Carnivore Demo Report

An anonymous reader sends: "Here's an archived copy of an anonymously remailed report on a demonstration of two versions of Carnivore by an FBI agent, at the recent NANOG 20 meeting."

michael : People are really interested in the "inner workings" of Carnivore, as shown by the many submissions. I never thought it was anything special - from the start, when I first knew that the FBI had an Internet interception box, I just assumed that it would neatly sort and deliver all Internet traffic of a particular target. I can spec out how I would design such a box; and the FBI isn't stupid; so I assume they would do it in a similar fashion. I think there's still a lot of disbelief out there, though - "You mean the FBI can really track both Web access AND email? And IRC? And Usenet? ...." People just don't believe it, because they're used to thinking of Internet traffic in different terms than phone or whatever.

The only important design aspects of the carnivore box are things like "Can the FBI set it to snoop on traffic it isn't supposed to? Can I dial into the box and snoop on my neighbors?" and other questions like that, which we'll *never* find out from any powerpoint presentation.

So get used to it, people. Assume that Carnivore neatly captures, sorts, and delivers all traffic that passes through it, and that the FBI can just type in your name and plug it in. Assume that there's a user-friendly, point-and-click interface. Assume that it will pretty-print reports, ready for filing with the court if/when you are prosecuted. Assume that there's essentially no oversight of the FBI's use of this device - after all, judges exercise almost no oversight over wiretaps, there's no reason to believe that Internet-tapping will be overseen any more diligently. The FBI and police approach wiretapping requests in the same way that conniving children approach their parents - it only takes one judge to approve a request, and the FBI can approach as many different ones as needed until they find the one that just doesn't care and rubber-stamps everything.

Get used to it. Want more data about how Carnivore works? Push for the source code to be opened. Nothing else will provide any more information about the system. You can't tell how secure it is (against the FBI, or against anyone else) from a presentation.

As for me, I'm steadily moving toward encrypting as much of my traffic as possible. I set up ssh for my home network recently. I'm setting up SSL. I'm reading up on IPSEC. I guess I just don't have a very trusting nature. The way I figure it, the time to set up countermeasures is before you expect to need them.

Freedom 2.0

The report mentions the fact that Carnivore can't handle encrypted data.

To protect against unauthorized snooping, you can use Freedom from Zero-Knowledge Systems. It offers 4096 bit encryption of web browsing, pseudonymous email, cooie management, ad blocing and more.

The real problem is the mutability of the records.

The thing that worries me is that now so much evidence used in court is made up of electronic records, which can be forged. In the bad old days you had tape recordings of conversations, which (unless you hired Rich Little) couldn't easily be faked. But with evidence like carnivore data being used in court, what is there to stop *anyone* from putting in a couple of access to www.kiddieporn.com or email to obinladin@bombmasters.com?

Same for hard drives. I know someone who had to send dumps of his hard drives in for some stupid lawsuit. What can stop someone from patching up those dumps to look as if there is a deleted version of a "smoking gun" letter that shows guilt?

I guess on the flip side you can always say "they faked this" as a defense. Does this provide reasonable doubt?

I guess it is time to start signing e-mail.

-- ac (sorry)

"Trust the Government"

[Loundry]

If you aren't doing anything illegal, you have nothing to worry about.

Lots of people seem to feel this way. These seem people also seem to be the same people who think that government should be the arbiters of morality and that laws exist to make sure that people are doing the right thing.

"I'm not downloading kiddie porn, so everything is okay. The government can set up a vidscreen in my living room and I don't mind at all. Since I'm not doing anything wrong, what do I have to fear?"

The problem with this is that the lawmakers are no more or less moral than any in the citizenry. Furthermore, it fails to take into account the psychological fact that every person finds his or her own morality. What gives the government the right to dictate morality on the citizenry? Do you really want people like Bill Clinton and Ted Kennedy dictating morality to you? And what makes their morality any better than anyone else's?

This is why I think the only things which should be illegal are things which deprives other people of life, liberty, or property. For this reason kiddie porn is illegal, but drugs are not. Key words in my belief are "other people" -- every person should be completely free to destroy his or her self if they so desire as long as it's only his or her self that is destroyed by their actions.

