Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
The Courts Government News Your Rights Online

Carnivore Report Released 83

Gwaitsai writes: "I cannot believe that I've seen nothing about carnivore here after the report was released yesterday (21st Nov). Could it be that everyone is too busy thinking about turkey! Excite has an article here and you can find the report itself here."
This discussion has been archived. No new comments can be posted.

Carnivore Report Released

Comments Filter:
  • ...would you like Carnivoure if it ran LINUX?

    Yes and no. On one hand, I have more faith in the security of a (properly configured) linux box, so I would be somewhat less worried about outsiders accessing the information gathered. Of course, the security of the actual Carnivore code is still unknown.

    On the other hand, I'm pretty amused that the FBI is please with its two-day uptime. In addition to being funny, it means that, for maybe five minutes every other day, I'm safe from them.


    My mom is not a Karma whore!

  • Why don't we simply have a system whereby mail server A and B encrypt the entire mail exchange transaction?

    The only real problem then would be getting people to employ it, and that could be done if it were made backwards compatible by accepting older smtp connections but adding a header that indicated it was at some point transmited in the clear, and accepting a security header that commanded it not to forward to in older servers.

    It would seems like it would be a simple modification to SMTP. Though I suppose it would have to get through the IETF first.

    Actually, there's a program out there called stunnel [stunnel.org] which allows you to create SSL functionality in any server. What it does is listen on a designated port and then tunnel any connections to it to a local (or even remote) port. We've actually started using it at where I work, by having stunnel listen on the pop3s port (995, I believe) and it tunnels connections to it to its local pop3 port. Outlook and Outlook Express at the very least have the capability for SSL-encrypted SMTP and POP3, and I believe Netscape 4.7x supports SSL-encrypted SMTP.

    Just my $.02...

    "For a dark man shall come unto the House of God, and the darkness shall be upon him, yea, even within him." -- from Noctropolis: Night Visions

  • Circumventing Carnivore sil@www.dot.antioffline.com

    While this may be no new news to anyone here are some thoughts on circumventing security modules such as Carnivore. All this was written on a flight from New York to California (how thrilling.)

    What? Some slight information on Carnivore
    Why? Because everyone is pissing up a storm on Carnivore How? Sitting down reading Information Security Management Handbook 4th Edition (Tipton, Krause)
    Where? Flying over Canada on a re-routed flight to California

    Based on the gathered information related to Carnivore, it copies mail sent from the ISP of a user provided he or she is being investigated, after obtaining a warrant, in order to filter e-mail based on human programmed input:

    http://pcworld.idg.com.au/pcw.nsf/reviews/49939FEB 71ED36F5CA25692700182669!OpenDocument What exactly is this input? Who knows but we can guesstimate its likely a combo of words and synonyms based on some violent and discriminating words maybe even translated into foreign languages.

    With this in mind it should be easy to circumvent it with simple little tweaks in order to send that "threat" you've been thinking about, or any other irrelevant e-mail you've been paranoid to send down the wires due to fear of government snooping.

    Carnivore is ISP based from what I read, so its functionality will not apply to using a re-mailer from whatever address your sending the e-mail from nor does it apply to sending spoofed e-mails with a packet injection tool nor a proxy since after all, it is only monitoring your account on your ISP with Carnivore running on that isolated network to capture your e-mail.

    Based on the architecture the FBI would need to isolate your IP address as opposed to snooping a complete netblock in order to capture your data, this means they're going to have to set it up to snoop your ISP's router/switch and determine where exactly you are when you connect unless you have a static IP address in which they can segregate your traffic to a specific area which would be hellishly easy for them to do. I'm sure your ISP can simply switch you into a specific area via software and access lists at the drop of a dime as well.

    Carnivore simply makes unknowledgeable people think the government(s) is(are) out to get them which personally I don't think is the case. Officials have better things to do (hopefully) than sniffing through days/weeks/months worth of e-mail looking for that "one" discriminating message your sending. Takes time and a lot of effort including legal work that theoretically has to be taken when we regard the masses.

    However if your the target of some investigation do not be fooled into thinking they will not go this far.

    Anyways enough of the BS corporate(ish) stuff you should realize by now.

    Lets start with a threatening letter we'll assume John Doe wants to send but is afraid of things like Carnivore and Echelon type systems. Why should he send it? Who knows he's just fscked in his brain for all we know and wants to be the next Una'bummer'.

    Based on typical filters and from what we know, we can determine that there is probably some sort of word based capturing going on within Carnivore which likely flags words which are incriminating enough to capture John Doe and make him Mitnick's ex-roommate's new roommate.

    So the test begins. With a proxied Netscape browser we find proxy.foo.com and slightly obscure our information and change our hostname to whatever@wherever.com. In theorum mail is being sniffed to the account in question johndoe@sampleisp.com in which they have their warrant and not whatever@wherever.com which makes any information they gather obsolete. Well, after some legal mumbo jumbo obsoletes their methods and what information they gathered along with the terms of the warrant.

    Hey if they're monitoring johndoe@sampleisp.com and sniff the whole network then jane.something@sampleisp.com should be able to hold them liable for invasion of privacy. Thats something I can't speak on since I'm not a lawyer.

    Other ways to cirvumvent this would probably be as simple as creating your message and saving the entire message as a picture and simply sending it along with a message of "Picture of my new car."

    Simplicity sometimes works better over the high tech since most technical minds would overexert themselves in ways of technology often forgetting the simple things you could accomplish without knowing much about higher end technology such as encryption schemes, spoofing, etc.

    Another oddball way of conveying messages whether or not encrypted is to send a message written in binary with something as lame as:

    [sil@stigmata] echo "I need help with this math problem:
    [sil@stigmata] 43 61 72 6E 69 76 6F 72 65 20 63 69 72 75 6D
    [sil@stigmata] 76 65 6E 74 69 6F 6E 20 74 65 73 74 20 70 68
    [sil@stigmata] 61 73 65 20 31 0A" | mail -s hello somebody@somewhere.com


    Do you think the makers of Carnivore have pre-determined someone sending out a message of this nature? Certainly if Carnivore's input was created by human input, its likely they wouldn't be expecting something like this unless it was a known fact beforehand that they would be dealing with some sort of cryptology.

