Slashdot Mirror
Carnivore No More
wikinerd writes "FBI has retired the controversial Carnivore software, strongly criticized by privacy advocates for its email capturing abilities. However, it is believed that unspecified commercial surveillance tools are employed now. What does that mean for Internet users' privacy?"
Just more stuff hidden from view.
FBI has begun to install its less intimidating sounding "herbivore" software accross the globe. Vegetarians rejoice.
If they retired carnivore, it's likely only because now they have something "better".. or "worse" depending on how you look at it.
Don't Tread on Me
Instead, the bureau turned to unnamed commercially-available products to conduct Internet surveillance thirteen times in criminal investigations in that period.
How much does it cost? I'm really sick of paying for this crap.
fast as fast can be. you'll never catch me.
It means no change for Internet user's privacy, but confirms that the FBI weren't up to managing a large project, even in their core area.
Which leads me to the inescapable conclusion:
Privatize the FBI! I'm sure Halliburton would love that contract, but McDonald's would surely also be in the bidding. After all, who would suspect a few Ronald McDonalds wandering around the neighbourhood of being agents? Nobody, that's who! And by the time you notice their guns and badges -- TOO LATE, criminal!
Whence? Hence. Whither? Thither.
Clearly this is evidence that Carnivore ran on a Microsoft Windows and Itanium platform.
Can Carnivore read email that is SSL encrypted during transfer?
Check this little image from the article. "Carnivore's official logo shows bload-soaked incisors closing over a stream of data". EVIL!
It's a packet sniffer that reconstructs data (mail and web sites, as it seems from the article), not a boogieman! I agree, it can be a dangerous tool for privacy in the wrong hands, but still, it's not like you can just put it in your PC and start reading your neighour's mail.
They wouldn't have retired it unless they 1. Created a new app that supercedes it or 2. Found another way to retrieve the same information more effectively. Federal security agencies are kinda funny like that.
I think it is a very useful software and should be distributed publically. I mean if FBI can go through all my spam and junk and filter the non-sense, I will assume my tax dollars are working. And ofcourse these FBI will get something better to do than chasing UFOs. I am all for it. Come on FBI, please go through my emails before I come for work and sort the SPAM too.
.
I knew who my enemy was so to speak. Now we are fighting an unknown evil. Do you really think that FBI and NSA and giving up on snooping in the digitial age?
The thought that someone might be able to link me back the county singer websites I visit a work is scary. I need my anomity!
... oh, maybe I shouldn't say exactly what it means. :/
HaHaHaHa!
...hello new echelon iteration?
They didn't just give up a method of infiltration - that's just foolish.
no news here. move along. nothing has changed.
The FBI has announced that their universally criticized Carnivore system has been retired. Who wants to bet that it's just been renamed, and expanded with those "commercial" search tools? You are, since you're reading this. And if you're American, you're paying for the casino! Don't you feel safer, with the government lying to you for your own good, to protect you from the terror of $500M FBI projects that don't work?
--
make install -not war
It means that it's time to start encrypting your email. 4096 bit public key encryption should suffice. I can't believe this isn't more prevalent in today's world. We need WDIV Chopper News 4 to do an expose on how everyone is spying on your email. Maybe that would get the public's attention. What I'm surprised about is that AFAIK, none of the webmail providers support encrypting email. You could probably get the browser to encrypt it using Javascript or even with a Java applet. Anyway, having the option would be nice.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
You'd think they'd name it something like "Perfectly harmless investigating program that would never ever violate your privacy"
Calling it Carnivore was asking for an uproar.
in this article one of the things they note is "a rapid turnover among the bureau's information technology personnel." in addition to which they appear to have as many problems as any other large organization trying to manage their tech infrastructure.
Hmmmm. MS gets into the anti-spyware business, and the FBI suddenly decides it doesn't need its custom spyware anymore...
