... just a letter) then they don't have a right to it, correct?

    If this is the case, why is email any different? If I send a letter to someone, even if it's an evil plot for world domination, how can the FBI have a right to grab it midstream?


  • I particularly liked where they discussed the hardware.

    "This [CENSORED] has both Zip and Jaz drives."

    Now, the only reason they could censor that word is because it is the brand of the machine used. Based on the fact that it takes up about four letters of space, we can guess that the program was probably tested on a Dell PII-300.
  • It's not much info, but from the register [theregister.co.uk]:

    The release of about 600 pages in early October revealed previously unknown details about the system, including Carnivore's place in a trinity of programs -- alongside "Packeteer" and "Coolminer" -- known collectively as the "DragonWare suite."

  • When I worked for the Forest Circus they were deep into an IBM contract. But judging from the boneyard, they'd had a Gateway fetish in years past. So the answer is.. we don't know.

    It's much more reasonable to ask "what's that mystery box?" about any new hardware that appears when you're off shift. When you're on shift, it's much easier. Not all cops and feds look like the stereotype, but the cheap suit and cheap shoes ID is always a tip. It worked the morning my office was filled with armed EPA agents. But that was another story.

  • I think they blocked out the word "Dell", based on the amount of space it took up.
  • This is from their advertisement for DSL service at www.thinkgeek.com [speakeasy.net]

    Eat meat? No competition here, no carnivore plans either.

    Either it means they only hire vegetarians (grin), or that they won't allow Carnivore to be put in their network (well, without a fight, at least).
  • by nyet ( 19118 ) on Friday November 17, 2000 @11:32AM (#616819) Homepage
    Is it just me or does the FBI sound like a bunch of *wannabe* leet hax0rs/warez pups. I laughed out loud when I read this "sekret document" with the word "Dell" repeatedly blacked out (because its leet to black out stuff.. like 1-800-ITS-PRIVATE!).

    "WE POWN joo we have l33t warez - we call it (yes is has a leet name) C4RN1V0R (part of our DR4GUNW4R3Z Suite!!) ph33r!!! Me and KnightDeathRider wrote it with alot of help from DragonMaster! Shout outs and props to my peeps DeathBringer and NightStalker!"

    "We are l33t visual BASIC haxors!! THE LEETEST LANGUAGE EVER!!"

    "IT IS so leet it runs on NT. Plus we call our patches "SERVICE PACKS" thats how leet we are! phr33r!"

    "It has very long term reliability - it stays up for up to 48 hours!!!! thats like two days!! leet!!!"

    I mean, please. These guys are total no talent lamers. What decent coder in the RIGHT mind would join the FBI for 1/4 the pay doing shit they HATED.

  • From the first page of the images linked to by the post: "ALL INFORMATION HEREIN IS UNCLASSIFIED"

    And yet, large chunks of it are blacked out. From such innocuous things like (probably) "Dell", to the performance metrics of the beast, to...well, I can't tell because it's blacked out.

    If its unclassified, don't black the stuff out when responding to a FOIA request!


    My mom is not a Karma whore!

  • Or hey, if you are talking on a cell phone and pointing at your computer, then all it takes is one Philadelphia police officer's word to have you convicted, right?
  • So it would just morph from person to person like Agent Smith in the Matrix?(okay not exactly, but a good metaphor).
  • I agree... the meta data is what is important here. They already have sophisticated tools to analyze "criminal networks" based simply on known associations between people of interest.

    The real problem here is that they can use it "inapropriately" as easily as not. I don't trust the FBI and I don't see why anyone SHOULD trust a public institution merely because it's stated mission is to serve the interests of the US Citizenry. They can spin it all they like, but what they are really doing is making a grab for as much power over this medium as possible, while things are still relatively immature.

    If they put this shite in place, they'll be able to packet-sniff with impunity from now on. And over time, this data starts to help them put together a pretty detailed picture.

    I'm not saying this isn't a good tool to fight crime with, because it is. It just goes way beyond that, with only "good intentions" to keep the gatekeepers in line. I shudder to think of the power of controlling a database with the entire world's traffic and communication patterns. And to think that they can do it without cause...

    Question: If hackers were tracking data like this (with permission from ISPs, of course), what would the FBI's reaction be? Should ANYBODY be allowed to do this?... this is an international issue, after all. Also, what if they could index this stuff with the content from ECHELON?
  • Replace the blacked-out parts of the document with your own!

    "Basic interface code change now allows MARTHA STEWART for SMTP and POP3"

    "LITTLE NIKKI will pass this to JOE MONTANA at the first available opportunity."
  • It was classified, then the redacting (blacking out) resulted in only unclassified information remaining.

