Slashdot Mirror
Carnivore No More
wikinerd writes "FBI has retired the controversial Carnivore software, strongly criticized by privacy advocates for its email capturing abilities. However, it is believed that unspecified commercial surveillance tools are employed now. What does that mean for Internet users' privacy?"
Just more stuff hidden from view.
FBI has begun to install its less intimidating sounding "herbivore" software accross the globe. Vegetarians rejoice.
If they retired carnivore, it's likely only because now they have something "better".. or "worse" depending on how you look at it.
Don't Tread on Me
Instead, the bureau turned to unnamed commercially-available products to conduct Internet surveillance thirteen times in criminal investigations in that period.
How much does it cost? I'm really sick of paying for this crap.
fast as fast can be. you'll never catch me.
It means no change for Internet user's privacy, but confirms that the FBI weren't up to managing a large project, even in their core area.
Which leads me to the inescapable conclusion:
Privatize the FBI! I'm sure Halliburton would love that contract, but McDonald's would surely also be in the bidding. After all, who would suspect a few Ronald McDonalds wandering around the neighbourhood of being agents? Nobody, that's who! And by the time you notice their guns and badges -- TOO LATE, criminal!
Whence? Hence. Whither? Thither.
Clearly this is evidence that Carnivore ran on a Microsoft Windows and Itanium platform.
Can Carnivore read email that is SSL encrypted during transfer?
Check this little image from the article. "Carnivore's official logo shows bload-soaked incisors closing over a stream of data". EVIL!
It's a packet sniffer that reconstructs data (mail and web sites, as it seems from the article), not a boogieman! I agree, it can be a dangerous tool for privacy in the wrong hands, but still, it's not like you can just put it in your PC and start reading your neighour's mail.
They wouldn't have retired it unless they 1. Created a new app that supercedes it or 2. Found another way to retrieve the same information more effectively. Federal security agencies are kinda funny like that.
I think it is a very useful software and should be distributed publically. I mean if FBI can go through all my spam and junk and filter the non-sense, I will assume my tax dollars are working. And ofcourse these FBI will get something better to do than chasing UFOs. I am all for it. Come on FBI, please go through my emails before I come for work and sort the SPAM too.
.
I knew who my enemy was so to speak. Now we are fighting an unknown evil. Do you really think that FBI and NSA and giving up on snooping in the digitial age?
The thought that someone might be able to link me back the county singer websites I visit a work is scary. I need my anomity!
... oh, maybe I shouldn't say exactly what it means. :/
HaHaHaHa!
...hello new echelon iteration?
They didn't just give up a method of infiltration - that's just foolish.
no news here. move along. nothing has changed.
The FBI has announced that their universally criticized Carnivore system has been retired. Who wants to bet that it's just been renamed, and expanded with those "commercial" search tools? You are, since you're reading this. And if you're American, you're paying for the casino! Don't you feel safer, with the government lying to you for your own good, to protect you from the terror of $500M FBI projects that don't work?
--
make install -not war
It means that it's time to start encrypting your email. 4096 bit public key encryption should suffice. I can't believe this isn't more prevalent in today's world. We need WDIV Chopper News 4 to do an expose on how everyone is spying on your email. Maybe that would get the public's attention. What I'm surprised about is that AFAIK, none of the webmail providers support encrypting email. You could probably get the browser to encrypt it using Javascript or even with a Java applet. Anyway, having the option would be nice.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
You'd think they'd name it something like "Perfectly harmless investigating program that would never ever violate your privacy"
Calling it Carnivore was asking for an uproar.
in this article one of the things they note is "a rapid turnover among the bureau's information technology personnel." in addition to which they appear to have as many problems as any other large organization trying to manage their tech infrastructure.
Hmmmm. MS gets into the anti-spyware business, and the FBI suddenly decides it doesn't need its custom spyware anymore...
Sheesh, evil *and* a jerk. -- Jade
Carnivore bites the big one!
Yeah, the "Crap Web Pages" filter on Google isn't working that well yet, it's still in beta: http://crapfilter.google.com/ .
They budgeted quite a bit of hard cash to develop Carnivore...
so who is going to be held responsible for that wasted cash due to bad planning?
IMHO that's a ton of money that can be used for many useful things... it was taken from our taxes... and now just sits on some cvs server (assuming they save it).
