FBI Retires Carnivore

According to SecurityFocus:

FBI surveillance experts have put their once-controversial Carnivore Internet surveillance tool out to pasture, preferring instead to use commercial products to eavesdrop on network traffic, according to documents released Friday.

Of course, they're not giving up on Internet surveillance. They've just realized that commercial tools are better, cheaper, or both.

Posted on January 24, 2005 at 8:00 AM • 9 Comments

Comments

Davi OttenheimerJanuary 24, 2005 12:06 PM

It's especially interesting to read the memos that EPIC obtained through the FOIA. For example, this one discusses how FBI agents dealt with a major failure of Carnivore:
http://www.epic.org/privacy/carnivore/fisa.html

Compare the thirteen uses of Carnivore over two years to the commercial use of wire-tap software, which seems to literally happen on a daily/hourly basis.

It must have been obvious to the FBI agents trying to get their job done efficiently and effectively that they were better served by tools more thoroughly tested and baked. Makes me wonder how Google would stack up against Echelon.

Alas, since employees generally give up their rights to privacy when they sign-on with an employer, and since companies must actively investigate their own communications to reduce "loss", the fertile test-bed for wire-tap development (e.g. IDS) is obviously not behind closed doors in DC.

And although open-source might have been the answer to problems with Carnivore, it is probably a stretch to expect the FBI to move that quickly towards the future. I do not know about you, but I have not seen much response to what many people on SecurityFocus suggested as an "alternative" to Carnivore in 2000 (http://downloads.securityfocus.com/tools/altivore.c)

Instead, I think we are seeing a gravitation towards "whatever an ISP has already installed to collect data", and/or large "commerical" espionage firms such as Cyveillance.

The Cyveillance bots (63.148.99.0/24), if you watch your logs, operate without any regard for privacy whatsoever. They seem designed specifically to hide themselves while they touch and pull whatever data they can, ignoring net etiquette (robots.txt) and reasonable attempts/requests to stop them. In terms of commercial interests they have indicated they are even monitoring all IM and P2P traffic (i.e. RIAA and MPAA), so it just seems like a logical place for an FBI agent to start an investigation.

Davi OttenheimerJanuary 25, 2005 1:31 PM

Another twist on this same issue has been reported today by the Register:

http://www.theregister.co.uk/2005/01/25/fbi_cybercrime_conf/
"'With Hotmail and Yahoo! you can't get data using RIPA [the Regulation of Investigatory Powers Act] because information is stored in the US,' [FBI special agent] Gibson said." He suggested "the lack of a workable code of practice is a significant obstacle for net investigators. Police can still get the information they need but the legal process can take between four to six months."

A four month delay? That would surely mean little if any chance of getting complete logs. Moreover, it is a natural human response to shrink our data retention periods when government agencies rattle their sabres and say they have jurisdiction over our stored data (e.g. the infamous community library response to the Patriot Act).

So as the ISPs reevaluated their log retention periods in light of gov't regulations, my guess is that the FBI will continue to find useful information stored in commercial monitoring databases that literally harvest everything on the net and store it indefinitely...ala Cyveillance.

Perhaps Privacy advocates will help clamp down on this issue of caching/tracking, which will lead us back to the regular dilemmas of responding to warrants and "broad-based" requests for stored data:
http://seclists.org/lists/nmap-hackers/2004/Oct-Dec/0004.html

It might not be long before people say, "I remember the good-old days when the FBI used Carnivore thirteen times in two years and was worried about protecting my freedom. Now I have to worry about a thousand companies all trying to monitor me and sell the data or turn it over to the feds".

Clive RobinsonJanuary 26, 2005 8:55 AM

The thought occurs to me that by "Commercial Products" they could well be sub contracting out to the same quasi legitimat businesses that the Adware people get to write their rather invasive stuff...

It has a rather nice "plausable deniability" about it that would be almost to good to resist.

Karsten W. RohrbachJanuary 28, 2005 7:26 PM

David: the network you quote (63.148.99.0/24) is assigned to GE Power Systems it seems. Coincidence, purpose, or typo?

GE POWER SYSTEMS PO# 182007122 Q0924-63-148-99-0 (NET-63-148-99-0-1)
63.148.99.0 - 63.148.99.31


Regards,
/k

Davi OttenheimerJanuary 29, 2005 6:54 PM

@Karsten
It's Davi, not David.

Check your logs and watch for "Mozilla/4.0 (compatible; MSIE 5.05; Windows NT 3.51)". The Cyveillance bots look like bots, but they openly lie about their true identity and ignore robots.txt...it's just like an attacker faking their identity and barging past the basic deadbolt on your door.

My typo on the range. Here's where they are registered:
63.148.99.224/27
65.118.41.192/27
216.32.64.0/24

I wouldn't worry solely about the IP ranges, however. Software is rarely tied to IP, and so the issue becomes the regulation over unrestricted mining by bots, which obviously can be distributed and installed anywhere. Some bots might be designed for DDoS, some to monitor data and index results for commercial interests that are a front for government agencies or worse.

As they say on their site:
http://www.cyveillance.com/web/solutions/issue/cyber_threats.htm
"The open source nature of the Internet poses threats to corporations that can take many forms. Activists use the Internet to plan rallies and boycotts. Hackers exchange information about a company's network vulnerabilities. Employees disclose confidential information. And, personal information about executives is widely distributed."

The next line might as well be..."Who you gonna call?"