Sheesh, evil *and* a jerk. -- Jade
They budgeted quite a bit of hard cash to develop Carnivore...
so who is going to be held responsible for that wasted cash due to bad planning?
IMHO that's a ton of money that can be used for many useful things... it was taken from our taxes... and now just sits on some cvs server (assuming they save it).
That cash could have been used to pay for some armor for troops deployed in Iraq. Or perhaps fund development of improved airline security equipment... something that would be beneficial.
Why the hell did this get approved if commercial equivilants were in the works? What seriously ill planning went into that?
If the FBI were a company... heads would roll. This wouldn't be acceptable.
BTW: This page has a small image of the carnivore logo (for anyone interested).
The cat is out of the bag, and the dogs are running free.p g
V2.0 ?
http://static.stileproject.com/rnd/th2/eye02.j
Thank you eff.org
Peace
We have always been at war with Eastasia.
Carnivore relied heavily on a product called SilentRunner. SilentRunner was purchased by Computer Associates and given a new name, Network Forensics.
http://www3.ca.com/Solutions/Product.asp?ID=4856
It has the ability to decode email on the fly. I have the product and while it does have some "wow" factor, the usability and stability is atrocious. Another fine cobbled together product from CA.
What does that mean for Internet users' privacy?
... there will be less. Privacy, that is.
Same as it always does
The higher the technology, the sharper that two-edged sword.
Open Source it or give it abandonware status?
That would be fun!
FBI agents lugged it with them to ISPs that lacked their own spying capability.
Are people going to realize that everyone (good & bad & corporate) are spying on you? Or at the very least, they are logging everything you do.
Why doesn't MPAA & RIAA just get it over with and buy the rest of the ISPs?
If it is retired and non-commercial then they should release the source upon request, right? Right?
yes, Carnivore was opensourced in 2001 by a group calling themselves RSG. it was covered on slashdot. of course tcpdump is still better if all you want is to packet sniff, but this other version is good for realtime data visualization.
With GWB in office again, it's no longer needed.
http://www.cloudshield.com/
The box does operations on packet streams based on programmed rules. With the packet inspection capabilities it can do things like copy email packets to/from particular users and have them archived... From a 5Gps data stream.
I actually used to joke with a friend who worked there, saying they were building the next generation carnivore.
So ... the trick is to use some form of plain-text encryption that doesn't appear to be anything but a somewhat long-winded normal message discussing the weather or the latest playoffs.
Something like text based steganography (demo 1, demo 2)? Slashdot has covered steganography before.
To-do List: Receive telemarketing call during a tornado warning. Check.
http://www.cockos.com/assniffer/
E-Mail is just as secure as a postcard. Don't send secret information via either one.
Ever heard of Clearsight or AppDancer? Same product, they just changed their name. It's technically a network analyzer, but you can also "see" all sorts of network traffic.
You can watch an FTP session while it happens, telnet as well. You can listen in on SIP conversations, watch web pages be downloaded (not in a web browser but you can see what files they are and then click to see).
If it can do that, then you should not be surprised that it can also read e-mails, and the viewer mimics a standard e-mail client (so even the dumbest can understand what's going on).
Sure it'll do packed dumps like ethereal, et al. But if you take the packet dumps from another program and load them up in it, it'll reconstruct the network traffic and show you what went on.
Needless to say the first time I saw the program in action I about crapped my pants.
At roughly $5,000 dollars it's practically free to the government, runs on java, and any decent machine with a network card can run it. Any yes, it also works with wireless cards that can be put into promiscuous mode.
Is that they're using software that they have procured without any oversight by congress. Remember they had to pay millions for carnivore and it came under congressional oversight. Today they're probably paying less than a million and that's pocketchange in the DOHS budget.
If you're still concerned then write your congressmen that you dont believe the retirement of carnivore does not mean that they quit but are now more than likely using commercial software that is flying under the radar of congress.
If the FBI is willing to dump Carnivore, then that means they don't need it anymore and there must be another method they are using.
or so they want you to believe!