    For people wondering why the computer maker (dell?) was blacked out, it's because due to the confidential nature of the operation, there wasn't a public bid made. Hence, the government went with a company without going through the usual process of public bidding. In cases like that, they are not supposed to publicize it, because it might seem like the government is biased to one company over another.

  • Hmm. This guy sure is sending a lot of encrypted email to this mix guy -- mixmaster@remailer.privacy.at. Think we should check that guy out?

    I don't know about other mail clients, but VM makes using remailers simple. Encrypt a message to the person you're mailing (VM makes that easy too) then chain it through as many remailers as you want to, in 3 or 4 other countries.

    Likewise you could easily go through anonymizer to browse the web. Though you'd still have to trust them. Or you could just get together with some friends and establish a virtual encrypted network on top of the Internet which would be opaque to anyone outside that system.

  • I always thought that as long as there was no doubt about the authenticity of the evidence (completely convincing that it wasn't faked), you should go ahead and use it - BUT - then the people who collected it illegally should face criminal charges (including possible jail time), and including possibly being blacklisted from holding jobs "upholding the public trust" (since they've proved that they're willing to violate civil rights to accomplish their goals).

    Of course, I would imagine that a lot of enforcers would try and figure out ways to "expose" evidence anonymously so they couldn't get caught (and I doubt that other enforcers would work very hard to catch the "anonymous" tipsters...)

    On the other hand, truly dedicated enforcers might consider their career a decent sacrifice if they can get somebody really disgusting off the streets just once in their life.
  • Not having dealt with the FBI, I don't know about the details of that.

    I can say from time working for USPS that it is VERY stressed that NOTHING gets opened by anyone, except the Postmaster. And the Postmaster has to have a damned good reason to open something. A partial address isn't a good reason. A missing address might be. Yes, they even stress that looking at postcards is a Bad Thing. Of course you have to look at the address, but dwelling.. no. Usually the postmaster doesn't see most of the mail (the notice to the postmaster on junk mail is joke, the important it proclaims itself, the more worthless it is. It was also amusing to see the 'one of these three people won' with the top name always changing...) What happens is mot mail just goes through. Occasionally something happens like a missing address on first or second class mail or a sort machine-mangle and those get moved up the chain of command as it were

    The office I was at was very scrupulous. If third class (_junk_ mail, though they had another names, 'bulk business mail' for it) mail had coins and there was any breakage or leakage, the coins were collected and the Postmaster got to deal with them. More than once I left a coin, that had fallen from my own pocket, on the floor where it fell. It wasn't worth the risk of picking of it up again.

    Not saying that law enforcement cannot intercept mail, but saying that not just anyone can and it isn't done routinely as it seems Carnivore permits.
  • "I see you emailed Bob on April 43, while he was chatting on IRC with known subversives planning protests at the Government, Inc. convention in Topeka - explain yourself citizen!"
  • I am shocked that Carnivore will capture unfiltered email.

    Wait let me correct that: I am shocked that the FBI admitted that Carnivore will capture unfiltered email.

    There was a time in the US when people would have been shocked at government snooping; but I suspect that by now most people have figured out that there is no tooth fairy, and that governments regularly lie to the people they govern.

  • Carnivore is a good thing. The bad things are: 1) the search string is not in the warrant ordering the tap, and 2) their is no accountability or prevention for overstepping this search string.

    Where's the good part again? I think I missed it.


    -The Reverend (I am not a Nazi nor a Troll)
  • by mightbeadog ( 106511 ) on Friday November 17, 2000 @12:46PM (#616850)
    Carnivore was conceived under the name "Omnivore" in February 1997. It was proposed originally for a Solaris X86 computer. Omnivore was replaced by Carnivore running on a Windows NT-based computer in June 1999.

    The next version will be called "Herbivore" and will run on a Mac. ;-)

  • Yes, you are absolutely right. email packets are no different than RADIUS packets.

    They are indeed different. They have different port numbers.

  • In the past, the FBI has at the direction of Congress or the Whitehouse "targeted" groups that were so ill-defined as to include all Americans. In every instance of this (so far), complaints from within the FBI have led to the bureau's investigations being greatly toned down and constrained. However, each case of this has taken years for the corrections to occur. Carnivore has a lot of people ticked off because it looks as though it steps outside of the FBI's defined powers and limitations unless active effort is taken to make sure it doesn't "go too far".

    Carnivore also has the issue of making abuse by individuals tremendously scalable. While the FBI as a whole is not likely to be able to take full advantage of the system, individuals within the FBI and in the right place could use it to heap more abuse on the populace than they've ever been able to do before. Basically, organization issues aside, Carnivore has tremendous potential to play into the hands of the corrupt.