This is why we need privacy. The government is simply not equipped to decide what we should or should not be doing. Nor can they adequately "monitor" anyone to ensure that they are living the "government-approved lifestyle." And it cannot be shown that the "government-approved lifestyle" is any better than any other lifestyle. The best that government can do is to make laws forbidding the deprivation of another's life, liberty, or property and then enforce those laws. If we allow government to do otherwise, then we are at the whims other other people who are neither more moral nor better equipped to govern than we are -- and they have the right to use deadly force to enact their goals.

There is a solution.

Encouraging Encryption

[Col.+Klink+(retired)]

After all these years of doing everything in their power to stop encryption via export regs and Clipper & friends, the US government is *finally* doing something to encourage the use of encryption. Good on them!

Meaning of second amendment (OT)

[finkployd]

It's an interesting point of view, but a simple journey into the writings and speaches of the framers of the constitution shows that your interpretation is indeed incorrect. They clearly state that it was intended to bestow the right to the entire population. I direct you to the writings of Madison and Jefferson specifically, who have much to say on this. Of note is that many considered the right of the population to bear arms more important than speech and debated took place to decide if it should be first. The amendment took many forms as it was writen and re-writen, and ended up the only amendment with a justification. If you don't want to look up the intended meaning of militia, here are some explinations:

Samuel Adams:
"It is always dangerous to the liberties of the people to have an army stationed among them, over which they have no control ... The militia is composed of free citizens.

Patrick Henry:
"The great object is, that every man be armed....Every one who is able may have a gun."

"Are we at last brought to such a humiliating and debasing degradation, that we cannot be trusted with arms for our own defense? Where is the difference between having our arms in our own possession and under our own direction, and having them under the management of Congress? If our defense be the real object of having those arms, in whose hands can they be trusted with more propriety, or equal safety to us, as in our own hands?"

Thomas Jefferson:
"No free man shall ever be debarred the use of arms."

George Mason:
"I ask, Who are the militia? They consist now of the whole people, except a few public officers...To disarm the people is the best and most effectual way to enslave them."

I also would submit to you that your interpretation implies that of all the amendments that make up the bill of rights, the second is the only one that does not apply to the people, only the government. In fact, the term "the people" is also used in the first and fourth amentments to grant rights. Does the phrase "the people" take on a different meaning and refer to a different group when applied in these amendments?

Finkployd

carnivore isn't their only input

[mattsouthworth]

Two points that the FBI guy made over and over at NANOG were that

1) Carnivore is just one tool in a suite of information-gathering utilities. Other software (demonstrated at NANOG) sorts the information gathere from carnivore, and could easily take input from other data gathering systems. All the fuss over carnivore could be (and this is just conjecture) a convenient distraction from really nefarious FBI tools.

2) Carnivore needs to be deployed with the cooperation of the ISP. In addition to simply needing access to the ISP facilities, the FBI engineers need to know where on the ISP's network to locate the box so it can be effective. The FBI agent claimed his folks didn't 'strongarm' ISPs into putting these boxes on their network, although someone from the NANOG audience vigorously claimed that that exact thing (pushy FBI agents force their way onto his network) does happen.

Either way, carnivore itself is just a packetsniffer with an interface even an agent can love. I'm more interested in what other sources of input the FBI has or is developing.

Oooh...

[Shotgun]

The FBI has a packet sniffer. Be afraid. Be VERY afraid.

Seriously though. As I read the description, the only thing that would come to mind was that this device would only stop the most stupid of criminal. The type of rogues that murdered Michael Jordan's father. They commit a crime and then run around telling everyone about it.

Anyone foolish enough to be transmitting data in the clear concerning something that the FBI would care about needs to be locked away for their own protection. Any criminal with half a brain would set up a VPN to set up an SSH session in order to run their custom chat program that uses one-time-pad security. I guess the paranoid aren't being caught, only those who would log into #imACriminal and type, "Me Shotgun. Me rob Wells Fargo at Fifth and main last night. Me live in yellow house."

Again, I reiterate, this will only catch the stupid criminals, and maybe those that the powers that be want bad enough to invest the resource of the NSA to break a ridiculous amount of encryption.

Re:Oooh...

[interiot]

Even if you encrypt everything, they can still do traffic analysis. Meaning that they still know a few things:

• WHO you're talking to
• WHEN you're talking to them
• HOW MUCH data you're sending

Which can sometimes be just as/more revealing than the contents of the messages.

