Carnivore:Internet Wiretapping

MADHAVI MISHRA

PRIYANKA VIKRAMADITHYAN

MANSI SINGH

PRESENTED BY

Introduction

• Needs of the Law enforcement agencies

• Individual's privacy concerns

• Emerging technology

Goals

• To inform about the current technical, government, and public opinion state of U.S. Internet wiretapping policy through a case study of the FBI’s Carnivore system

• To discuss concerns about the current state of U.S. Internet wiretapping policy

• To propose changes to improve the U.S. system of Internet wiretapping

Executive Background

When does the FBI use Carnivore?• The ISP cannot narrow sufficiently the

information retrieved to comply with the court order

• The ISP cannot receive sufficient information• The FBI does not want to disclose information to

the ISP, as in a sensitive national security investigation.

Executive Background

Full mode wiretap

• Case agent consults with the Chief Division Counsel, and a Technically Trained Agent.

Pen mode wiretap

• Case agent writes up a request with a justification for necessity

Executive Background

• FBI shows a judge the relevance of the information

• FBI shows a judge why traditional enforcement methods are insufficient

• FBI submits a request with information such as target ISP, e-mail address, etc.

• FBI waits 4-6 months

Hardware Architecture

• A one-way tap into an Ethernet data stream• A general purpose computer to filter and

collect data• One or more additional general purpose

computers to control the collection and examine the data

• A ‘locked’ telephone link to connect the computers

Hardware Architecture

CarnivoreHub

RemoteHub

Tap

Ethernet Switch

Other NetworkSegments

The Internet

Target

Bystander

Software Architecture

Functionality

• Filtering

• Filter Precedence

• Output

• Analysis

Software Architecture

Software Architecture• FilteringFixed IP Can choose a range of IP addresses.

Dynamic IP If not in fixed IP mode, one can choose to include packets from in either Radius or DHCP mode.

Protocol Filtering One can choose to include packets from TCP, UDP, and/or ICMP in either Full mode, Pen mode, or none.

Text Filtering One can include packets that contain arbitrary text.

Port Filtering One can select particular ports to include (i.e 25 (SMTP), 80 (HTTP), 110 (POP3)).

E-mail address Filtering

One can select to include packets that contain a particular e-mail address in the to or from fields of an e-mail.

Software Architecture

• Filter Precedence• Output

– .vor– .output– .error

• Analysis– Packeteer– CoolMiner

Software Architecture

• TapNDIS (written in C) is a kernal-mode driver which captures Ethernet packets as they are received, and applies some filtering.

• TapAPI.dll (written in C++) provides the API for accessing the TapNDIS driver functionality from other applications.

• Carnivore.dll (written in C++) provides functionality for controlling the intercept of raw data.

• Carnivore.exe (written in Visual Basic) is the GUI for Carnivore.

CONTROVERSIES

• Pen mode collection– Not strictly defined.– Low standard for obtaining a court order for the

interception of this information.– Reporting of pen mode interceptions is

minimal.

CONTROVERSIES

• Minimization of interception:– No formal definition of minimization of search

requirements.– The minimization process only has optional

judicial review.– No requirements on who conducts the

minimization.

CONTROVERSIES

• FISA interceptions:– No notification requirement, unless information

from the intercept will be used in a criminal trial.

– Completely confidential, the only information reported annually is the number of applications and the number of orders granted.

DISADVANTAGES

• Trust

• Ease of access

• Loss of ISP control

• Procedural

ANTIVORE

Antidote to Carnivore. Developed by Chain Mail Inc.-

software firm, Virginia,US. To secure corporate data. Used to encrypt users e-mail messages.

Technical Concerns

• Problems– Wrong goals– Bad implementation

• Hidden functionality

Technical Problems: Wrong Goals

• No structured development process

• No audit trails

• Limited security of data

Technical Problems: Bad Implementation

• Problems with high throughput

• Standard Ethernet v. Full Duplex

• Security of remote computer

• Thwarted by crypto

• RADIUS (analysis omitted from Illinois Report)

Hidden Functionality

• TapAPI provides 45 entry points callable from Carnivore.dll, only 22 are used.

• Commented out code: more sophisticated filters, real-time viewer, case tracking

Public Policy Proposals

• Trust

• Ease of access

• ISP control

• Public awareness

Technical Proposals

• Get goals right

• Open source code

• Tamper-proof the local data

• Provide secure remote configuration

• Auto-post logs to website

Conclusion

“If you’re talking to someone in the next bathroom stall, the government shouldn’t have to be able to listen in.”

– Robert Ellis Smith

Publisher, Privacy Journal

THANK YOU!!THANK YOU!!