Presentation is loading. Please wait.

Presentation is loading. Please wait.

Carnivore: The Limits of Intrusion

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Carnivore: The Limits of Intrusion"— Presentation transcript:

1 Carnivore: The Limits of Intrusion
By Wael Eldashan Tony Provencio CSE 190 Swati Saparia Professor Karin Karen Yang

2 What Carnivore Is Carnivore is an FBI assistance program that helps ISP overcome technical difficulties when complying with court orders. It is a packet sniffer that eavesdrops on packets and watches them go by, then saves a copy of the packets it is interested in. It works as a passive monitoring system that does not corrupt the s that it monitors. The FBI is not allowed to put Carnivore on the network unless the ISP claims it cannot (or will not) comply with the court order.

3 What Packet Sniffers Observe
Which Web sites you visit What you look at on the site Whom you send to What's in the you send What you download from a site What streaming events you use, such as audio, video and Internet telephony Who visits your site (if you have a Web site)

4 The Process

5 Content-Wiretap A telephone "content wiretap" is where law enforcement eavesdrops on the suspect's telephone calls, recording the oral communications on tape. Carnivore can do similar things for Internet communication: capture all messages to and from a specific user's account capture all the network traffic to and from a specific user or IP address

6 Trap and Trace/Pen-Register
capture all the headers (including addresses) going to and from an account, but not the actual contents (or Subject: line) list all the servers (web servers, FTP servers) that the suspect accesses, but don't capture the content of this communication track everyone who accesses a specific web page or FTP file track all web pages or FTP files that a suspect accesses

7 Implementation: 1. The FBI has a reasonable suspicion that someone is engaged in criminal activities and requests a court order to view the suspect's online activity 2. A court grants the request for a full content-wiretap of traffic only and issues an order 3. The FBI sets up a Carnivore computer at the ISP to monitor the suspect's activity.

8 Implementation: 4. The FBI configures the Carnivore software with the IP address of the suspect to capture packets only from this particular location ignoring all other packets. Carnivore copies all of the packets from the suspect's system without impeding the flow of the network traffic. 5. Once the copies are made, they go through a filter that only keeps the packets and determines what the packets contain based on the packet’s protocol. The packets are saved to the Jaz cartridge.

9 Implementation: 6. Once every day or two, an FBI agent visits the ISP and swaps out the Jaz cartridge. The surveillance cannot continue for more than a month without an extension from the court. 7. The captured data is processed using Packeteer and Coolminer. If the results provide enough evidence, the FBI can use them as part of a case against the suspect.

10 Main Concerns: How (exactly) Carnivore works, and whether there are bugs that lead to privacy violations. How Carnivore can be misused by law enforcement. The privacy debate of wiretaps in general, and the changing rules of the Internet in particular.

11 StakeHolders: FBI Civil Liberties Groups Software Developers ISPs
Academic/Research Community Public Hackers

12 FBI: Carnivore Monitors…
Organized crime groups Drug trafficking organizations Illegal hackers Terrorists Child pornography/exploitation Espionage Information warfare Fraud

13 FBI: Checks On Implementation
Interception limited to certain felony offenses Applications must indicate that normal investigative techniques have been tried and failed/will not work/too dangerous Must demonstrate probable cause with particularity and specificity (i.e. offenses committed, place of interception, description of interceptions, persons committing offences)

14 FBI: Checks On Implementation
Subject to internal government controls ( i.e. FBI, DOJ) Penalties for misuse Exclusion of evidence and criminal and civil penalties

15 FBI: The Fourth Amendment
The Fourth Amendment States: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

16 FBI: Addressing these Concerns
The system must strike a reasonable balance between competing interests- the privacy interests of telecommunications users, the business interest of service providers, and the duty of government investigators to protect public safety. Requires warrant specifying who suspect is, what lines will be tapped, type of information to be seized Seizure of is held to higher standard than normal search warrants (requires Federal District judge or higher)

17 Civil Liberties Groups
ACLU The Cato Institute Electronic Frontier Foundation Muslim Groups EPIC

18 ACLU Carnivore is unnecessary
The Fourth Amendment is founded on the premise of distrust of law enforcement Allows for too much government intrusion in everyday lives

19 The Cato Institute What limits are we willing to accept on intrusion of our everyday lives? Some point to Israel’s so-called war on terror as an example of where the line could be drawn “They have decided to have armed soldiers on every other block, excruciatingly tight security at airports and in government buildings, racial profiling, tortures and lax standards for obtaining and using evidence against defendant. We ought to be aware of what the Israelis are doing and whether that’s the sort of thing we would do.” William A. Niskanen of the Cato Institute

20 EFF The use of packet analyzers on the Internet captures much more information from an individual than does the use of pen registers and trap and trace devices used on traditional land-line telephone systems The Carnivore system appears to exacerbate the over collection of personal information by collecting more information than it is legally entitled to collect under traditional pen register and trap and trace laws Systems like Carnivore have the potential to turn into mass surveillance systems that will harm our free and open society.