That cash could have been used to pay for some armor for troops deployed in Iraq. Or perhaps fund development of improved airline security equipment... something that would be beneficial.
Why the hell did this get approved if commercial equivilants were in the works? What seriously ill planning went into that?
If the FBI were a company... heads would roll. This wouldn't be acceptable.
BTW: This page has a small image of the carnivore logo (for anyone interested).
The cat is out of the bag, and the dogs are running free.p g
V2.0 ?
http://static.stileproject.com/rnd/th2/eye02.j
Thank you eff.org
Peace
We have always been at war with Eastasia.
Carnivore relied heavily on a product called SilentRunner. SilentRunner was purchased by Computer Associates and given a new name, Network Forensics.
http://www3.ca.com/Solutions/Product.asp?ID=4856
It has the ability to decode email on the fly. I have the product and while it does have some "wow" factor, the usability and stability is atrocious. Another fine cobbled together product from CA.
What does that mean for Internet users' privacy?
... there will be less. Privacy, that is.
Same as it always does
The higher the technology, the sharper that two-edged sword.
It means that the FBI is doing the same thing, except cheaper by buying off-the-shelf systems. Basically the same as what the military is doing.
I don't see this as very surprising, honestly, since it seems to be a trend throughout the government. I'm sure their policies on data retention and use are pretty much the same, just using FooSoft E-Mail Spy Gold Edition instead of their own proprietary software. Not particularly good or bad, just different.
Open Source it or give it abandonware status?
That would be fun!
I still i have my tinfoil hat on.
shhh someones listening
i think that FBI does not retire nothing !!! the carnivore will continue on and on and on.....
i dont trust in FBI , CIA, USA,.......
FBI agents lugged it with them to ISPs that lacked their own spying capability.
Are people going to realize that everyone (good & bad & corporate) are spying on you? Or at the very least, they are logging everything you do.
Why doesn't MPAA & RIAA just get it over with and buy the rest of the ISPs?
If it is retired and non-commercial then they should release the source upon request, right? Right?
yes, Carnivore was opensourced in 2001 by a group calling themselves RSG. it was covered on slashdot. of course tcpdump is still better if all you want is to packet sniff, but this other version is good for realtime data visualization.
With GWB in office again, it's no longer needed.
business as usual, just don't do anything stupid or illegal.
unspecified commercial surveillance tools are employed now Gator software??
This comment does not represent the views or opinions of the user.
http://www.cloudshield.com/
The box does operations on packet streams based on programmed rules. With the packet inspection capabilities it can do things like copy email packets to/from particular users and have them archived... From a 5Gps data stream.
I actually used to joke with a friend who worked there, saying they were building the next generation carnivore.
So ... the trick is to use some form of plain-text encryption that doesn't appear to be anything but a somewhat long-winded normal message discussing the weather or the latest playoffs.
Something like text based steganography (demo 1, demo 2)? Slashdot has covered steganography before.
To-do List: Receive telemarketing call during a tornado warning. Check.
http://www.cockos.com/assniffer/
E-Mail is just as secure as a postcard. Don't send secret information via either one.
Carnivore was FBI's answer to the capabliities that NSA has. The major part of patriot act I, is that it allowed the FBI access to the NSA's capabilities. There is no more need for carnivore, since NSA goes much much further.
Ever heard of Clearsight or AppDancer? Same product, they just changed their name. It's technically a network analyzer, but you can also "see" all sorts of network traffic.
You can watch an FTP session while it happens, telnet as well. You can listen in on SIP conversations, watch web pages be downloaded (not in a web browser but you can see what files they are and then click to see).
If it can do that, then you should not be surprised that it can also read e-mails, and the viewer mimics a standard e-mail client (so even the dumbest can understand what's going on).
Sure it'll do packed dumps like ethereal, et al. But if you take the packet dumps from another program and load them up in it, it'll reconstruct the network traffic and show you what went on.
Needless to say the first time I saw the program in action I about crapped my pants.
At roughly $5,000 dollars it's practically free to the government, runs on java, and any decent machine with a network card can run it. Any yes, it also works with wireless cards that can be put into promiscuous mode.
Is that they're using software that they have procured without any oversight by congress. Remember they had to pay millions for carnivore and it came under congressional oversight. Today they're probably paying less than a million and that's pocketchange in the DOHS budget.