    For more obscurity depending on who you are sending the message to, both parties can agree on a scheme to use based on anything. It can be a time defined simple encryption scheme based on the hour of the day, day itself and month.

    For example parties A & B decide they will create a unique method to cypher private messages with these variables.

    T(D+M+Y)/2 Time + (DAY+MONTH+YEAR) where a message sent at 11:pm on 5/12/00 would be added to equal 28 all together then shifted this amount plus that of the English alphabet (26) divided by 2 so the word "TEST" becomes "RAQR"

    This cypher was established since the letter T is the 20th letter of the alphabet I decided to count 27 characters from the letter T. Simple and effect and although based on one scheme its portable enough to obscure all messages since its time based and as stated who the hell would be able to figure this out before you had accmplished your dirty deed.

    Other scenarios include the infamous (my favorite) spoofed mail technique using some relay host we could find anywhere on the net.

    [sil@stigmata] hostname gary7.nsa.gov
    [sil@gary7] adduser verona
    [sil@gary7] su verona
    [verona@gary7] echo "Hello Kapitan" | mail -s foo somebody@somewhere.com

    You don't have to be a rocket scientist to do any of this and you don't have to be a genius to figure out ways to circumvent Carnivore, and if your still paranoid then get a packet injection suite and spoof the address along with the entire payload attached for added screwability.

    What about translating the message into a foreign language, converting it to binary then adding two digits or letters to every new hex value, where OxF now becomes QzH? I'm sure you can get a clear picture on why you shouldn't worry your life over what the government is doing. Many times I see rants and people complaining about the lack of privacy, but what I fail to see is someone taking the time to find a neat trick to go on with life and privacy at their own expense. Lets face it, common sense should tell you that any government is going to do whatever they want, whenever they want and nothing you can do is going to stop them so get a life.

    There are plenty of ways to circumvent technologies such as this without having the brain power of Albert Einstein and without having to delve deeper into technologies which will most likely be something authorities will be waiting for.

    J. Oquendo

  • For some reason, we're having lots of trouble downloading it (and we're -not- using Telstra' Big Pond... whose cable recently got cut... ;) from the site it started out at.

    Can someone nominate a mirror (preferably even in Australia) where we can get the .PDF draft report?

    TIA

  • Tackhead suggests:

    Constructive suggestion: The device is placed under lock and key. Two keys are required to open the case in which the device resides. One of those keys is under the control of the ISP. You can think of a key" as either half of cryptographic key (for remote access to Carnivore) or a physical key. Better yet, both.) I don't mind an ISP rolling over for FBI in the face of a court order. It's not a court request, it's a court order after all! But I fear any system that denies my ISP the chance to stand up to a Fed trying to use Carnivore without that court order.

    On the right track. One key with the Feebs. One for the ISP, itself encrypted with a third key, held by the Federal Judge. Settings placed in the presence of the Judge or a Special Master appointed by the Judge, and then locked down with the Judges key.

  • .... Uses the internet to send messages like "The pure uncut cocaine is in the truck on West 4th". It's not worth it, a cell phone is much safer. It's also not what he/she would say. It'd be more like "Yeah well the YO is in the truck". The feds can't do much about that. Carnivore is just a big waste of money; all it'll catch are suburban kids talking about where the next weed party is gonna be. More gov't money wasted.

  • Carnivore was "reviewed" by a bunch of yes persons handpicked. Not one of the groups critical of Carnivore got to examine the system.

    So naturally the government got exactly the verdict they wanted: Carnivore is OK.

    The last two weeks should prove to everyone that government is NOT to be trusted, especially this bunch that runs it now. And it looks like they are going to get to stay, unfortunately.

    The government has no right to be snooping ANYONES personal communications or information without a warrant. It's right there in the Constitution. They are supposed to have "probable cause" and show it to a judge. Though the quality of judges (Kaplan, the Florida Supremes) certainly has diminished in the last 30 years or so.

    Unfortunately, not enough Americans have had a good enough Civics education (ie, from a non-Marxist professor). Ignorance isn't bliss, it's how the government gets away with breaking the law. Carnivore is illegal. But because of mass ignorance, AND a corrupt administration, nothing will be done about it.
  • by kaoshin ( 110328 )
    The CIA is too busy trafficking drugs so the FBI has to gather computer intelligence. Very admirable. -Scott
  • by Anonymous Coward
    You really don't get how this works. Getting a judges signature for searches is easy. It is only the time that it takes to do that search which is a limiting factor. So, the FBI realizing this, has set about to place a piece of FBI hardware in place on-site at *EVERY* isp in America. This piece of hardware does not require a judge's signature to be used because it is controlled directly from the FBI's office. Yes, the FBI is suppose to get a judge's approval, but they don't have to with this setup. That is different from phone taps which intrinsically needs a judges signature (not just suppose to). The FBI cannot get a phone tap to go through without the judge's signature since the phone company won't allow it. The phone company controls it. Now, normally the ISP is suppose to control it. But the FBI has devised this horrific carnivore system. It means the isp does not control it, which means that there is not check in place to insure a judge's signature is received.

    Well, sorry about that, I shifted my argument. What I really mean to say (in additon to what I've said) is that there's no slow down, no limiting step with carnivore. The FBI decides it wants info, it gets a judges signature (though I explained above how easy it is for them not to), and then it just pushes a couple of buttons from FBI headquarters and voila the search has taken place and the information has been seized. No limiting step. It's so easy that if you are not scared by this misplacement of power, you are very naive.

    I hope someone has brought up that the FBI has already lied about the surveillance powers of Carnivore. The story broke about a week ago.

    Carnivore can get a lot more info than the email headers (and content) which the FBI had claimed is the limits of its powers. No, in fact, carnivore can take everything the FBI wants it too. Read about it here:

    Carnivore captures and archives 'unfiltered traffic' [epic.org]

    New documents shed more light on FBI's "Carnivore" [cnet.com]

    Carnivore can monitor all internet traffic -- something the FBI had previously denied [zdnet.com]



    the Slashdot article on recent carnivore devleopments [slashdot.org]
  • Where the heck did you come up with that?

    sigh [slashdot.org].