    T. M. Pederson
    "...and so the moral of the story is: Always Make Backups."
  • by rocketjesus ( 32378 ) on Friday November 17, 2000 @12:54PM (#616853)
    It's a PC running EtherPeek.

    Wow.

    They spent (at least) $5,000,000 of taxpayer money on a system that could have been put together by a 12 year old kid in less than an hour.

    Most Impressive.

    I'm no longer particularly worried about carnivore. I'm now worried about what they're REALLY doing with that money.
  • Here is the big question I have, where can I find a list of ISP's that have Carnivore installed?
    ...
    I can see it now, advertisements for ISP's who's big selling point is not having Carnivore installed.

    As I recall, the planned usage was to obtain a warrant and then temporarily install is at the suspect's ISP. Your ISP could be Carnivore-free the day you sign up, and tommorrow some judge issues a warrant (or the ISP cooperates without a warrant), just because the FBI suspects anyone connecting with your ISP, and all of a sudden big brother will be watching.

    If you really have something to hide, or you just want to increase the ratio of envelopes to post cards (thereby helping others who have something to hide), PGP sounds like the answer.

  • by mangu ( 126918 ) on Friday November 17, 2000 @01:05PM (#616855)
    The FBI is not after you, they are after criminals

    You're right, but that's not the point when the "your rights online" discussions pop up in slashdot. The problem is how you define "crime".

    When politicians make "decency" laws, they cater to the hysterical old ladies who believe everything is a sin because their favorite televangelist said so. The result is that government agencies get an enormous power to define perfectly normal activities as "criminal" if they want to.

    For example, suppose you went to Spain in your vacations, and had some pictures taken of you at a beach. In the background there's a nude twelve year old person bathing at the beach, something that's perfectly legal to do at many beaches in Spain. If you have this picture in your computer, you can be accused of being a pedophile and of having "child pornography" in your possession.

    Now, this doesn't mean the FBI will go after everyone who ever travelled to Spain and put them in jail. But it means that, if you ever witness some crime committed by an FBI employee, you cannot testify against them, since they can send you to a prolonged jail sentence.

    I'm not a paranoid, I don't think they are after me. But I do want to keep it that way, I don't want to give them the power to come after me either.

  • Anonymizer encrypts, at least for subscribing customers. As do the anonymous remailers.
  • If "unfiltered" means the obvious, everything it sees, not just stuff pertaining to a single IP/user, then there is a very strong case that it violates the 4th amendment protection against search and seizure without cause. Precisely, if it is intercepting all traffic, they would have to have a search warrant saying "all traffic passing through Earthlink" or whatever. If it can target traffic, they can get a search warrant saying, "all traffic passing through Earthlink originating or terminating at x.x.x.x". No judge would grant the former; the latter would be much easier to get.

    In my (layman's) interpretation, "particularly describing the place to be searched, and the persons or things to be seized", means that a warrant would have to say something like "all traffic going through Earthlink's network" for it to be legal. This is because it's quite clear to me that anything that is intercepted can be considered searched. Anything that's archived can be considered seized.

    The obvious solution is for people to start whipping out the constitution, pointing to the 4th amendment, and telling the police, "go get a proper warrant, or go fuck yourself".
  • Oh, great. He's onto us!

    *picks up cell phone* Yeah, I need five black helecopters dispatched to... What did you say your address was again? /dev/null, right...


    -RickHunter
  • I think you must be pretty young. I remember a time (more than 30 years ago now) when I, too, believed the FBI, a governmental agency, was full of trustworthy, loyal agents just trying to protect ordinary citizens. In fact, there was a tv show, called _The FBI_, which showed these wonderful people struggling at great risk to their own lives to protect the innocent. Then I learned the FBI specializes in car theft rings because it's relatively simple and keeps their solve rate up so they can justify bigger budget, but they will fight being called in on kidnapping cases because those usually end badly and lower their solve rate... That's just one example, but it's probably enough.

    I'm sorry, but the same kids you see in the classroom every day are the ones who grow up to be the bosses, employees, police officers, and yes, even the FBI agents of the future. Those kids don't change much in the process.

    Also, bank officers are not out to help you get loans so you will benefit from a good education, congressmen aren't really legislating to solve your problems, professors don't care much if you learn what they have to teach, grocers don't care if your food is irradiated (as long as it extends the shelf-life of their produce), mechanics don't love your car as much as you do... Okay? I'm sorry, but you might as well come to understand these things now rather than later. Just one last thing: realize that none of this means you yourself should give up your own passions or ideals. I haven't, and if you look around you'll find we have a lot of company.

To be is to program.

Working...