Though I suppose these could be smudged a little bit by sending random data to random people on random UDP ports. Or other ways (open proxies, but we know how much spammers like those).

And it's a real pain in the ass to make sure that your recipients have the proper asymetric encryption to be able to receive your encrypted messages.
--

The solution has been known for centuries

[devphil]

Use metaphors.

Pick up a decent, non-idiosyncratic translation of some of the writings of the first century A.D. in southern Europe. They're full of references to (for example) the fall of Babylon, but what they're actually talking about is the fall of the Roman Empire.

(Recall that Rome was good at oppressing people, and that the nation of Babylon had died a long time earlier.)

Religious and political tracts have done this for a long time. We do it today: every /. reader knows which corporation I mean when I say Evil Empire, although in the mid-80's it was a different corporation, one with a three-letter acronym.

Encrypt the text, but also encrypt the meaning.

Re:More Gun Facts

[1010011010]

A few historical quotes...

"Firearms stand next in importance to the Constitution itself. They are the American people's liberty teeth and keystone under independence. From the hour the Pilgrims landed, to the present day, events, occurrences and tendencies prove that to ensure peace, security and happiness, the rifle and pistol are equally indispensable. The very atmosphere of firearms everywhere restrains evil interference - they deserve a place of honor with all that's good."
-George Washington

"A free people ought ... to be armed, To be prepared for war is one of the most effectual means of preserving peace. A free people ought not only to be armed, but disciplined."
-George Washington

Americans [have] the right and advantage of being armed -- unlike the citizens of other countries whose governments are afraid to trust their people with arms,"
-James Madison

"That the said Constitution shall never be construed to authorize Congress to infringe the just liberty of the press or the rights of conscience; or to prevent the people of the United States who are peaceable citizens from keeping their own arms..."
-Samuel Adams

"The Constitution of most of our states (and of the United States) assert that all power is inherent in the people; that they may exercise it by themselves; that it is their right and duty to be at all times armed and that they are entitled to freedom of person, freedom of religion, freedom of property, and freedom of press."
-Thomas Jefferson

"And what country can preserve its liberties, if its rulers are not warned from time to time that this people preserve the spirit of resistance? Let them take arms ... The tree of liberty must be refreshed from time to time, with the blood of patriots and tyrants,"
-Thomas Jefferson

"No free man shall ever be debarred the use of arms. The strongest reason for people to retain their right to keep and bear arms is as a last resort to protect themselves against tyrrany in government,"
Thomas Jefferson

"The great object is that every man be armed. Everyone who is able may have a gun,"
-Patrick Henry

"To preserve liberty, it is essential that the whole body of people always possess arms ..."
-Richard Henry Lee

"The best we can hope for concerning the people at large is that they be properly armed,"
-Alexander Hamilton

"False is the idea of utility that sacrifices a thousand real advantages for one imaginary or trifling inconvenience; that would take fire from men because it burns, and water because one may drown in it; that has no remedy for evils except destruction. The laws that forbid the carrying of arms are laws of such a nature. They disarm only those who are neither inclined nor determined to commit crime."
-Cesare Beccaria, quoted by Thomas Jefferson

"Both the oligarch and Tyrant mistrust the people, and therefore deprive them of arms."
-Aristotle

Amendment. II. A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.
--The Consitution of the United States of America



________________________________________

Re:Someone hand this conspiracy junkie a clue

[Tackhead]

> The NSA is not chartered for domestic surveillance. End of story.

Thanks. Like I've said before. I trust NSA and CIA way the hell more than I do FBI.

NSA and CIA are intelligence organizations. They are tasked to generate intelligence -- to process data and generate information useful to decisionmakers. The higher the signal-to-noise ratio, the better the quality of the intelligence. Sure, they may capture everything you do, but they're not interested in it. The data comes in, but its only value is that it can be transmuted to more useful data for processing by decisionmakers.

FBI is an enforcement organization. Their mandate is to generate arrests, not information. Data-gathering enables them to generate more arrests by placing a larger segment of the population under surveillance and then enforcing the laws as they choose.

To illustrate the difference, I'll fabricate an analogy out of another bit of automated surveillance technology: photo radar.

• An intelligence organization would use a photo radar station to measure the number, type, and speed distribution of cars travelling down a stretch of road. The resulting report could be used by other organizations to decide whether to widen the road, to maintain the road more or less frequently based on truck traffic, or to see how many people respect carpool lanes or speed limits.

