GNU Carnivore With Perl Data Lookup

Kallahar writes: "Inspired by the FBI's DCS1000: Carnivore is a networked art project in two parts. The first part is Carnivore Server, an application which performs packet-sniffing on a specific local area network and serves the resulting data stream via the net. The second part consists of an unlimited number of client applications which tap into this data stream and interpret it in creative ways."

Chaos theory at work

[cculianu]

I always love art that is based on chaotic systems. It's really cool how order can arise from chaos, and vice-versa.

Lets Hope

[JohnHegarty]

"performs packet-sniffing on a specific local area network"

lets hope no one is look at naughty pictues... might give an effect which is less than random, and a bit more 18+

is an open source Carnivore more acceptable?

[fetta]

One of the critiques that I've seen of the FBI's Carnivore was that it required an ISP to install a "black box" on their network about which the ISP knew very little.

Would an open source Carnivore be more palatable to the ISP community? The privacy implications remain, of course, but if the U.S. government adopted an open source program would ISPs be more willing to implement it?

Re:is an open source Carnivore more acceptable?

[dattaway]

What is on this black box? Does it use Windows as its operating system? Complete with the IIS web server?

Re:is an open source Carnivore more acceptable?

[LinuxHam]

check out Altivore.

I wonder how many tech-saavy parents would use it to monitor their kid's activities.

Re:is an open source Carnivore more acceptable?

[_Mustang]

if you the ISP can change the code, how can it be insured that the software hasn't been tinkered with, to produce in-accurate results

Certainly an interesting point. But then we can ask the question, does source equal binary? I think it's reasonable to say that any changes to the source code can be detected by differences in the binary output. In this type of situation I think the value of having open code is the ability to audit the system.
Of I'm with the author of this thread's parent - why exactly is an OPEN-SOURCE carnivore more acceptable..??

Re:is an open source Carnivore more acceptable?

[jorbettis]

I mean, if you the ISP can change the code, how can it be insured that the software hasn't been tinkered with, to produce in-accurate results?

The FBI could take MD5 checksums of all the binaries on the system before giving it to the ISP, then it could simply check the checksums when it gets it back.

Of course, if the ISP couldn't be trusted with the binaries, I don't think the ISP could be trusted not to tinker with the datafiles that they generate ether.

glaring security problems

[JohnHegarty]

On November 17th, a draft version of a review of Carnivore, the FBI tool for monitoring Internet traffic, was made available to the public. This review was performed by members of the ITT Research Institute in Lanham, Maryland and is 127 pages long. In the Executive Summary, the review makes several recommendations for ways in which Carnivore must be improved, in order to protect individual privacy and assuage concerns about the potential for unauthorized use.....
....

.....
In other words, they found a flawed product, which can currently be easily manipulated to gather information beyond that authorized in a court order. They believe the flaws are fixable and have made recommendations as to what needs to be done, including eventually releasing the source, but not until some glaring security problems have been fixed first.............
Read on here:
http://www.lwn.net/2000/1207/security.php3

Re:glaring security problems

[blair1q]

Court order?

What would they need that for?

They have a GPL!

Oops. Maybe they don't...

--Blair
"The net is not secure. The net is not secure. The net is not secure."

Disappointment...

[Xerithane]

I have to say, I am severely disappointed that they don't have a Matrix-style display. To have a realistic matrix display that contains real information about network data would just rock. Warm and fuzzy all over.

Carnivore server?

[mwalker]

Carnivore Server is a set of Perl scripts running on top of tcpdump

You know, sadly, this is probably far more sophisticated than the actual Carnivore system.

Good grief.

So the FBI couldn't get ISPs to Install Carnivore

[bstrahm]

So they release a "Art Project" that convinces people to install a box on a bunch of networks, join an IRC channel and dump packets...

And this is a good thing because ...

???

Wireless networks are very vulnerable to this

[gentlewizard]

"an application which performs packet-sniffing on a specific local area network"

Imagine setting up a dual-homed, 802.11b equipped laptop near a major business, then using this art project to broadcast what you hear to the world.

Scary!

Want to cause havoc with their monitoring?