    I find nothing in that article to suggest that the FBI is planning to put Carnivore in every ISP. That is a fantasy of Mr. Cringley. In addition, his supposition that Carnivore could shut down the Internet is disproven by the use of the read-only tap and the fact that it can only handle up to a steady stream of 15Mbps recording to a Jaz drive or 60Mbps recording to a hard disk (facts taken from the report).

    Even if 6000 Carnivore units could record all that traffic, who could possibly analyze it all in any reasonable period of time. Oh, I know, the FBI's allies at Ft. Meade will do it for them. Like they don't have enough data to deal with already from Echelon. :)

  • First, this is my own opinion and (as far as i can tell) reflects the wisdom of the American people.

    1) You're a pack of liars, you know it, we know it, everybody knows it.

    2) How can your hand picked pack of sheeple even face themselves in the mirror? They're actually worse than traitors. Subverting the constitution should be punishable by death.

    3) Since the advent of the Clinton administration goverment surveillance of the People has approached totalitarian proportions.

    4) In your own twisted little mind how can you possibly believe this is a good thing?

    5) You people are to stupid to carry a gun.

    Just for background, I am ex-army with enough commendations to paper a wall. You brainless idiots make me sick, is it even possible for you to comprehend you might possibly be WRONG? I didn't think so.

    Bite me......and your little swastika too...

    Lets get this quote right shall we? I've seen it misquoted/misattributed to many times.

    "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."- The Papers of Ben Franklin
  • Ok, sorry that that /. article had the Cringley link in it, and let me just say that i am not defending cringley. Yes, it's a read-only tap; yes, it can only handle a few data streams at a time; yes, it's storage capacity is extremely limited.

    And yes, there are only 20 carnivore boxes in existence right now, so a national deployment is impossible.

    What I was pointing out was that if one national ISP was refusing to install Carnivore, then they were all going to be asked to. Nobody rolls out an alpha system for nation wide release - but it's pretty evident that once in place, Carnivores are not removed. This makes sense - they're difficult to install.

    My point was simply this: once there's a Carnivore in every ISP in the nation, they can selectively turn them on when they need to listen to someone. And while the law requires them to get a court order, the carnivore has no accounting whatsoever, so we'll never really know what they're listening to. And neither will the ISP's.

    That's all.
  • OK, so we still need to be a bit vigilant. I would expect ISPs to demand that Carnovore boxes be removed once the warrant expires. And the warrant will almost certainly have an expiration.

    As far as the accounting, I'd bet that that will be changed in response to the report. I expect several other technical and procedural improvements to be made in accordance with the report's recommendations.

    I'm pretty sure that the FBI actually would prefer to follow procedures to make sure that information is gathered in a legal manner that does not infringe on citizens' rights. Otherwise, the defense lawyers will end up getting their clients off on technicalities. And if the FBI hates anything, it would be that.
  • Pardon my ignorance if i'm incorrect here, though i'm sure the many network techs who read this can answer..but isnt carnivore just a severely limited form of a common tool, the Packet Sniffer? I know its a physical box that the isp plugs into their network (mainly because carnivore has a modem in it for remote administration) All it does is scan incoming data for specific court-ordered tags (such as email).. this whole mess reminds me of the much media hyped "SATAN" a few years back which was merely a port scanner, but according to the media could be used to hack into any computer. Just seems like more technoignorant media bullshit...
  • I'm pretty sure that the FBI actually would prefer to follow procedures to make sure that information is gathered in a legal manner that does not infringe on citizens' righs.

    Waco.
    Ruby Ridge.
    Steve Jackson Games.
    Martial Law in Seattle.
    $1,000,000 bond for using a cellphone at the RNC.
    bullfucking shit

    I'm pretty sure the FBI would like to take anyone who knows anything about a computer into a bathroom and rape them with a plunger handle, New York style. I think that's the major difference in our viewpoints - I don't trust the government. Mainly because I've worked for them.

    But I respect your opinion. And the fact that you will continue a conversation well past the moderation window. (:

    hats off,
    -mwalker

  • ... the fact that you will continue a conversation well past the moderation window.

    Yeah, I was thinking maybe we should take this to email. ;)

    I get your point about the FBI having screwed some things up. And I might even say that they don't care all that much about citizens' rights. But I think they do care about screwing things up so badly that they 1) look bad and 2) can't convict the perps. That's why I think they'll take the suggestions of this report to heart and follow reasonable procedures.

  • At least I'm not alone:

    Intended to be installed at every Internet service provider in the country, [suck.com]

    -suck.com. We should write them and ask them for their source.
  • After reading the report, the following is quite clear:

    1. Carnivore explicitly has the ability and functionality to collect any and all IP traffic, not just email, delivered to it's network interface (just like a packet sniffer). This means that "Carnivore is an email tap" is DOJ spin. In reality it is a complete IP tap and should be publicized/discussed as such. I doubt a court order would restrict tapping to just email.

    2. It is up to the FBI's internal procedures and trustworthiness to prevent or discourage "overcollection" (fishing expeditions)

    3. The report points out that civil remedies exist to fix "overcollectoin" after the fact.
    (I hope you can afford a good lawyer).

    4. They use PC Anywhere to dialin to the carnivore box. Oh yeah, that's safe!

    The real unknown now is exactly *what* traffic is redirected (tapped) to the carnivore box? Exactly where in an ISP's topology does this redirection or "tapping" occur? Only for dialup customers? T1 customers? T3? Nebraska and Deluth or only in big cities?
  • In other words, how far can I trust him as an ally.

    That's easy. How far can you throw him?

    Seriously though, you have to take the man as a whole. This may be the only issue which you agree with him on. Which makes me wonder, what doesn't he want the feebs to see in his e-mail?


    In 1999, marijuana [smokedot.org] killed 0 Americans...
  • by booch ( 4157 ) <slashdot2010@@@craigbuchek...com> on Wednesday November 22, 2000 @12:07PM (#606332) Homepage
    If you had read the report yourself, you would have found the answers to your questions. To read a dynamic IP address, you type in the MAC address of the system in question and Carnivore will listen for DHCP. It can also listen for RADIUS-assigned IP addresses by watching for the login name.