21 MUSLIM GROUPS Ibrahim Hooper, communications director of the Council on American-Islamic Relations, said he feared that with anti-Muslim feelings running high in the country due to September 11, Congress might respond with action that would diminish the rights of Muslim Americans. Secret evidence. “We’re getting reports every day of beatings, harassments, shots fired at mosques. We know people’s emotions run high but our rights are not subject to circumstances, but are inalienable.”

22 EPIC Carnivore disrupted anti-terror investigation
Internal memo calls over collection of data part of pattern showing inability of FBI to manage foreign intelligence wiretaps

23 SOFTWARE DEVELOPERS Stephen Mencik Robert Graham
Technical lead for Independent Review of Carnivore Robert Graham CEO, hacker, worked on destroying Morris Worm

24 CARNIVORE’S PREDECESSORS
1) They must obtain a warrant , that is limited "Pen Register" or "Trap and Trace" warrant. 2) Foreign Intelligence Surveillance Act (FISA). Circuit switching V. packet switching

25 Under the Patriot Act, the FBI’s Powers Have Been Expanded
First, warrants can be obtained under FISA if intelligence gathering is only a "significant purpose," rather than the "primary purpose." Because of this change, as long as intelligence gathering is a "significant purpose" of the warrant, evidence gathered by what could otherwise be unconstitutional methods might be used for a criminal investigation. Second, the Patriot Act specifically lowers the threshold for obtaining a full collection warrant for Internet traffic. Instead of needing probable cause as required by Title III, the FBI now only needs to show that the information to be gathered is "relevant to an ongoing criminal investigation." That is a much lower standard than showing probable cause that a crime has been committed. The third major change is that when a wiretap warrant is issued, the person whose communications are being captured is notified, though sometimes this notification is allowed to be after the fact. The Patriot Act now allows nearly any search to be made in secret. Finally, these changes made by the Patriot Act are not limited to surveillance of suspected terrorists, but apply to all surveillance cases.

26 DoJ Investigation During the fall of 2000, the Department of Justice contracted for an independent review of Carnivore to determine if it worked as described above. That review showed that some debate over what was allowed in Pen-mode and what was not. Where the review was critical of Carnivore was in the area of accountability. There was no audit capability for Carnivore. There was also no way to prove "chain of custody" for the evidence gathered. It also would prevent identifying which agent was at fault should Carnivore be used for illegal wiretaps. The review team made a number of recommendations for improving Carnivore, mainly in this area of accountability. It is not known if the FBI has implemented any of the recommendations.

27 ROBERT GRAHAM Encryption Altivore

28 ISPs: the Market Carnivore has the potential to slow down ISP performance and create a bottleneck at the point of interception: Customer dissatisfaction Law does not allow ISPs to disclose the reason for bottleneck

29 ISPs: Exposure to Liability
The Electronic Communications Privacy Act (ECPA) forbids an ISP from revealing certain information to the government in the absence of a valid court order. However, even when presented with a valid court order, an ISP may still be found liable if it believed the government's actions exceeded its authority and it did nothing to prevent it.

30 ISPs: The Hacker Problem
Attaching Carnivore to the system provides hackers with a new point of entry over which the ISP has no control Such an intrusion would violate their customer’s privacy

31 Public: The Rogue Agent Problem
Since there is no monitoring system for usage, it is easier to misuse the system and/or information. If one bad agent misuses Carnivore, it may endanger innocent people and the whole benefit for using it in the first place will be defeated

32 Public: Potential Mishaps
ISPs install Carnivore at a central location on their network and if installation or accessibility were compromised, it could interfere with a large portion of the Internet. Many feel that Carnivore puts the Internet in control of those who are concerned with surveillance and investigation rather than connectivity.

33 Public: Constitutional Violations
Fourth Amendment Concerns: “…no Warrants shall issue, but upon probably cause…and particularly describing the place to be searched, and the persons or things to be seized.” --Not enough specificity in request for warrant First Amendment Concerns: “Congress shall make no law abridging the freedom of speech…” --Potentially Limits Freedom of Speech

34 Public: Criminal Investigations
Give up some privacy in exchange for reducing criminal behavior Terrorism Child Pornography Organized crime groups Drug trafficking organizations Espionage

35 Hackers: The Backdoor Carnivore provides access to the pipeline it is monitoring making the system accessible through a username and password. It is impossible to trace the actions back to the individual who is responsible. In the past, hackers have penetrated the Air Force, the Pentagon, and many other high-profile government web servers. Carnivore provides Hackers with a new point of entry.