[The+FooMiester]

Send your friends some streams of /dev/random They'll waste a few cpu-hours trying to decrypt each. If everyone did this, all monitoring of traffic would either be very expensive or very worthless.

Start secret message:
s^O(^S^XltkA@[1^Z;
end secret message

Re:Want to cause havoc with their monitoring?

[Alan]

Hell, there's so much spam and ads and flash streams on the net these days it's almost as good :)

Re:Want to cause havoc with their monitoring?

[Arandir]

Remember "The Prisoner"? In one episode they briefly mentioned "jamming" to disrupt the activities of the warders. A later episode, "Hammer into Anvil", showed awesome jamming in practice.

"Prisoner" style jamming would be stuff like secretly passing (real) grocery lists, abruptly changing your well known hobbies, getting a post office box that you only use for two of your four magazine subscriptions, etc. Makes the warders think you're up so something so they expend effort trying to figure it out.

So what would "Carnivore" style jamming be? It can't be just randomness, and it has to be at least semi-legitimate. Posting signed and encrypted random streams won't count, because it's not real. And it can't get you in real trouble. One idea: create a PGP key for "Anonymous Coward", and sign all of your AC posts to Slashdot with it. Another: always use a signature tag composed of 26 randomly selected letters, all lowercase.

The key to getting jamming to work is for all the jammers to respond appopriately to other jammers. When one jammer sends you a PGP signed grocery list, send him or her your chocolate cheesecake recipe.

Re:Want to cause havoc with their monitoring?

[flonker]

This happened to me about four years ago. I posted a message to Usenet (my first post to alt.discordia, among other groups), with a .sig containing "Filter bait: He will assassinate the president, but needs the password." followed by RC4 in 3 lines of Perl. The secret service obtained my (unlisted) home phone number, probably from my university, (probably not entirely legal, but I'm not pushing it,) and called me up at the ungodly hour of 9AM to question me about my website. They were referring to this post, which they had found using Dejanews.

My point being, I'm a bit afraid of the run of the mill agents having access to technical anti-privacy nukes that they don't quite know how to use.

Free spyware!!

[tuxlove]

While I suppose this software could be used for legitimate security purposes, much as programs like Snort which monitor your network, the potential for abuse is great. By providing network administrators with a tool for sifting through network traffic for fun tidbits like email messages and other personal communications, the bar has been raised in the battle for privacy. Tools like this will make it that much easier for your ISP or employer to spy on you unless you take great precautions like encrypting everything. Since that's not always feasible, I guess we need to accept that there's no such thing as privacy on the net.

Of course that was always the case, but in the past it's been similar to the "school of fish" mode of defense. By schooling, fish reduce their chance of being singled out by predators. In a group of a million fish, the chance of any particular one of them getting eaten by a shark is small. One could liken this scenario to the millions of Internet users. But now, with tools like Carnivore, you can catch all of the fish at once and devour them at your leisure.

I think I see why it's named Carnivore.

Re:Free spyware!!

[aiken_d]

Well, I think it's more along the lines of Brin's Transparent Society idea: as long as the feds are going to have access to every byte sent on the net, damage to civil liberties can be minimized if *everyone* has access to that same information.

That way there's no mystery about what can/cannot be inferred from the data. There's no special class of people who have access to sniff every byte of communication you or anyone else sends. It levels the playing field at "no privacy for anyone, to anyone" which ironically enough is better for society than "no privacy for anyone, to the government"

Interesting, and worthwhile, idea.

-b

Re:All net traffic now under Carnivore surveillanc

[Amazing+Quantum+Man]

Plus, you need to build your own compiler, starting with hand-built machine code and bootstrapping your way up (see the classic C Compiler hack).

Of course, you then need to build your own processor to ensure there are no hacks in the processor too...

Cool art...

[ackthpt]

This stuff is more enjoyable to look at than most of what's on the walls at the Guggenheim!

I'm waiting for FBI@home

[glebite]

Just imagine it - due to the wild success of the SETI@home and protein folding efforts, the FBI has decided that they too can distribute the loads of finding nefarious people in the world.

