Carnivore: A System Admin's Concernsby Mike DeGraw-Bertsch
You've probably read a good deal about Carnivore, and know that the FBI's scheme to grab and save the Internet traffic (email, web page requests, newsgroup posts) of suspected criminals has drawn the wrath of civil libertarians.
System administrator's are already familiar with the technology Carnivore emulates, and it's worth noting that the power it grants federal authorities -- the ability to grab and read a user's Internet traffic -- is already in the hands of system administrators. Apparently, we trust ourselves and our fellow system administrators more than we trust the Feds, even though the FBI needs a court order to access this information while the average administrator only needs a few spare minutes.
The technology behind Carnivore is not especially sophisticated. Carnivore is essentially a packet-sniffer with a bunch of built-in filters. A packet-sniffer is a tool that captures, or "sniffs," the traffic on a network.
Carnivore's filters ensure the system is complying with the court order under which it operates and only the allowed communications are intercepted. The FBI sets one filter, so only the suspect's data is captured. Other filters then limit the types of data that can be captured -- email, web pages, whatever. Finally, even more specific filters are set to look for certain keywords, or communications from specified parties.
If this works correctly, it means the FBI would nab email about a suspect's drug flight into Texas, while it would not see email about that suspect's virtual love affair with his neighbor on Usenet.
But can we trust the FBI to respect those limits? Some of its comments about Carnivore suggest that the FBI is not even sure about the technology they're using, and unaware how many others have the same power. The good news is, the system is easy enough to defeat for anyone willing to take a few precautionary measures.
Carnivore's care and feeding
Last year, I got a peek at Carnivore when FBI agents gave a talk in the Cyber Law and Society class I was taking at Harvard. Supervisory Special Agent Barry Smith and an associate told us the rise in Internet communications threatens the FBI's ability to fight crime, and Carnivore is one of the ways they hope to keep up. As more communication goes online, criminals are taking their activities there -- for planning, communication, and execution. Groove is useful for collaborative programming, but it could just as easily be used to plan a terrorist attack across international borders.
To install Carnivore at an Internet service provider, the FBI has to obtain a warrant, similar to a wiretap. (See the sidebar, "What Gives Them the Right?" for more details on the legalities.) The FBI asks the ISP isolate the suspect's connection to a "quiet" part of its LAN. This allows the FBI to connect without being overly obtrusive, and prevents its machine from being pelted with a lot of uninteresting data.
From there, the agency configures the necessary filters, then pushes the Monitor button. A stats screen pops up, and every day the captured data is written to a Zip disk. A field agent retrieves the disk and inserts a fresh one each day or week, taking the full disk back to the office for analysis.
My security concerns
Sounds simple enough. But as a system administrator, I have a few concerns.
The first is that Carnivore runs on NT. As a Unix administrator, I see this as a very bad thing. Windows NT has many well-known security flaws, and the Carnivore machine itself could be compromised unless all security patches are applied when they're made available. Even then, unpublished flaws (without patches) leave the machine vulnerable. The FBI says it puts a firewall between the Carnivore box and the rest of the ISP, and a team of security experts tends to NT patches. Even so, if you're not concerned about the FBI reading your email, you should be concerned that the Carnivore box could be hacked.
My second concern is that, depending on how the filters are set, Carnivore can capture any amount of data the FBI would like. The agents said Carnivore "only connects at Ethernet speeds," as if to suggest this limits the amount of data the agency can grab. This struck a chord, so I asked about it after their talk. After saying that OC-128 and Gigabit Ethernet are faster (to which I replied with a glare), he said that Carnivore sees too much data to store it all, and the FBI couldn't archive it. I pointed out that a 40-gigabyte hard drive costs only $150 these days, but he responded "we don't have time to look at all that data." I didn't want to argue more, or tell them about Perl.
Pages: 1, 2