I'm sure the techies at FBI headquarters get lonely sorting through all the false positives these programs churn up. Instead of encrypting our email, I say include a friendly message for them. Hey, they're geeks too. (probably read slashdot)
First, make sure you include one or more key words, (pr3sid3nt, b0mb, j1h4d) then include a hello to the kind folks who snoop your correspondence for you.
Carnivore is not spyware in the accepted meaning of the word. It's installed in the ISP's computers and not in the users' desktops.
...how the very same community that creates tools for data capture and processing is scared about what someone else could do with it. At least they (the Feds) have to get a court order. What does Hacker Joe need? Nothing!
DOWN WITH AMERI... I hear a knock at the door...
Non impediti ratione cogitationus.
O/S vulnerabilties are dime-a-dozen (more like dime-a-million). At the risk of flame-fest and my excellent karma, this means SE-Linux and BSD too!
All FBI has to do is contract out a couple of spywares, adwares and L0pht-like Heavy Industries.
No further need for Carnivore.
For those who think that email encryption is the answer in this or that key, just remember...it wouldn't be "public" if folks at intel agencis couldn't already break it.
For those who don't like the idea of Big Brother, it's already here. Employers can now readily and fairly cheaply get your credit report before they even decide whether to interview you. Same goes for other background checks. It's not like this information was not available before, it's just much easier to gain access to it these days. And its going to get worse, not better.
On another level, there has long been the arguement that the Internet was beyond borders and therefore cannot nor should not have any government interferance. The net should police itself, etc. and so on and so forth. Free-for-all melees never end well for anyone. Yesterday there was an article about people giving up on the Internet because of all the spyware, spam, etc.. If I weren't looking for a different job, chances are I wouldn't even check my email on a regular basis unless someone IMed me or called me and told me they were sending something my way. I have relatively good anti-spam protection and still 90% of the stuff I get is crap. But I degress.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
So does this mean I might get funding for a F/OSS net scraper?
--- Location Unknown
the same thing that wiretap laws/capability have meant for the privacy of phone users for the last however many decades.
Evil is the money of root.
Does this mean I can fold up my tin hat and go outside again?
--
did not RTFA; because B) I assume its already been slashdotted, and B) because that is how *they* track you.
Privacy? What privacy?
Do you want criminals running your life?
Of course not!
But the world is full of criminals who want to run your life.
What you need is police, to protect you from criminals. Then there's the problem of police protecting themselves from criminals -- or not, as the case may be -- but that's another story.
-kgj
-kgj
You mean like we had privacy previously. First its the secret service like FBI that scans our mails, then its the mail server for finding spam or providing ads (Gmail anyone) and finally its our own ISP. Where does the question of privacy come in?!
Whatever happened to Omnivore, the open source Carnivore that was superior in every way?
[o]_O
and we would believe them why????
>
> perhaps they may have some ideas for your FBI
Where the fuck do you think we're running the live beta and the scalability tests? Soviet Russia? :)
I'm only half in jest. Soviet Russia was the alpha test for both the surveillance system and the sociopolitical system. It failed - two coups, and economic collapse.
China was the beta. It succeeded. One attempted coup - crushed instantly, because the Chinese learned how to deal with dissidents. Political stability is rock-solid, and economic growth is stellar.
The full system goes live, planet-wide, within 10 years. You're free to choose whether or not to buy in now, but it's a limited time offer.
I bought in because steak tastes better than dog food, a plasma-screen TV made by slave labor beats making plasma-screen TVs for $0.01/h, and because winning is just plain more fun than losing.
I kinda like your slogan. "Try China". I did. And I liked it.
was I modded down for stupidity, mentioning country music or both?
Sad thing is, you are absolutely right!
(moderators, hello?)
There is no privacy from the government..
THey have more resources then you can imagine, and they make the rules...