And, with the MPAA and RIAA @home supplemental modules, your MP3s will be reported directly to the master FBI server...

Re:I'm waiting for FBI@home

[sharkey]

Well, FBI@home could hardly be more clueless than Comcast@home, and they probably have better funding as well. As long as I can get my high-speed pr0n, well...

Re:All net traffic now under Carnivore surveillanc

[vsavatar]

As much as I'd like to, very few, if any people I know have any idea how to decrypt PGP messages. The problem with PGP is you have to have one side to encrypt it and the other side to decrypt it, and since a lot of my friends, family members, and clients are 100% computer illiterate, it does not lend itself to being a realistic solution. I think all messages should, by default, be encrypted by all SMTP servers before they leave the network and be decrypted by the receiving SMTP servers before delivery, by using one of RSA's lovely encryption mechanisms, but that's just me.

Re:This is too freakin' scary

[bstrahm]

Ok... Where do you see a right to privacy on the internet in general ???
I can not point to any protocol standard that says you have such a right.
Your packets travel over the internet through other administrative domains that you do not control... What makes you think you have privacy there ?

Now if you want privacy get PGP/FreeSWAN/isakmpd/etc. and make it so your packets have no meaning to any but the destination. Until then NEVER assume you have privacy...

Carnivore is one place open source ain't great

[btempleton]

Sad to say, while there were many compelling arguments for open sourcing Carnivore so that the public could see if the FBI's boxes could be trusted, there is a major downside.

You've just given Carnivore tools to the Chinese, The Iraqis and all the other oppressive governments of the world. Even though buying a network sniffer and configuring it was within their power before, this makes it easier.

And whatever fears I may have (and they are many) about the U.S. government and its agents abusing their powers, they are nothing compared to the fears I have about those other powers.

What we needed was two things. One was source review of the boxes the goverment uses by a wide range of trusted people, and two was a free as in free beer tool for U.S. ISPs so they can use it as an excuse to refuse a carnovore box on their ISP in the first place.

Re:Carnivore is one place open source ain't great

[swordgeek]

In a word, BULLSHIT!

Why do you think that espionage is still a booming practice in the world? Because it's a great way for "them" to steal "our" technology! They've already got it, my friend!

Besides, Carnivore was never a secret from governments--just from citizens. What good purpose is there in keeping it secret from a country's own populace.

Re:Carnivore is one place open source ain't great

[btempleton]

Because it's never a black and white, 1 and 0 matter. We like open source software because the users maintain it and keep it high quality, and we can fix the bugs in it. We can also be more confident in its security if we compile it ourselves.

But this is one piece of software I don't want to be easier to use, and maintained at higher quality. Most of us are never going to use it ourselves.

But I do want to be sure it's not got hidden holes, so there is a dilemma. But the right answer may be in some mix, not the pure open source model.

And you're dreaming if you think the spooks who take and enhance this software here or elsewhere are going to contribute back their modifications, GPL or no GPL.

Re:Carnivore is one place open source ain't great

[btempleton]

That's not quite true. In many regimes the network centers are still run by private individuals and even corporations. Many totalitarian states still have private companies.

The question is how easy do we make it. I don't know about this GNU carnivore but one thing FBI's Carnivore/DCS1000 does is track DHCP and radius traffic so that it associates IP addresses with real userids. Not something you can as easily do with a standard router.

Instead of writing tools to make it easy to snoop, we should be writing opportunistic crypto tools to make it harder.

Re:Carnivore is one place open source ain't great

[btempleton]

Of course. The question is, why make it easier for them? Half of why we want open source is to make our programs better. We don't want these privacy invading programs to be better and easier to use! That's quite different from our goals on most packages.

We do want to be sure that they aren't snooping on us improperly, and some feel that if they are open source, that means we can check for that sort of thing. But in fact, that's possibly a big mistake.

We can verify that the open source version is OK, but as you point out, there are people who can modify the code. And it's a lot easier to take the open source snooper and add patches to it to take out the safeguards than it is to write one without safeguards from scratch. This is really quite different from the goals of open source.

The people who take out the safeguards won't tell you they did it, nor will they contribute their patches. Nor will they follow the GPL.