    Just about all concerns with the system were addressed in the paper. The paper does make some recommendations to the FBI, like requiring access to the box to be auditable. There seem to be many checks and balances between the FBI and the court in regards to making sure that only the data listed in the court order is recorded. And the paper makes some recommendations to further check that.

    All in all, I'm impressed with the paper. It is much more thorough and professional than I had expected. And while I was very skeptical before, I'm fairly well convinced that there is nothing sinister going on with the FBI in regards to Carnivore.
  • The FBI doesn't intervene. They just keep the SWAT teams around cause they look cool.

  • Thanks. I'm glad to know we have all these h4x to choose from.

    I guess there's already some feeb h4x0r rewriting carnivore to detect these things.

    I also know not to worry because some genius (you or someone else...) will come up with more.


    In 1999, marijuana [smokedot.org] killed 0 Americans...
  • You can also read the coverage by Yahoo! here/a& gt;. [yahoo.com]
  • These guys are going to snoop. One might even argue that they have to. Actively work to keep encryption and anonymization legal and to stay one step ahead of them.

    Someday, look at the history of John Wilkes [xrefer.com], (opposition m.p. in Britain. and learn why [xrefer.com]we have a fourth ammendment.

    Just because law enforcement wants to search in an unrestricted manner does not mean that we should let them. Furthermore, I have not seen a method of encryption which is easy enough for my mother-in-law to use.

    Protection of freedom by nerdly end-runs is no protection at all. My ability to talk on clearspeech phones has been preserved- so must my ability to send messages unintercepted. Yes, as a stopgap, we must keep anonymization and encryption legal. However, we should enforce the laws we have which protect our freedoms.

  • Sure, it's not admissable in court, but that doesn't mean that they don't use it in one form or another.

    Gotten pulled over lately? How many ways were you being recorded, without consent? Had this happen, got pulled over (for what, I do not know, it turned out to be an interesting interaction with the cops, but I digress). Anyway, got in the cop car, and talked/argued with the guy for about 10 minutes.

    Then I realize he's been tape-recording the converstaion. I shut off the recorded (didn't ask him, just did it), and asked him if what he had just recorded could be used against me.

    His explaination was that it couldn't be used in a court of law, but he could use it for personal reference and let the state's attorney listen to it when deciding whether they want to pursue a case.

    So, it's not usable in court, but it can be used to get you to court.

    Doesn't seem quite right, eh?

    How about those packets? Well, what if the packets pointed to a known black-list site, and they could use that to decide to prosecute you, but they couldn't actually use the packets? Or could they use the packets to get a search warrent to then use the packets in the courts? Kind of a begging the question sort of justice.

    Sigh.

    So much for civil rights.

  • The FBI maintains gun purchase records despite a court order to stop and the clear illegality of doing so. However, the Clinton administration has never much been bothered by questions of legality, leading me to believe that should Gore manage to lie/cheat/browbeat his way into the White House, Carnivore will most definately be run with the same level of moral and legal fiber that Janet Reno has always brought to the table.
    Not that I'm fond of George Bush; I voted Harry Browne, who believes, as do I, that the constitution protects one from unlawful search and seizure, and that this is defined as any search not officially sanctioned by court order, so the installation of carnivore in the first place is a violation of the fourth amendment.
    See, America is trying to catch crime before it happens, and that doesn't work. Persecution of hate groups is an example: it is ok to hate the haters. I cannot imagine that the FBI, with its current record of scapegoating, would pass up a chance to blame more of the results of general incompetence in governance on hate groups and members of the "gun culture" or creators of the "culture of violence", and, as these terms indicate, you don't even have to prove that the situation exists anymore. How much longer before everyone in the US is in some sort of seditious culture?
    So, the Republicans define morality into law and the Democrats define sensitivity into law and I can't complain to someone about their behaviour in an appropriate manner over email for fear of triggering Carnivore. What a world we're headed to.
  • Apparently the pilgrims didn't have turkey. But what did happen is many many years ago turkey producers decided to hype it as a "traditional thanksgiving dinner" because turkey was more profitable than any other meats. ---->> The husband of a person who I used to work with runs the meat department of a fair-sized grocery store. He told me once that turkey is, in fact, a loss-leader for meat departments; it's sold for less than the wholesale cost as an incentive to get people into the store. In a similar manner, dairy products are a "break-even" product where the gpm on a pound of butter is something around five cents.
  • From page 15
    IITRI verified by code walkthrough, and later by experiment, that Carnivore works as described by the DoJ. Parameters set in the user interface were reflected in the configuration file. Data passed by the filter and DLL reflect the configuration file. While IITRI did not perform an automated analysis to verify all code segments are executed and that no hidden code exists, IITRI did verify manually that the driver API and DLL entry points provide only the functionality required to implement the features we observed. Given that the advertised functionality provides ample capability to perform unauthorized surveillance, IITRI concluded there was little incentive to hide such capabilities in the code.
  • I'm sure that he'd have noticed if they'd use eliza to trap him on IRC...

    //rdj
  • I don't like "Carnivore" because it can be misused easly. The US gov't has had a long history of abuses (maybe not as bad as Soviet russia or China, but it still happens), and I don't trust them with this system. Also, the very fact that such a sysrem like this exists shows that the additude of society as a whole (not just the gov't) is just getting harsher, moore suspicious, and very paranoid of the fellow man, and it must stop. Don't forget: The US gov't is supposed to be FOR the PEOPLE, OF the PEOPLE, BY the PEOPLE. I don't think that we should allow permanently attached "witetap" systems like Carnivore to be used in this country. (though I do favor setting up a TEMPORARY wire tap (which is physicaly removed afterwards) if there is reason to believe someone is using the net for terrorism/ sex crimes/other major crimes, and they have a legit warrent. A "neutral" non-gov't party should also be monitoring the operations to check for and prevent abuses.
  • >When correctly used, "it provides investigators with no more information than is permitted by a given court order," said the institute, an arm of the Illinois Institute of Technology.

    scary isn't it ? i mean SURE the FBI will never do a thing without permission of the court order...