36 Hackers: Threats to Accessibility and Security
Spying Accessing people’s computers Slowing down websites and company servers Pass on a computer virus to thousands of people Stop access for thousands of people Access identity information, bank information, credit card information

37 Academic Community: Perceived Concerns
Compromised Privacy Law is slower than technology Leaves open interpretation of usage The information captured may not be comparable.

38 Academic Community : Interview: Tom Perrine
Currently: Computer Security at SDSC Background: Turned down FBI to do Independent Study of Carnivore Congressional Statement (Jul. 2000), regarding Carnivore Previous Work: Designed and developed systems to protect classified government information, deployed nation-wide security systems to protect privacy and intellectual property

39 Academic Community: Internet Is Different
The Internet Is Different From the Telephone: Title III allows for monitoring of telephones Carnivore settings can be changed easily and remotely Allows for broader scope than telephone

40 Academic Community: Our Individual Rights
“I have always been an advocate of personal privacy, unrestricted access to strong encryption, and less government oversight and intervention in the lives of law-abiding citizens.” Tom Perrine Understands and supports legitimate law enforcement monitoring of suspected criminals

41 Academic Community: Concerns
Carnivore is under constant development Impossible to know what current functions are built in Need better filtering capabilities No Auditing System for Agents Using Carnivore Insufficient logging of activities Review of the Source Code would not indicate filters applied at any given time

42 Legal Issues Carnivore has not been tested in court yet
Scope of Digital Evidence might be considered “hearsay” but falls under business record exception War Government in the past has put national interests ahead of individual rights

43 The Ethics Is it ethical to have citizens’ internet communications monitored for suspected criminal activity? Should international groups be subjected to US Law?

44 The Utilitarian Test Does Carnivore do the most good for the most people? If used properly, then yes. It is able to detect, and possibly prevent, crimes.

45 Additional Sources http://www.howstuffworks.com/carnivore.htm

Download ppt "Carnivore: The Limits of Intrusion"

Similar presentations

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
SEARCH AND SEIZURE: COMPLICATED BY TECHNOLOGY

SEARCH AND SEIZURE: COMPLICATED BY TECHNOLOGY
Lecturer: Miljen Matijašević Session 8, 7 May 2014.

Lecturer: Miljen Matijašević Session 8, 7 May 2014.
Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Searches.

Criminal Procedure for the Criminal Justice Professional 11 th Edition John N. Ferdico Henry F. Fradella Christopher Totten Prepared by Tony Wolusky Searches.
The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.

The Patriot Act And computing. /criminal/cybercrime/PatriotAct.htm US Department of Justice.
Chapter 17 Law and Terrorism.

Chapter 17 Law and Terrorism.
The PATRIOT Act and Libraries Abby A. Goodrum April 15th, 2005.

The PATRIOT Act and Libraries Abby A. Goodrum April 15th, 2005.
Big Brother Might be Watching. Agenda: US Patriot Act Copyright Infringement Social Media Packets.

Big Brother Might be Watching. Agenda: US Patriot Act Copyright Infringement Social Media Packets.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Chapter 15 Counter-terrorism. Introduction  United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.

Chapter 15 Counter-terrorism. Introduction  United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
Chapter 10 Privacy and the Police State. Governmental Intrusion into Individual Privacy Affects written and oral communications Data-GPS coordinates Fourth.

Chapter 10 Privacy and the Police State. Governmental Intrusion into Individual Privacy Affects written and oral communications Data-GPS coordinates Fourth.
Criminal Justice Process: the investigation – Chp 12 Arrest – Suspect taken into custody 4 th Amendment: The right of the people to be secure in their.

Criminal Justice Process: the investigation – Chp 12 Arrest – Suspect taken into custody 4 th Amendment: The right of the people to be secure in their.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Internet Privacy Jillian Brinberg, Maggie Kowalski, Sylvia Han, Isabel Smith-Bernstein, Jillian Brinberg.

Internet Privacy Jillian Brinberg, Maggie Kowalski, Sylvia Han, Isabel Smith-Bernstein, Jillian Brinberg.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
1 Chapter 15 Search Warrants. 2 Search warrants fall under the 4 th Amendment Search warrants fall under the 4 th Amendment The police must have “probable.

1 Chapter 15 Search Warrants. 2 Search warrants fall under the 4 th Amendment Search warrants fall under the 4 th Amendment The police must have “probable.

Similar presentations

Ads by Google