You might be able to keep things private from your neighbors, and small companies ( that arent your ISP ).. but that is about as far as it goes.
---- Booth was a patriot ----
I hate to break up this wonderful group hug of comments about the threat of government programs like Carnivore and the loss of privacy on the Internet, but I have to remind everyone that if you think you are important enough that the government has chosen to read your email from the billions that are sent across the world each day, then you are delusional. Also, everyone seems to forget that revealing information captured by Carnivore had to go through court approval first. Unfortunately the FBI's penchant for secrecy with programs like these only cause the hysteria of postings like those above to proliferate.
Dennis Bailey 612 Tivoli Passage Alexandria, VA 22314 mail@dennisbailey.com COO, Comter Systems Author of The O
But the world is full of criminals who want to run your life.
Sadly, most of them are people we elected.
"What you mean 'we', white man?"
- Tonto
-kgj
This unspecified commercial software doesn't happen to have an innocuous looking "pi" symbol in the lower corner, does it?
"Was it a millionaire who said 'Imagine No Posessions?'" -- Elvis Costello
I think they just used it to write a dialing program in case we wever find a stargate.
And someone told me I was full of it the other day when I said Carnivore was still around.
Howdy.
OK, all those who believe that the FBI conducted only 13 Internet surveillances during the 2 year period please turn in your Junior GI badges. What ever hapened to all those surveillance systems in New Zealand that used to be called Echelon? Have they been retired? Google up "echelon surveillance" for some interesting reading if your interested to see what's being watched on the Internet (or your phones for that matter). Now maybe Echelon is being run by the NSA or the CIA but bottom line, it's got a lot more teeth than Carnivore. Actually I'm OK with the surveillance, if it's used properly...but there's the rub.
would be a much better name...
Oh well, what the hell...
...it can be a dangerous tool for privacy in the wrong hands...
Which hands would be the *right* hands?
Microsoft is to software what Budweiser is to beer.
Forget the FBI. Everything you send that is unencrypted can be read by every tom, dick, and harry that manages the ISP or routers used to send your message, or even has access to loggin databases.
When you send an email or post in a forum somewhere, you might as well just assume that you scrawled it across your naked body in permanent marker and went streaking through the streets of your local city, passing through a CNN shoot.
That's how "private" you email is, long before the FBI enters the picture. So why should I care if they are lookign at my email - after all, everyone else is!
Encrypt your email if you have something to say you do not want everyone to know. But honestly how many of us really have anything that interesting to say? That's why I, as of yet, do not encrypt any of my own emails.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
God, you filthy commies...what's wrong with the government having the power to look into suspect communications? Sure, if you're some potsmoking patchouli-wearing snotnosed college brat downloading the latest copy of Gigli, this will suck for you. If you're a law-abiding, straightup person with nothing to hide, then it's all good.
Don't you understand how it works yet? As long as a congressthing brings home enough cash from Washington to satisfy the monied interests, he/she will continue to have a nice warchest come time for re-election. Since American voters are either to entrenched in the entitlements they receive, or they are just too stupid to understand what's going on, these people keep getting re-elected. It's a systemic problem- a cancer of sorts, and it will take something fairly significant to clean it up.
There's a big difference between John Q. Hacker, and perhaps some waywardly curious employee somewhere spying on what I do, and the government doing the same thing. Because the government makes and enforces the rules, it is held to a higher standard. That standard is elaborated in the 4th Amendment- there has to be a REASON for the the government to be looking at anyone's mail, and that reason must suggest that they have either broken the law, or there is good reason to believe that they are about to break the law. If neither exists, they have business looking at it, even if it's not "private".
I don't know where you are getting your news but there is an incredible amount of discord in China. Though currently its mainly linked with the Party's policy of internal colonialism as a means to exploit natural resources and develop transportation and electrification infrastrcuture. Peasants are being displaced in numbers not unlike Mao's programs and almost daily demonstrations, some quite large, are being held.