    >"It's not sufficient for the bureau to say, 'Trust us, we won't do anything wrong.' Most users want more of an assurance than that."

    I'm on it ! i don't trust FBI, maybe i've seen to much movies :)

    ptitom

  • It is a temporary wiretap system, used only with a court order, it IS NOT PERMANENTLY CONNECTED!!!FULL STOP.

    thank you.
  • We already new a few ways to have a piece of software tested for free :

    Write some (more or less) cool stuff, make it free for everybody, and (but you already know that one)...

    Write some very unfriendly piece of softcrap, and threaten to make it a standard if none of you bastard hackers does not crack it.

    NEW ONE : write a even more unfriendly free-*-threatening soft (or at least advertise it as such). Since everyone is complaining about it, make your favorite government organisation hire a team of fat brains to say it is OK, it will be tested in the process.

    Assessment :

    The first one is not really cool, because everyone has access to the source code, and your reputation is ruined beyond repair because you widely advertised your unability to code and design.

    The second one is a bit more cool, since at least nobody will mess with your code. The only problem is it does not work. But at least you go some testing for free... Better chance next time.

    The last one is definitely the better. Only a few dim-witted people have access to you DLL (Don't Load it, Lad !) source code, and they might even find some bugs for free. Please don't forget to include a special non-disclosure agreement about visual basic code unless you don't mind looking ridiculous.

    We do not need any show-business to laugh and cry : we already have politicians.

  • Another tidbit from the same calendar...

    Supposedly the first Thanksgiving lasted 3 days, and the main dish served was deer. You'd have to be a helluva good marketer to start getting people to give up fat, ugly, tasty bird and start eating Bambi every fall!

    "There's a party," she said,
    "We'll sing and we'll dance,
    It's come as you are."

  • Several facts to point out regarding your post.

    1) Not one of the groups critical of Carnivore bothered to submit a proposal to have the chance to review Carnivore.

    2) Read the report. The verdict was not, "Carnivore is OK". The report says that it should be used in place of even worse tools such as EtherPeek. It also lists quite a number of problems with Carnivore, such as the total lack of accountability, bugs in the analysis software, and it's ability to collect everything (up to its storage limits) if set improperly.

    3) The reviewers were not "handpicked". Eleven groups bid to win the contract, more could have done so. IITRI happened to be the winner.

    4) I agree that the government has no right to be snooping without a warrant. That is exactly why the FBI must get a warrant before installing Carnivore, and the must remove it at the expiration of the warrant.

    5) Whether or not Internet wiretaps (like Carnivore) are legal under the existing wiretap statutes is something I'll leave to the legal experts to figure out. That was not part of the task IITRI was given to review either. I will grant thought that technology often outpaces changes in the laws.
  • After all, they have to ask convicted, admitted pedophile, Patrick Naughton [foxnews.com] inventor of Java (the language of choice for pedophiles), to write software for them. [inet-one.com]

    Imagine the logic here! Pedophile Patrick was supposed to be some sort of software genius, yet he was tricked into talking to a Fed in an IRC chat room. How smart could he be?

  • Mmmmmm....Mtraffic. Think about it. Is this really useful? Are you happy to spend your tax dollars maintaining this system and staffing it? What about the potential for misuse or cracking of the database?
  • ...would you like Carnivoure if it ran LINUX?
  • i think it was called sniff.c. it was placed lots of highschool networks, and was used to collent sensative information about teachers browsing habbits. (at least at my school)
  • by Tackhead ( 54550 ) on Wednesday November 22, 2000 @10:56AM (#606352)
    Great. Carnivore works to spec.

    Now tell us something we didn't know.

    Like how to prevent the Feds from using it - to spec - but illegally.

    Constructive suggestion: The device is placed under lock and key. Two keys are required to open the case in which the device resides. One of those keys is under the control of the ISP. You can think of a "key" as either half of cryptographic key (for remote access to Carnivore) or a physical key. Better yet, both.)

    I don't mind an ISP rolling over for FBI in the face of a court order. It's not a court request, it's a court order after all! But I fear any system that denies my ISP the chance to stand up to a Fed trying to use Carnivore without that court order.

    As of now, the only thing standing between my privacy and an FBI gone berzerk is... well, the FBI.

    If it ain't there, it can't be abused.

    If Carnivore is there, and effective access controls (I can't believe I'm using the term "effective access control" with a straight face!), all we have to do is wait for them to realize that IDE drives in removable cartridges are, gig-for-gig, the cheapest storage solution around. In the name of "cost savings", the Jaz will be phased out for a hard-drive-based solution. All of a sudden, the media-size limitation on capture imposed by the use of the Jaz drive is effectively eliminated.

    (Note to self: Buy stocks in hard drive manufacturers if the Feds decide to push for laws to legalize the move to 24/7 surveillance and capture. And switch to end-to-end encryption if any single hard drive manufacturer shows a doubling in revenue in a single quarter on the grounds that they've decided to do it whether it's been legalized or not.)

    My paranoid fantasy for the day:

    FBI's position:

    • It's OK to record SMTP headers (but not the DATA portion containing the contents of an email) without a court order because "they're just like the envelope of a letter".
    The obvious extension:
    • "GET foo.html" is to HTTP as "To: foo@bar.com" is to SMTP.
    • It's therefore OK to record the GET portion of any HTTP transactions without a court order as long as you don't dump the contents of the web page being viewed.
    Watch where you click. If you don't, they will.
  • Oh yeah? Well I'm a Level Five vegan.

    Sure, I believe we have an opening at the poser level. -The Simpsons

  • These guys are going to snoop. One might even argue that they have to. Actively work to keep encryption and anonymization legal and to stay one step ahead of them.
  • by Anonymous Coward
    I submitted this first thing in the morning and it didn't make it to the stories! damn mods.

    the results themselves weren't much of a surprise I guess, so do we trust the results or not?
  • ...or how I learned to stop worrying and love Carnivore.