If you're still concerned then write your congressmen that you dont believe the retirement of carnivore does not mean that they quit but are now more than likely using commercial software that is flying under the radar of congress.
If the FBI is willing to dump Carnivore, then that means they don't need it anymore and there must be another method they are using.
or so they want you to believe!
I'm sure the techies at FBI headquarters get lonely sorting through all the false positives these programs churn up. Instead of encrypting our email, I say include a friendly message for them. Hey, they're geeks too. (probably read slashdot)
First, make sure you include one or more key words, (pr3sid3nt, b0mb, j1h4d) then include a hello to the kind folks who snoop your correspondence for you.
Carnivore is not spyware in the accepted meaning of the word. It's installed in the ISP's computers and not in the users' desktops.
...how the very same community that creates tools for data capture and processing is scared about what someone else could do with it. At least they (the Feds) have to get a court order. What does Hacker Joe need? Nothing!
DOWN WITH AMERI... I hear a knock at the door...
Non impediti ratione cogitationus.
O/S vulnerabilties are dime-a-dozen (more like dime-a-million). At the risk of flame-fest and my excellent karma, this means SE-Linux and BSD too!
All FBI has to do is contract out a couple of spywares, adwares and L0pht-like Heavy Industries.
No further need for Carnivore.
For those who think that email encryption is the answer in this or that key, just remember...it wouldn't be "public" if folks at intel agencis couldn't already break it.
For those who don't like the idea of Big Brother, it's already here. Employers can now readily and fairly cheaply get your credit report before they even decide whether to interview you. Same goes for other background checks. It's not like this information was not available before, it's just much easier to gain access to it these days. And its going to get worse, not better.
On another level, there has long been the arguement that the Internet was beyond borders and therefore cannot nor should not have any government interferance. The net should police itself, etc. and so on and so forth. Free-for-all melees never end well for anyone. Yesterday there was an article about people giving up on the Internet because of all the spyware, spam, etc.. If I weren't looking for a different job, chances are I wouldn't even check my email on a regular basis unless someone IMed me or called me and told me they were sending something my way. I have relatively good anti-spam protection and still 90% of the stuff I get is crap. But I degress.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
So does this mean I might get funding for a F/OSS net scraper?
--- Location Unknown
the same thing that wiretap laws/capability have meant for the privacy of phone users for the last however many decades.
Evil is the money of root.
Does this mean I can fold up my tin hat and go outside again?
--
did not RTFA; because B) I assume its already been slashdotted, and B) because that is how *they* track you.
Privacy? What privacy?
Do you want criminals running your life?
Of course not!
But the world is full of criminals who want to run your life.
What you need is police, to protect you from criminals. Then there's the problem of police protecting themselves from criminals -- or not, as the case may be -- but that's another story.
-kgj
-kgj
i hear the goverment over there have lots of experience in "monitoring" its "public" networks
perhaps they may have some ideas for your FBI
You mean like we had privacy previously. First its the secret service like FBI that scans our mails, then its the mail server for finding spam or providing ads (Gmail anyone) and finally its our own ISP. Where does the question of privacy come in?!
They should have bought some P2P software companies instead. Imagine the possibilities.
Whatever happened to Omnivore, the open source Carnivore that was superior in every way?
[o]_O
and we would believe them why????
Google on "CALEA". A number of companies sell this stuff to various carriers, and it's not just for digital voice intercept anymore. I know -- I work for a manufacturer of the stuff. It really is pure evil.
NIKSUN is a prime example of one of the unspecified commercial apps that are being used for this kind of thing. think of it as TCPdump on crack.
The product is now Omnivore. Gobble gobble.
was I modded down for stupidity, mentioning country music or both?
So, you're saying it was getting a bit "long in the tooth?"
There is no privacy from the government..
THey have more resources then you can imagine, and they make the rules...
You might be able to keep things private from your neighbors, and small companies ( that arent your ISP ).. but that is about as far as it goes.
---- Booth was a patriot ----
I hate to break up this wonderful group hug of comments about the threat of government programs like Carnivore and the loss of privacy on the Internet, but I have to remind everyone that if you think you are important enough that the government has chosen to read your email from the billions that are sent across the world each day, then you are delusional. Also, everyone seems to forget that revealing information captured by Carnivore had to go through court approval first. Unfortunately the FBI's penchant for secrecy with programs like these only cause the hysteria of postings like those above to proliferate.
