Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Look Inside Carnivore

Posted by jamie on from the how-do-YOU-read-Amendment-IV dept.

EPIC requested almost 600 pages of data on the FBI's Carnivore through the Freedom Of Information Act. Yesterday, about 200 were "redacted in full" (withheld) and the rest were sent with varying amounts of black marks. EPIC is scanning them and putting them online as quick as it can; SecurityFocus has an interesting overview. It turns out the supposed email scanning tool also stories copies of webpages you read, and, at least in an earlier version, looked into tracking voice-over-IP.

Just for reference:

Amendment IV

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

10 of 86 comments (clear)

  1. Re:Tough to balance by Absimiliard · · Score: 4

    Balancing constitutional rights with what "law enforcement" wants is not always easy.

    Seems quite easy to me. If you want to live in a free country you say "screw you" to law enforcement and enforce the Constitution. If you want to live in a totalitarian state you say "screw you" to the Constitution and help law enforcement.

    Personally I'm quite willing to let some drug-dealers walk, know some kids have been abused, and watch the Oklahoma bombing all over again if the alternative is to start giving up our Constitution. Freedom must be paid for in blood. You can't change that.

    I certainly wouldn't. And I'm just as willing to die by a terrorists actions as I was to die in the US Navy at the hands of a foreign aggressor. In fact I see no real difference between dying one way or the other, either death is in service to our Constitution.

    Absimiliard

  2. Re:Tough to balance by Erore · · Score: 3

    I can respond to this, since I just sat in on a class at which the two guest speakers(FBI guys with the suits to prove it), who are very high up in the FBI Carnivore and Encryption programs, spoke about this very topic.

    1) Criminals are dumb. One speaker relayed conversations he heard through wire taps in which one caller told another caller to keep his voice down the Feds might be listening.

    2) The FBI wants all commercial encryption software to use recoverable means. Not by some secret backdoor that only the government posseses, but one that a dis-interested third party can use when the Feds have obtained the necessary court order to do so.

    3) Your question will then be, why should criminals use software with built in recoverable means. See #1. Criminals are stupid and will use methods that are easily available to them.

    4) The NSA will not get involved in Carnivore. The purpose of the FBI is to collect evidence that can be used in a court of law. If the NSA is involved, then they will be forced to reveal that they had the ability to crack this encryption or that bit strength. Doing so relates back your very own statement that you want to keep your methods a secret. If the NSA is known to have an ability, then the people they spy on will change their methods. That is because the NSA actually has to deal with Intelligence (gent) operations, not stupid criminals.

    5) The FBI only performed some 350 wiretaps last year. Combined nationwide with local authorities, state, and Federal, only some 1320 were done. To date, only 25 Carnivore installs have been done. That is going back 2 years nearly. The majority of wiretaps are for Drug cases, and the majority do not amount to any evidence that can be used for a conviction. I could not get clear information on how useful the 25 Carnivore installs have been.

    6) Carnivore runs on Windows NT. They have a team of engineers whose sole purpose is to worry about the security. I think they spend the day looking at microsoft.com and hoping they have downloaded all patches. ;-)I saw version 1.3.4 I believe, and 2.0 is being worked on. The speaker stated that when they come to install Carnivore, the ISP is given the option of using software they provide and trust in place of Carnivore if such software can meet the demands of the court order. Most ISPs will not want to do this because they will then be reponsible for testifying in court about the evidence collection methods.

    7) I asked specifically about the use of Open Source programs in relation to # 6. The speaker waffled and did not seem to like the idea of Open Source for fear that known methods will lead to criminals using methods for evasion. Which does not seem to tie in at all with the dumb criminal theory the other speaker insisted upon. Instead, they would like to see a Commercial vendor make a product they could use, and that the methods of collection (how to track a dynamic IP assignment)

    8) Criminals aren't all that stupid all the time. The biggest and the baddest will be quite smart and will use smart methods. Since these are some of the ones we want to catch the most badly, they will not use recoverable encryption either on the telephone or over the Net and Carnivore and wiretaps will do no good in the investigation.

    9) I forgot what I was talking about.

  3. Re:Why worry? by GigsVT · · Score: 3
    Simple find and replace, carnivore with "home surveillance" whereby the FBI puts cameras in every room in your house.

    I honestly to not understand the large amount of panic over the home surveillance system. So far as I am aware, you will only be tracked if you are suspect to criminal activities, in much the same way as more traditional wire taps. If you are genuinely worried about what impact home surveillance will have on you, then maybe it is time YOU SHOULD STOP DOING WHATEVER ILLEGAL OR QUASI-ILLEGAL ACTIVITES you are currently engaged. If aren't engaged in said activities then why on Earth are you worring??? "All power to the Soviets"

    Big Brother is Watching.
    -

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  4. Re:No Worries! by prak · · Score: 3

    In the specifications for Carnivore 1.2 one of the features listed is:
    "Remote control of system from another location [Rest of line blacked out]" from http://www.epic.org/privacy /ca rnivore/evolution.html

    Now they could be talking about the user's system, which is really scary, but I read it to be talking about the Carnivore box. Which would seem to suggest a port or two being left open.