    I would guess that my e-mail is boring from a law enforcement perspective, but I still hate the fact that some bored feeb [fbi.gov] fsck can read one of my future inventions & pawn it off to someone he owns a favor to. Or, even worse, (s)he could spoof me and tie me to any unsolved case. This is 100% unlikely, but still bothered me until I read further into the article [usdoj.gov]. Check this out (emphasis added):
    3.5 SOFTWARE ARCHITECTURE The Carnivore software consists of four components 1. TapNDIS driver (written in C) derived from sample source code provided with Win32 Network Driver Interface Specification (NDIS) Framework (WinDis 32), a product of Printing Communications Associates, Inc. (PCAUSA, http://www.pcausa.com) The
    license for WinDis 32 prevents the FBI from releasing the source code for this driver, and possibly for TapAPI.dll, to the public. The relevant portions of the WinDis 32 license are shown in Appendix D. 2. TapAPI.dll (written in C++) provides the API for accessing the NDIS driver functionality from other applications. 3. Carnivore.dll (written in C++) provides functionality for controlling the intercept of raw data. 4. Carnivore.exe (written in Visual Basic) is the GUI for Carnivore.
    With all those .dlls, it sure looks like winbloze to me. They'll probably trail the Lindbergh baby kidnapper & fsck it up by getting the famous M$ Blue Screen of Death.

    By the way, I just love that lame excuse for hiding the source code. Et tu, corporate America?


    In 1999, marijuana [smokedot.org] killed 0 Americans...
  • Fresh from my "Uncle John's Bathroom Reader" day-by-day calendar; there is no good reason to eat turkey on Thanksgiving, other than turkey producers marketed it really well.

    Apparently the pilgrims didn't have turkey. But what did happen is many many years ago turkey producers decided to hype it as a "traditional thanksgiving dinner" because turkey was more profitable than any other meats.

    I wonder if in 100 years the Pilgrims will be shown eating burritos..

    "There's a party," she said,
    "We'll sing and we'll dance,
    It's come as you are."

  • It was also rejected...
  • Lets see now, it runs on NT, they use PC-Anywhere to dial in, and everybody logs onto it as "Administrator".

    This thing is a h4x0rs dream-come-true. Any ISP that gets one of these crammed down his throat ought to be very, very worried. Maybe attrition.org should go ahead and just setup a page now for Carnivore hacks.
  • The FBI hires admitted, convicted pedophiles [foxnews.com] to write software like this. Now, if they hire people who got CAUGHT to write this software, how sophisticated can it be?
  • If this thing is ever abused to the extent that Hushmail is not secure anymore, I'm picking up and moving to Finland. Over there, your company workspace/cubicle is your private property -- and so is your email on the company laptop.
  • To quote from the report, "A case agent controlling the Carnivore collection computer from an external computer must know the correct telephone number and have an appropriately-keyed CSP device, PCAnywhere software, a valid user name and password, and the Administrator password for the Carnivore collection box." So, the hackers will need just a little bit more than a PCAnywhere hack.
  • by Anonymous Coward
    As long as it was part of the kernel, it would be ok. Because then we would have the source code and we could check to see whether or not it is legal.
  • by FFFish ( 7567 ) on Wednesday November 22, 2000 @01:03PM (#606364) Homepage
    Why would anyone be thinking about Turkey?

    The only recent news about them involves a US military spokesman there that denies Iraq's claims of having shot down a US fighter jet [see here] [canoe.ca]; and a few weeks ago there were news stories about the Turkish government repressing (foreign) free enterprise business [see here] [canoe.ca]; and a heck of a long time ago (well, a few months, anyway) a bunch of boorish Brits got their asses kicked for desecrating the Turkish flag during a soccer match [see here] [canoe.ca].

    Anyway, point is, nothing much seems to be happening in Turkey, so why are we assumed to be thinking about it?

    Until some sort of really great geek hardware comes bursting out of its borders, or until they start some war with a neighbour, I just don't see why I'd ever think about Turkey.

    Jus' curious about the original author's thinking...

    --
  • You are correct. It is a packet sniffer which has been set up to record only the packets which meet the filter criteria selected. That is why the recommendation was that Carnivore was better for the FBI to use than a regular packet sniffer like EtherPeek which captures everything. Note that the review pointed out a whole bunch of problems with Carnivore that should be corrected.
  • From the Carnivore report
    Carnivore cannot

    - Alter or remove packets from the network or introduce new packets
    - Block any traffic on the network
    - Remove images, terms, etc. from communications
    - Seize control of any portion of Internet traffic
    - Shut down or shut off the communications of any person, web site, company, or ISP
    - Shut off accounts, ISPs, etc. to "contain" an investigation
    Sooooo send all your "sensitive" information encoded inside of gif's and jpeg's. Amazing. Big bad Carnivore can be defeated by a little Gimp. Just my Buck-o-five
  • Previous post says,
    "It also says:
    While IITRI did not perform an automated analysis to verify all code segments are executed and that no hidden ode exists, IITRI did verify manually that the driver API and DLL entry points provide only the functionality required to implement the features we observed. This makes me trust their analaysis even more! The API doens't provide anything more than what is needed so that MUST be the way things work."

    Well, convenient that the very next line of the report is not mentioned. It reads,

    "Given that the advertised functionality provides ample capability to perform unauthorized surveillance, IITRI concluded there was little incentive to hide such capabilities in the code."

    Why do that much analysis if it is obvious that it can collect everything anyway?
  • Thanks for answering with specific reasons for concern, instead of just spouting generic "a bored FBI dude might want to blackmail me" rhetoric.

    Had I an example to share (such as one of the other posters), I wouldn't have needed the "rhetoric" - and as you pointed out, since they have such a history of abusing their tools and methods, it seems a pretty justified rhetoric.

    News for hiryuu: If they want to find stuff out about you (for legit reasons or otherwise), they don't need Carnivore. They've got other stuff to watch you with already. As I said, the potential for abuse is pretty much the same as with wiretapping, if I'm not mistaken.

    And that ain't news to me - my point (however muddled it might have been - I was scrawling that in a hurry) was that I'm not comfortable giving them yet another tool to abuse, particularly one that gives them the scope and ease of reach that this one could. Someone else in the thread pointed out a vast difference between Carnivore and wiretapping, and that's the potential scale.