When the FBI shows up with a DCS1000 Carnivore, they just attach a black box to your ethernet. They claim it's even wired so it can read, and not write, to your ethernet. But you don't get to inspect it, or check MD5s on the binaries to assure they were inspected to behave well.

Now, I like the idea of a free tool for ISPs so they can install it to comply with warrants and thus refuse the police black box. But what advantage is gained by that being open source. It would be nice if it's free to the ISPs, with source available if you sign a contract, but that's about it.

I'm also concerned that since secuity at ISPs is not super high (some run IIS for chrisakes) that it's not that hard for anybody, even a script kiddie to break in to a machine on my ISP's ethernet, and then get another script based on this open source snooper you want to snoop me. Forget the feds, these guys are worse.

So I want to work to encrypt all my traffic but I can't yet, so I hope to not make it easier for the snoops.

Not that it should be illegal or anything to release this package. I just want to argue that it's not a great idea. It doesn't match the reasons we like open source.

Re:All net traffic now under Carnivore surveillanc

[Arandir]

There is absolutely no privacy left on the Net any more. None. Keep that in mind when you rant. That's what crypto is for.

PGP, GnuPG, or whatever public key crypto you use, enables you to sign, verify, encrypt or decrypt documents. That's it. It's not an anonymizer. You can use them to keep your personal communications private, but they're useless for public posts on Slashdot. What good's a post on Slashdot that no one can read?

Now a PGP based mailing list would be a very Good Thing(tm). Encrypt your messages to the list server, which then sends it out encrypted for each subscriber.

Ha!

[DrCode]

eythay illway evernay igurefay isthay outway!

Re:All net traffic now under Carnivore surveillanc

[ConsumedByTV]

Doesnt it seem just a little creepy that they (http://www.bsa.org/)have a globe with a (C)opy right sign on it?

Why You Should Use Encryption

[goingware]

C'mon, even my Aunt Peggy understands that gentleman don't read each other's mail.

• Why You Should Use Encryption

Fickle

[KFury]

Wow, 45 days from seeing Carnivore as a horseman of the apocalypse to striving to make a more effective open source version.

But is it "art"?

[Jamie+Zawinski]

I did this better in webcollage years ago. But of course I didn't call myself an Artist Collective, and I didn't put out a press release, so no article in the Times for me, darn. I guess that's why webcollage is a ``hack'' rather than an ``art project.''

I swear, one of these days I'm gonna apply for a federal grant to hack on xscreensaver . I've seen people get money for worse things . All you have to do is swallow your sanity and gag up an artist statement of some kind, and the literati will take you seriously: if you cloak it in pretentiousness, the most trivial piece of eye candy can become a Serious Work, full of Insight And Meaning!

The problem with art is artists. My goal has long been to eliminate the artist from the creative process.

Doing the work for them...

[supabeast!]

Is it just me, or would anyone else be entirely unsurprised if the FBI discontinues development of carnivore and its successors, and swtiches to GNU carnivore? After all, now they have a similar application developed by experts all over the world, and they can review all of the code for backdoors. Hell, I can see governments all over the world picking up this program and abusing it to the detriment of humanity worldwide. I hate to say it, but this is one project that I wish had never happened, and will not miss if it dies out.

Did anyone read the post or the web site?

[jacobito]

This isn't an "open source version of the FBI's Carnivore," and it's not a "GNU Carnivore." It's an art project inspired by the FBI's Carnivore, and it has nothing to do with monitoring internet usage or violating anyone's privacy. Basically, this Carnivore project serves up data culled from tcpdump, and then clients use the data to generate intriguing and sometimes beautiful audio or visual art. Go check it out; it's very cool.

Re:This is too freakin' scary

[sqlrob]

If you freely give something to the government, there is ZERO Constitutional protection on that information.

The Constitution (4th) just says the government can't take information from you. Doesn't say a damn thing about what they already have.

Kindly tell me where in the Constitution it says that they can't freely publish your tax records for example.

The 9th and 10th are the only ones that can remotely be considered protecting privacy, but those aren't enforced worth crap.