• We all know why cops would use such a device. Extraction of revenue, control of driver behavior, and 10 miles down the road, the search-and-seizure of "couriers" who fit "profiles" like driving at 54 MPH in a 55 zone at 3:00am with out-of-state licence plates.

Both organizations would go through their photo radar records if a Ryder truck blew up a federal building near the highway, in order to make life hell for the bastard.

But the intelligence-operated radar trap wouldn't be trying to justify its existence by annoying everyone else during non-crisis situations.

This is bad

[Sirch]

This is really quite scary. It's not because I do anything illegal, but Carnivore makes interception of all my net traffic possible. Just think of what they can use this for! If there is ever a return to McCarthyism, and I read something about, say, Karl Marx, I could immediately be marked as a "Red" - draw any parallels with any other "subversive" elements. While I feel that "Big Brother" is useful for the prevention and detection of internet-related crime, such as "immoral" BO2000 use etc, the flip-side is that we lose a part of our freedom.

How legal is this? Is it, for example, legal here in Britain? Can any intelligence agency in the world just switch it on and type in my name and monitor my activities? This seems to enable monitoring from a distance - therefore, though I am in Britain, could the FBI snoop on me and get away with it because they're on US soil?

Will Making Carnivore Open Source Change Anything?

[n3rd]

After reading this article about Carnivore (I didn't know much about it previously), it struck me as strange as to why this should be open sourced.

This will probably be moderated down as flamebait, but hear me out.

The issue that's on everyone's minds here is not what so much what Carnivore can do (we all know it's just a sniffer with a nice interface), but how open it is for abuse. I really don't think that by forcing the FBI to allow us to audit the source that we'll find some spectacular hidden feature, again, it's only a sniffer. Carnivore can do the things a sniffer can do (capture any and all network traffic).

The issue isn't so much the potential for "hidden features", but the potential for abuse by those using it. Could the FBI watch the traffic for all users on a subnet even thought they're only supposed to be watching one user? Yes. Could the FBI do extra things and gather extra information that a normal network sniffer could not? Probably not.

In conclusion, Carnivore's potential for hidden features are what makes in dangerous, but it's potential for abuse by the people who use it is.

Don't forget about Echelon

[b0z]

You know, the global spying network set up between various countries including the U.S. and the U.K. I think they possibly have been snooping on us all in their various ways. It is odd that carnivore has taken all the attention when a conspiracy on an even bigger scale that goes through many different countries should be even bigger news.

Anyways, I wouldn't worry too much. Yes, they are bringing us closer to living in the world written about by George Orwell, but there will always be those of us that will be on the edge of the law, and a danger to the system, to keep the governments in check. Ummm...sorry, don't want to sound like I am making a movie trailer. Anyways, the point is that in any society, when things get bad enough, the people will rise up and overthrow the ruler/government that is oppressing them. This is not happening yet, and that's why some of us who see these crimes against us being committed by our leaders get frustrated when the average person on the street is apathetic. So far we still are pretty free and can do what we want for the most part. We do have less freedoms now than people did 50 years ago though, at least in the U.S.

The real danger

[Veteran]

The real danger of Carnivore is its extreme potential for abuse. There is absolutely nothing to keep the FBI from adding a few incriminating packets to a Carnivore finding. Packets can always be forged. After all, they are just ones and zeroes, and there is no way to tell forgeries from legitimate ones and zeroes.

Don't think that law enforcement agencies would do something like that? Of course, you are correct: the police have never planted drugs on a suspect. Not one time, ever.

For example: no police officer would ever claim you were speeding when you weren't - just because he wanted to search your vehicle. Oh wait, I have had that happen to me three times in the last 20 years. And no, I don't look like a drug user - or even meet any sort of profile other than being a single male driving a not very expensive vehicle. I think the officers were just bored. When they couldn't find anything wrong they looked really disappointed. I was always polite and courteous to them when they pulled me over, so they didn't 'find' any drugs in my vehicle. Of course all it would have taken was a little outrage at being stooped for a crime I wasn't committing, and suddenly boom: "Look what I found." See guys, its not paranoia when it has happened to you.

Carnivore enables the modern version of a thought crime: "We thought you might be a criminal, so you are one!"