    At least we agree on a distro.:P

  • The Turks have universities that teach MIT curriculums, and students who graduate to go along and do their Masters or their Doctorate at Stanford, MIT, UCB, etc. If anything, Turkey could easily become the most technological advanced society, after Israel. And Turkey plays a major part in US international politics, especially since they have NATO bases there.

    They may have a shit economy, but things are brewing!

  • If you had read the report yourself, you would have found the answers to your questions. To read a dynamic IP address, you type in the MAC address of the system in question and Carnivore will listen for DHCP. It can also listen for RADIUS-assigned IP addresses by watching for the login name.

    I did read the paper myself. DHCP requests can only be read if you are within the LAN broadcast group. If there is a router between Carnivore and the "suspect", Carnivore must listen to everyone in an attempt to nab the suspect. If you split your DHCP ranges into subnets (and who doesn't) that means one carnivore box per subnet - totally unfeasible.

    My point stands.

    And it stands without even mentioning network cards with reprogrammable MACs, rotary MAC network stacks, RADIUS through encrypted tunnels, or international traffic where the broadcast range is way out of U.S. jurisdiction.
  • DHCP requests can only be read if you are within the LAN broadcast group. If there is a router between Carnivore and the "suspect", Carnivore must listen to everyone in an attempt to nab the suspect. If you split your DHCP ranges into subnets (and who doesn't) that means one carnivore box per subnet - totally unfeasible.

    But they are targeting only 1 person, so they only need 1 Carnivore box -- placed as near as possible to the person they are looking for. They said that in the paper.

    And it stands without even mentioning network cards with reprogrammable MACs, rotary MAC network stacks, RADIUS through encrypted tunnels, or international traffic where the broadcast range is way out of U.S. jurisdiction.

    I don't think Carnivore is targeting these types of people, especially ones outside of US jurisdiction. Let's face it, you can circumvent Carnivore quite a bit by using SSL, SSH, and PGP. Most criminals are going to be smart enough to use those if they know how to reprogram their MAC address.

    If you have comments or concerns with the report, the authors really would like your input. They understand that they might not have considered every aspect. Please let them know of your thoughts on their paper, but please do so in a non-inflamatory manner.

  • But they are targeting only 1 person, so they only need 1 Carnivore box -- placed as near as possible to the person they are looking for. They said that in the paper.

    If that's true, why are they putting a Carnivore in every ISP POP in the nation?

    I don't think Carnivore is targeting these types of people, especially ones outside of US jurisdiction. Let's face it, you can circumvent Carnivore quite a bit by using SSL, SSH, and PGP. Most criminals are going to be smart enough to use those if they know how to reprogram their MAC address.

    If they're not using it to target computer literate criminals, who are they going to use it against?

    Let's review these data points:

    1) It's useless against knowledgeable criminals.
    2) It's being placed in every consumer ISP in the U.S.

    It seems self-evident that this is aimed at the populace. But I admit that you have pointed this out more elegantly than I did.

  • If that's true, why are they putting a Carnivore in every ISP POP in the nation?

    Where the heck did you come up with that? I find that very hard to believe since the FBI has to get a judge to give a court order specifying particular user information and a set time period every time a Carnivore box is deployed. Not to mention the fact that there are only a small number of people at the FBI capable of installing and monitoring a Carnivore box.

    Please stop spreading FUD.

    It's useless against knowledgeable criminals.

    So is a phone wire tap. But criminals aren't exactly known for being super-intelligent. This is the FBI, not the CIA.

  • Where the heck did you come up with that?

    sigh [slashdot.org].

    Not to mention the fact that there are only a small number of people at the FBI capable of installing and monitoring a Carnivore box.

    That's why they only want to have to do it once.

    I find that very hard to believe since the FBI has to get a judge to give a court order specifying particular user information and a set time period every time a Carnivore box is deployed.

    Actually they just permanently deploy it once, then they need a court order to use it. Of course, since there's no auditing [computeruser.com], no one will ever know if they're obeying that.
  • I could find nothing in the link you provided that said that Carnivore would be deployed everywhere. Cringely's article said that we should be worried if the FBI decided to deploy it everywhere. Believing his "if" is true paranoia.

    Again I find it difficult to believe that you have read any of the articles that Sloshdot has referenced. The Carnivore boxes have a Zip or Jazz drive, which isn't enough to capture every packet that goes through an ISP. And they have to go to the ISP to get the disk, or else they have to download the info via a regular phone line.

  • They use PCA-USA's windis shim [pcausa.com]. A good product, and cheap - about $500.

    The nice thing about PCA-USA is that it gives you a copy of the NDIS stream, so you can create an anti-sniff proof network sniffer, among other things.

    Seems to be a very sensibly designed packet sniffer - along the lines of how I would build such a thing.

    If this report shows us anything, it's that we should not object to the implementation, but to the concept. Even if it is sensibly designed from off-the-shelf products, there is no way for them to gaurauntee they're picking up only the packets they want. In fact, it's quite impossible. How do you track someone with a dynamic IP? What's their signature? You don't know - you have to read everyone's traffic to find them.

  • Report released but no one saw it. Some people say that it was lost in a ISP mailsystem somehow
    --------
  • by VValdo ( 10446 ) on Wednesday November 22, 2000 @11:10AM (#606378)
    Let's say there's another outbreak of the ILOVEYOU virus, right? So a potentially "dangerous" type of e-mail is being forwarded via e-mail. Can the FBI step in and do what many ISPs were doing, ie, blocking that attachment? Seems like the FBI's job, right?

    Well at first blush, it seems like this is a valuable service the FBI might do-- to protect our digital infrastructure. But...what about other types of attachments or e-mail content could be considered "dangerous" that the FBI could use the same rationale for blocking?

    Where's the line?

    Allowing carnivore to exist starts us down the path where they can start doing way more than just monitoring e-mails...
    -------------------
  • From the Excite article:
    "The problem with Carnivore is that it gives the FBI access to the communications of hundreds, if not thousands, of innocent Internet users," he said. "It's not sufficient for the bureau to say, 'Trust us, we won't do anything wrong.' Most users want more of an assurance than that."