    -prak

    --
    -prak
  5. Identify Carnivore remotely? No. by Nonesuch · · Score: 3
    I seriously doubt that the Carnivore host is going to be assigned any IP address on the ISP's network.

    It's doubtful that the network card will be physically capable of responding to any packets, so antisniff, nmap, Satan, etc will not do you any good.

    One such product I have worked with is the Shomiti Century Tap, a 10/100Mps Full duplex transparent network tap. Undetectable without either a TDR or physically tracing the wires.

    This also means that unless you have physical access to the machine (e.g. you work for an ISP at which the FBI has placed a Carnivore box), there is little possibility of running any exploits against weaknesses in the underlying OS.

    From the articles I have read, the Carnivore dumps the collected evidence to tape, the FBI can then send an agent to retrieve the tape from the ISP. This makes sense from a 'chain of custody' standpoint, it's easier to explain to a judge how the FBI is sure the evidence has not been tampered with than if it was uploaded electronically to www.fbi.gov.

    --

    I do not deploy Linux. Ever.
  6. Tough to balance by akey · · Score: 3

    Balancing constitutional rights with what "law enforcement" wants is not always easy. Since Carnivore largely amounts to a tool for gathering intelligence, it's quite understandable that the Feds don't want to release details. The first rule of intelligence gathering is to keep your methods secret -- otherwise your targets will be able to adapt and avoid interception.

    Of course, if the targets use strong encryption, Carnivore is worthless (without the NSA, of course). Which leaves us with the question, who is Carnivore actually aimed at? Criminals who are smart enough to use email, but dumb enough not to encrypt, and evil enough to have committed federal felonies? Somehow I doubt that that group is large enough to justify Carnivore.


    ---

    --

    ---
    "Go Metallica. Die RIAA." -- Linus Torvalds
  7. Problem with Amendment 4 by Life+Blood · · Score: 3

    Presumably Carnivore would only be used once the FBI has a warrant, therefore the fourth Amendment does not apply. While there is still a question of "who watches the watchers" Carnivore has appropriate uses just as Napster has appropriate uses. It can be used for perfectly legal and moral purposes for criminal investigations.

    IANAL, but the other problem is that the fourth Amendment in its strictest interpretation technically only applies to physical objects (effects, persons, houses, etc.). Electronic data is not physical really, however it is a type of correspondence which means it should still be protected by the 4th amendment.

    --

    So far I've gotten all my Karma from telling people they are wrong... :)

  8. Re:No Worries! by Tassach · · Score: 5
    Carnivore/Omnivore on Solaris is scary. Carnivore/Omnivore on NT is VERY scary. If someone were able to exploit a hole on a carnivore box, they could then use it to monitor anyone's communication. This is of course possible under Solaris too, but NT is far more vulnerable to remote exploits.

    A black-hat being investigated by the FBI could possibly turn their tool against them, using *nivore for counter-intelligence. At least the FBI has to pretend to obey the law and respect some limits -- a black-had has no such restrictions.

    I wonder if there is enough information in what has been released to be able to identify a carnivore box remotely. Does it use promiscuous mode packet sniffing? Could you detect one with a variant of l0pht's antisniff? Does it exhibit any tcp/ip eccentricities that could be detected with nmap or SATAN?

    --
    Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
  9. Top Secret Titles by dr_strangelove · · Score: 3

    I don't know about you folks, but the fact that the FBI felt it necessary to redact parts of the TITLES of test sections doesn't really make me sleep any easier. I mean, c'mon guys. What the hell is so secret we can't even see what it's called?

    Janet Reno needs to be slapped. Repeatedly.

    --
    "...they may harpoon us, but they ain't gonna pick us up on no radar screen!"
  10. OK, so.... by Millennium · · Score: 3
    The Slashdot story alone tells us two things:
    • The FBI lied. Carnivore can do more than they originally said it could.
    • There are still things they aren't telling us. Remember, two-thirds of the information was withheld. Even the name of Omnivore's predecessor is still classified as "secret" (meaning that, were the secret leaked, national security would be harmed significantly, at least in the eyes of the classifiers).

    Now, the SecurityFocus article also adds one other thing: Carnivore is in fact capable of performing certain kinds of searches without a warrant. According to the FBI it can only do this in "pen mode," and that mode restricts the kinds of searches it can perform, but we know already that they cannot be trusted where Carnivore's capabilities are concerned.

    People talk about balancing Constitutional rights vs. "law enforcement." The fact is, the Constitution has already set the balance. We have a right to not be searched. But law enforcement can override that by getting a warrant or "probable cause" (which must by definition be established without performing any search), at which point they are allowed to search us. That is the balance, and it suffices for enforcing the law (prevention of crime is another matter, but this is not the job of any law enforcement agency, so the point is moot).
    ----------