Dennis Bailey 612 Tivoli Passage Alexandria, VA 22314 mail@dennisbailey.com COO, Comter Systems Author of The O
But the world is full of criminals who want to run your life.
Sadly, most of them are people we elected.
"What you mean 'we', white man?"
- Tonto
-kgj
This unspecified commercial software doesn't happen to have an innocuous looking "pi" symbol in the lower corner, does it?
"Was it a millionaire who said 'Imagine No Posessions?'" -- Elvis Costello
I think they just used it to write a dialing program in case we wever find a stargate.
It means that the monitoring activities are now being doune outside of the federal government sphere - and hence are not subject to any oversight or limited by any privacy legislation.
If Carnivore has been retired, then it can only be for one reason: software developed by and for spammers/identity thieves/phishers etc to gather email etc either outperforms their own, or matches performance at a lower cost.
/. people, the lesson is the same as ever - encrypt, encrypt, encrypt. No matter what they are running, breaking a 2048-bit encryption key is far from trivial.
For the
And someone told me I was full of it the other day when I said Carnivore was still around.
Howdy.
OK, all those who believe that the FBI conducted only 13 Internet surveillances during the 2 year period please turn in your Junior GI badges. What ever hapened to all those surveillance systems in New Zealand that used to be called Echelon? Have they been retired? Google up "echelon surveillance" for some interesting reading if your interested to see what's being watched on the Internet (or your phones for that matter). Now maybe Echelon is being run by the NSA or the CIA but bottom line, it's got a lot more teeth than Carnivore. Actually I'm OK with the surveillance, if it's used properly...but there's the rub.
would be a much better name...
Oh well, what the hell...
However, it is believed that unspecified commercial surveillance tools are employed now. What does that mean for Internet users' privacy?
So, in other words, with Carnivore, the FBI had access to everyone's email, and now both the FBI and some private corporation have access to everyone's email? Big improvement guys! Go to the top of the class!
...it can be a dangerous tool for privacy in the wrong hands...
Which hands would be the *right* hands?
Microsoft is to software what Budweiser is to beer.
This is simple - everybody, their uncle and their dog starts planting keywords (you can surely figure these out yourself) all over their .sig files.... overloading the spy.vs.spy ware. What thinks the slashdotters of this?
The devils snake changes its skin, but it is still a devils snake. 666 lives!
Forget the FBI. Everything you send that is unencrypted can be read by every tom, dick, and harry that manages the ISP or routers used to send your message, or even has access to loggin databases.
When you send an email or post in a forum somewhere, you might as well just assume that you scrawled it across your naked body in permanent marker and went streaking through the streets of your local city, passing through a CNN shoot.
That's how "private" you email is, long before the FBI enters the picture. So why should I care if they are lookign at my email - after all, everyone else is!
Encrypt your email if you have something to say you do not want everyone to know. But honestly how many of us really have anything that interesting to say? That's why I, as of yet, do not encrypt any of my own emails.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
God, you filthy commies...what's wrong with the government having the power to look into suspect communications? Sure, if you're some potsmoking patchouli-wearing snotnosed college brat downloading the latest copy of Gigli, this will suck for you. If you're a law-abiding, straightup person with nothing to hide, then it's all good.
Everything the FBI tells you is true.
Don't you understand how it works yet? As long as a congressthing brings home enough cash from Washington to satisfy the monied interests, he/she will continue to have a nice warchest come time for re-election. Since American voters are either to entrenched in the entitlements they receive, or they are just too stupid to understand what's going on, these people keep getting re-elected. It's a systemic problem- a cancer of sorts, and it will take something fairly significant to clean it up.
There's a big difference between John Q. Hacker, and perhaps some waywardly curious employee somewhere spying on what I do, and the government doing the same thing. Because the government makes and enforces the rules, it is held to a higher standard. That standard is elaborated in the 4th Amendment- there has to be a REASON for the the government to be looking at anyone's mail, and that reason must suggest that they have either broken the law, or there is good reason to believe that they are about to break the law. If neither exists, they have business looking at it, even if it's not "private".