    Is this really any worse than the FBI's ability to tap phones? The use of Carnivore must be allowed by a judge for it to be legal. Sure, the potential for abuse exists, but if the FBI gathers evidence through illegal means it isn't admissible in court anyway. Not that I'm necessarily for Carnivore (or any other measure that gives the government the ability to invade my privacy) but I don't think there is anything too terrible about wiretaps, and from what I can tell Carnivore has similar a similar benefit/abuse potential ratio.

    -

  • Well, if it was on a bathroom reader it must be true!

    Looky here [aol.com] for another description - the best description only mentions 'fowl' and another from 20 years later specifically mentions wild turkeys.
  • I think the reson for the meager amount of reaction on this whole carnivore review becasue most everyone I talked to was expecting this so called "un-biased" review team to come out mostly in favor of it.

    The fact that the FBI is insisiting on using Carnivore as opposed to the open-source version recently created says volumes about the the FBI's real intentions. If they are not going to be using this for surreptitious purposes, then why not use an open-souce version that everyone cal review?

  • Can the FBI step in and do what many ISPs were doing, ie, blocking that attachment? Seems like the FBI's job, right?

    Nope. The 'i' stands for investigation, not intervention.

  • This a case where the bugs really are a feature.

    IITR finds 2 problems:

    1. Improperly configured, the system acquires far too much traffic.

    2. The system lacks an audit trail to determine who configured it.

    So, when Carnivore snoops on entire groups or ISPs we will never know who to blame. This seems like a feature to me. The system can be used illegally without accountability.

    This would not be as big of a problem were it not for the wall of silence. Law enforcement is the most crooked segment of American society - "honest cop" is an oxymoron. So any system that relies on "trust me" is pretty bad. As it's set up right now, it is much more than likely will be misused. Who did it will remain a mystery, since law enforcement personnel have a dubious sense of right and wrong when it comes to protecting their own. Recent studies indicate 80% of patrolmen admit to lying in court. Instances of police misconduct are insanely common, they just can't be front-page news in our corporate media.
  • My guess would be that a Tech Editing department expanded the acronym without asking the tech folk what it meant. Then the draft report, remember it is a draft, got sent out without the techies having a chance to review it.
  • Doesn't seem quite right, eh?

    No, it doesn't. But that same equiptment that is recording your routine traffic stop may also provide important evidence needed to catch a murderer or drug dealer who tears away from the scene.

    Well, I guess it is just an inherent problem with law enforcement...the more tools you give them to do their jobs better, the more they will exploit and abuse those tools beyond how they were intended. If the FBI didn't have a such a rich history of bending survellance laws, then people wouldn't be as concerned about systems like Carnivore being abused. They've brought the critisms on themselves, I suppose.

    Thanks for answering with specific reasons for concern, instead of just spouting generic "a bored FBI dude might want to blackmail me" rhetoric. News for hiryuu: If they want to find stuff out about you (for legit reasons or otherwise), they don't need Carnivore. They've got other stuff to watch you with already. As I said, the potential for abuse is pretty much the same as with wiretapping, if I'm not mistaken.

    -

  • by delmoi ( 26744 ) on Wednesday November 22, 2000 @02:14PM (#606387) Homepage
    you could try this [hushmail.com]

    Seriously, all you really need is to be able to open a secure connection (SSH, https, is there a secure SMTP?) to some server, and use that to send SMTP signals (or whatever). Why go for simple hacks, when you can have pure, perfict, unbreakable security?

  • Ok, So it's litening to the connection as it goes past on the wire....

    Why don't we simply have a system whereby mail server A and B encrypt the entire mail exchange transaction?

    The only real problem then would be getting people to employ it, and that could be done if it were made backwards compatible by accepting older smtp connections but adding a header that indicated it was at some point transmited in the clear, and accepting a security header that commanded it not to forward to in older servers.
    It would seems like it would be a simple modification to SMTP. Though I suppose it would have to get through the IETF first. This still leaves it in clear on the client side when it's uploaded to the server and downloaded, but similar mods could be made to the POP and IMAP connections.
  • wouldn't have parsed the acronymn DLL as "Down Load Link" instead of "Dynamic Load Library." (They really said this - see the preface, page iv or thereabouts).

    This might lead one to suspect that much of this "independent" report was copied directly from documentation supplied by the FBI itself, i.e., the Appendices, which - conveniently enough - were redacted from the materials released.

  • Anyone else find it funny that it's spelled Carnivoure?
  • You mean Soykey? With Soysage stuffing?
  • Sure, the potential for abuse exists, but if the FBI gathers evidence through illegal means it isn't admissible in court anyway.

    I don't give a damn about whether it's admissible in court or not. Is that the only use you can imagine for information gained illegally? What happens when information obtained illegally is used to pressure confessions or submission of further evidence - i.e., "We know you performed act X, why don't you come clean?" Or when the information is misinterpreted/miscredited, and an innocent party is then pursued/harrased?

    Hell, what happens if - hell, when - some agent or FBI IT dude gets bored/broke/unscrupulous and decides to screen and use information for personal entertainment/blackmail/wrecking someone's life? They have (near) ready access to that information, waiting for them - or at the very least, much closer than I'd be comfortable having them.

    (Apologies to anyone who dislikes compulsive use of the slashes.:))

  • We see nowadays so many cameras and photographic radars appearing on the streets. It seems to me that we cant even take a walk without being noticed. On the other hand, criptographic systems get better every day. Ian Pearson, a futurologist from British telecom, thinks that in the future we will have more privacy using computers than walking on the beach. This carnivore system made me think that, dont matter where, we wont have any kind of privacy.
  • The difference between tapping phones and carnivore is that the FBI can only tap 1 phone with a court order. They can't tap the entire trunk. With carnivore, the fbi has access to more than 1 persons stuff. As for evidence that can't be submitted in court, well I'm sure that if they saw a "naughty" e-mail from me, they would not just let it go. I have a feeling that once the red flags are raised, they will find another reason to surveil someone.

    Fatter than you.
  • I can't believe I am on the same side of an issue as Dick Armey. Is it a principled stand or another knee-jerk anti-Clinton/Reno reaction? In other words, how far can I trust him as an ally.

You can tune a piano, but you can't tuna fish. You can tune a filesystem, but you can't tuna fish. -- from the tunefs(8) man page

Working...