Gary VizzoFebruary 15, 2007 5:22 PM

Here is a message I have just sent to Representative Henry Waxman largely concerning the recent legislation on protecting whistle-blowers and related but also focused on continuous data harvesting on American citizens... whether it is truly legal or not and the concerns it poses for our rights to privacy...obviously I don't hide much : ), but I don't like other Americans to think they have a right to monitor me routinely, and judge in a quasi-official capacity (getting paid by our government ) the patriotism, or correct thinking, of my points of view:

Dear Mr. Waxman

Does this piece of legislation address well the possible issues of improper government or contracted "big brother" type surveillance, continuous, of just citizens (not only present government employees) who blow the whistle or voice concern (such as newspeople, Cindy Sheehan and many, many other private American citizens have done recently ) about the behavior or inefficient work practices of some government workers or offices?

I did this, a critique, this past summer concerning an INS / ICE issue to which I have been personally connected and, since that time, an apparently U.S. government, taxpayer-paid company [Cyveillance in Arlington, which is reported, see Google for Cyveillance, as operating, for at least some of its business, under some DHS and/or other government agency contract (s)] has been regularly (monthly) monitoring a Web site I created, www.SebastienFreard.com, and on which I placed, voiced my thoughts and criticisms (… which I thought are protected and that I had the right, even the duty, to voice via our constitution and bill of rights ) and has even been intermittently monitoring other websites of mine, such as www.eRepublic.org, that have nothing to do with my INS/CIS critique.

Is this type of activity permitted under the new legislation, or even under past law…is it presently allowed for taxes dollars be spent on watching, without an apparent end, citizens who question the behavior, functioning, efficiency of government officials and offices? That is, should people who point out what they believe are problems ( rightly or wrongly ) be subject to continuous government or government contracted, private company watch when they themselves have done nothing wrong other than demanding what they believe is better performance by government workers and agencies.

Apart from obvious concerns and likely questions of legality, what would prevent a private company from offering this information, about someone or their works being monitored by the federal government, to other companies who may find a avenue to profit from this information.

I would think this behavior by the government, or those operating with government support or direction, violates my rights, even when just monitoring freely available information on me or related to me…at least when the monitoring is continuously done and nothing unlawful has been attributed to the subject, me in this case??

I have put in a number of years of service to my country and I frankly do not appreciate others who may presently be in power or have a role to play in the operation of OUR government presuming that they are perhaps more patriotic than the average citizen and deeming that they have right to do pretty much what they desire...above my rights.

I have in the past taken the same oath to defend and protect the constitution, as others working for the government have ( likely though not most of the people working at Cyveillance ) and I do believe that my writing this note is one example of my efforts to do so.

Best,

Gary Vizzo
622 South Queen Street
Martinsburg, West Virginia 25401

ps: please know that concerning the issue (s) mentioned on the Web site for my step-son Sebastien Freard, Senator Byrd's office has been a positive element of note, certainly in my mind and I believe strongly so in actual fact, for better assuring Sebastien's case has been handled properly, within the legal regulations.

Gary VizzoFebruary 18, 2007 4:47 PM

I posted the above that was about, in large part, Cyveillance and its apparent domestic surveillance activities on the 15th. of Feb. and guess who visits previously unvisited, if my memory serves me well, websites to which I am connected on Feb. 16th.??

www.vizenterprises.net, www.eDemocrat.org and eCrat.com were all visited on Friday Feb. the 16th by Cyveillance ( 65.222.176.123; 65.222.176.124 ). Apart from Cyveillance, these sites saw an blip of other non-usual visitors...one new visitor, turnitin.com (labeling itself a site for plagiarism prevention) seemed to be abnormally interested in the eCrat.com site.

How much would you bet that turnitin.com is contracted for services to Cyveillance...or at least does work for them on an order basis from time to time. If either (Cyveillance or turnitin.com) is searching for plagiarized text ( as turnitin.com says is amongst its fortes ) then I say bring it on "big brother".

In researching Cyveillance and its activities on the Web, I have noticed that many have complained but I have seen no other efforts to take this type of activity / issue before groups like Congress, ACLU, internet openess grassroots type movements, etc...maybe its time and this (freedom of speech, privacy rights, domestic spying, freedoms in the internet forum, etc... however you want to label it) should be an issue of one of the many people who are putting themselves forth to become the next President. I think it's serious.

For the moment, to help maintain free speech and open democracy, and to keep Cyveillance busy in their endeavors...earning their taxpayer money, I suggest all Web site owners, bloggers worldwide make mention of Cyveillance on their sites.

Just posted the following to my stepson's site that may be found as a bit of a battle cry, not to seem too melodramatic : )...I don't care what Cyveillance does regarding work on TM stuff and related but these guys need to stop, be stopped by the appropriate authorities on what they are doing with respect to invading the privacy of American citizens, or domestic surveillance:

Added yesterday ( 02172007 ) to the www.SebastienFreard.com website:

A bit of side note:

As I haven't listed anything new on this site for many, many months but the company Cyveillance, apparently under contract, and/or wishing to sell information to the federal government, continues to visit it around the first week of very month, I thought they may like to see something on it that's new

Also, having passed much time, as somewhat indicated elsewhere on the site, in countries where freedom of speech and the exercise of democracy were not always permitted, having seen too often coups d'etat and the new forces immediately, first thing on the agenda, taking over control of the means of communication ( the few television and radio stations ), I feel a special need to do my small part in defending freedom of speech in my own country, and, by our model, around the world.

Additionally, my ancestors, from the Amercian revolution, during the civil war, in WWI and WWII did their part to protect and defend America, the Constitution and principles of democracy; so... I think I own them, every chance I get, a minor bit of service, during my generation, toward this end also : )

GregJuly 25, 2010 5:25 PM

Even if they did cut out Carnivore, they probably have several better, stronger, faster projects under development to stay ahead of the legislation.

What I would like to know is why there is so much emphasis on internet intelligence gathering when the Iraq and Afghan wars, not to mention the War on Terror, have shown our human intel stinks. Shouldn't that have increased priority?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..