Carnivore System – The newest Online Watchdog arrived. And departed.
The Carnivore System was the latest online-detection software used by the FBI.
The first system of its kind was presumed to be a program called ‘Etherpeek’. In 1997 ‘Omnivore’ was employed to scan through e-mail via specific internet service provider, capture it’s source code and save it to a tape back-up drive for later analysis.
In late 1999 Omnivore was replaced by the DragonWare Suite – a program that allowed the FBI to reconstruct e-mail messages, downloaded files or web pages. The Carnivore System is a component of the DragonWare Suite.
The DragonWare Suite is made up of three separate but interrelated parts:
# The Carnivore System, a Windows NT/2000 based application responsible for information capture – essentially a ‘packet sniffer’.
# Packeteer, a program that appears to be an application capable of reassembling packets into messages which can be read.
# Coolminer, an application that appears to have the ability for extrapolating and analyzing data.
How Packet Sniffing Works
Packet sniffing is nothing new. For decades computer network administrators have used this type of technology for network monitoring and to conduct diagnostic tests and repair problems. The kind of packet sniffing that is employed by the Carnivore System basically means that Carnivore is able to see all kinds of information as is passes over the network it is linked with. As the data moves across it Carnivore is able to ‘sniff out’ each packet of information.
In the scheme of things a computer usually only examines a packet of data that corresponds to the computer’s address but with a packet sniffer you set the network interface to ‘promiscuous mode’. In this case it examines ALL available information passing through it. The main domain server is a watchdog for all transmitted data.
Two methods of packet sniffing are used: Unfiltered packet sniffing, capturing all packets of information and Filtered packet sniffing, which captures only specified data.
As the data passes through the carnivore system it is copied and stored in memory or on a hard drive. The copies are then able to be studied and the information analyzed. As soon as you connect to the internet, you ‘sign on’ to a network that is under the watch of your ISP. This network can communicate with other networks and in short forms the basis of the internet.
If a packet sniffer is located at a server owned by your ISP, it has the potential to gain access to:
# The web sites visited.
# What is searched for on the site.
# Your e-mail recipients.
# The contents of your mail.
# Any files you download.
# A list of your audio, video and telephony options.
# A list of visitors to your website.
Packet sniffers, like Carnivore are often used by ISP’s as a diagnostic tool for their systems, so it is in fact a well-known form of technology.
Packet Sniffing & High Tech Eavesdropping
How Does Carnivore Work?
Imagine if you will that the FBI suspects a person or parties of criminal activity and that they have been given the power to perform a full-content wire tap of e-mail traffic (all data may be captured and analyzed).
* Step 1: The FBI will contact the appropriate ISP and ask for a copy of the back-up files of the suspect’s internet activity. * Step 2: A Carnivore computer is set up at the ISP and the suspect’s activities are monitored.
This computer is comprised of:
* A Pentium III Windows based NT/2000 system with 128 MB of RAM or later models.
* A commercial software application for communications.
* A C++ application which will work with the communication programme for packet sniffing.
* A system that will require a passcode to gain access to the computer.
* Network Isolation devices that render the Carnivore System invisible to any other program on the network.
* A device for data storage such as a removable hard drive
* Step 3: The Carnivore is configured to include the IP address of the suspect, and ignore all others.
* Step 4: Carnivore makes a copy of all the data transmitted from the system.
* Step 5: The copies are passed through a filter that retains only the e-mail data packets.
* Step 6: The data is saved to a removable hard drive.
* Step 7: The FBI will make a regular visit to the ISP and remove the hard drive and replace it with a new one. This data is kept in a marked, sealed container and dated.
* Step 8: By law, this type of surveillance must be completed in one month (failing an application for extension). The system is then removed.
* Step 9: The data is analyzed using Packeteer and Coolminer and if enough evidence is obtained it can be used in a case against the suspect.
What About Our Privacy?
The Carnivore System is mainly used in cases where one of the following is suspected:
* Terrorism
* Child pornography/exploitation
* Espionage
* Information warfare
* Fraud
Most of us are completely safe from privacy violations since the Electronic Communications Privacy Act (ECPA) ensures that we are legally protected against unfair electronic infiltration. A court order is required for any operation of this type and probable cause MUST be established before it is granted. If you are on the straight and narrow you will have nothing to fear from the FBI’s use of the Carnivore System.