Ferry van Eeuwen
Carnivore, the FBI's controversial e-mail snooping program, is part of covert surveillance triad known inside the bureau as the "Dragon Ware Suite," according to recently declassified documents. The documents also outline how the Dragon Ware Suite is more than simply an e-mail snooping program: It's capable of reconstructing the Web surfing trail of someone under investigation. According to an analysis of the declassified documents by Security Focus, a California-based computer security firm, the Dragon Ware Suite can "reconstruct Web pages exactly as a surveillance target saw them while surfing the Web." Besides Carnivore, the Dragon Ware Suite includes programs called "Packeteer" and "Coolminer," the documents reveal. These latter programs are used to reconstruct the raw data scooped up in the initial phase by Carnivore. The FBI was forced to release documents relating to Carnivore as the result of a lawsuit brought by the Electronic Privacy Information Centre (EPIC). The suit was filed to force the bureau to comply with a Freedom of Information Act request the Washington-based privacy watchdog organization filed earlier this year.
Because many Internet Service Providers (ISP) lacked the ability to discriminate communications to identify a particular subject's messages to the exclusion of all others, the FBI designed and developed a diagnostic tool, called Carnivore. The Carnivore device provides the FBI with a "surgical" ability to intercept and collect the communications which are the subject of the lawful order while ignoring those communications which they are not authorized to intercept. This type of tool is necessary to meet the stringent requirements of the federal wiretapping statutes. The Carnivore device works much like commercial "packet sniffers" and other network diagnostic tools used by ISP's every day, except that it provides the FBI with a unique ability to distinguish between communications which may be lawfully intercepted and those which may not. For example, if a court order provides for the lawful interception of one type of communication (e.g., e-mail), but excludes all other communications (e.g., online shopping) the Carnivore tool can be configured to intercept only those e-mails being transmitted either to or from the named subject. For many, it is eerily reminiscent of George Orwell's book "1984."
Essentially, a packet sniffer is a program that can see all of the information passing over the network it is connected to. As data streams back and forth on the network, the program looks at, or "sniffs," each packet. Normally, a computer only looks at packets addressed to it and ignores the rest of the traffic on the network. When a packet sniffer is set up on a computer, the sniffer's network interface is set to promiscuous mode. This means that it is looking at everything that comes through. The amount of traffic largely depends on the location of the computer in the network. A client system out on an isolated branch of the network sees only a small segment of the network traffic, while the main domain server sees almost all of it. A packet sniffer can usually be set up in one of two ways:
In fact, many ISPs use packet sniffers as diagnostic tools . Also, a lot of ISP's maintain copies of data, such as e-mail, as part of their back-up systems. Carnivore (and its sister programs) may be a controversial step forward for the FBI, but it is not a new technology.
Packets that contain targeted data are copied as they pass through. The program stores the copies in memory or on a hard drive, depending on the program's configuration. These copies can then be analysed carefully for specific information or patterns.When you connect to the Internet, you are joining a network maintained by your ISP. The ISP's network communicates with other networks maintained by other ISPs to form the foundation of the Internet . A packet sniffer located at one of the servers of your ISP would potentially be able to monitor all of your online activities, such as:
In fact, many ISPs use packet sniffers as diagnostic tools . Also, a lot of ISPs maintain copies of data, such as e-mail, as part of their back-up systems. Carnivore (and its sister programs) may be a controversial step forward for the FBI, but it is not a new technology.