Feeds

How Carnivore works

Not nice....not at all nice

  • alert
  • submit to reddit

Internet Security Threat Report 2014

The FBI's notorious Internet traffic sniffer Carnivore includes a handy, idiot-proof GUI interface enabling nosey Feds to capture and examine a broad range of what passes through, from headers alone to full-bore content retrieval, which is pictured in the Justice Department's final assessment from the IIT Research Institute and the Illinois Institute of Technology Chicago-Kent College of Law (IITRI).

The 'IP addresses' field conveniently accepts settings for particular IPs or IP ranges; and the 'protocols' field accepts settings enabling Feds to choose among TCP (transmission control protocol), UDP (user datagram protocol) and ICMP (Internet control message protocol) retrieval, each one separately configurable for 'full retrieval', 'pen mode' (headers only) and 'off'.

Another option enables Fed-defined text-string inputs to be searched (e.g., say an e-mail contains the string, "blow up the President's motorcade". It is not clear whether there is a lockout to prevent text-string scanning when the device is running in pen mode.

Particular ports for SMTP (simple mail transfer protocol), POP (post office protocol), HTTP (hyper-text transfer protocol) and FTP (file transfer protocol), can also be chosen freely with the interface, as can port ranges.

The machine accommodates both DHCP (dynamic host configuration protocol) and RADIUS (remote authentication dial-in user service) connections, though one assumes from the layout that the Feds need to know which they're dealing with ahead of time.

The actual Carnivore box as installed at an ISP lacks a monitor and a keyboard, which one hopes might discourage bored administrators from mucking about with it. The data it captures, and its configuration, are dealt with off-site by an FBI geek operating a control machine linked to the bare-bones box via a (hopefully secure) telephone link.

Privacy questions remain

As for the chief privacy concern, that Carnivore can easily be misused by overzealous Feds examining more data than their court orders permit, the IITRI report offers little in the way of reassurance. Basically, we have to trust the Feds not to abuse it.

With that sticky issue in mind, the report goes to pains to emphasize the way responsibility is divided among 'case agents' who try to get the thing installed, and the geeks who actually operate it.

"Case agents establish the need and justification for the surveillance. A separate team of technically trained agents installs the equipment and configures it to restrict collection to that allowed by the court order," the report notes.

"In the case of Carnivore, all installations have been performed by the same small team. Case agents are motivated to solve or prevent crimes, but technically trained agents are motivated by FBI policy and procedures to ensure that collection adheres strictly to court orders and will be admissible in court as evidence."

In other words, the Bureau's geeks are going to provide the primary fail-safe against abuse, motivated by their natural civic piety and concerns that the collection of excess information would jeopardise a prosecution.

"Potential criminal prosecution of agents involved in over-collection provide further....controls protecting against misusing Carnivore," the report states, but notes that "the statutory suppression remedy available for illegal interception of other communications in Title III is not expended to electronic communications."

So if the Feds were to over-collect using Carnivore, and use what they learned in the course of a prosecution, the data gathered would not automatically be thrown out as tainted evidence.

Another serious deficiency in Carnivore's privacy protection is the lack of any auditing mechanism for supervisors to check up on the actions of field agents.

"Carnivore operators are anonymous to the system," the report says. "All users are logged in as 'administrator' and no audit trail of actions is maintained."

So this gives the Feds total deniability in cases where over-collection might be proven. Not only is the over-collected data useful as evidence against the victim, there is no way to determine who in the FBI is guilty of violating his rights. Where no one can be identified as the culprit, the so-called remedies of civil or criminal action are pure window-dressing and entirely moot.

Very slick, and not at all nice. A true Janet Reno production in all aspects. ®

Related Stories

Congress peers deeper into Carnivore
FBI's Carnivore review is mixed
Researchers question Carnivore review

Providing a secure and efficient Helpdesk

More from The Register

next story
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.