oreilly.comSafari Books Online.Conferences.


Carnivore: A System Admin's Concerns
Pages: 1, 2

Haven't I seen this before?

In fact, it seems to me that Carnivore could be replaced with tcpdump and Perl. tcpdump is a packet-sniffer, and a standard Unix utility. It can restrict what is captured based on the type of data and its destination. For example, it could store just email and web pages going to a suspect's IP address. The captured data could then be analyzed with Perl to discard everything but authorized interceptions, say, emails to another suspect or access to specific web pages.

Because it seems so easy to replace Carnivore with these open-source tools, I asked if the FBI would consider open-sourcing Carnivore, arguing that it would alleviate the public's concerns as to Carnivore's capabilities. Barry's face grew a bit dark at that. He maintained that only the FBI should be allowed to use such a program, and that anyone who codes a similar program must be breaking the law. He's obviously not a system administrator.

The FBI's argument about limited storage capacity argument is less than convincing, as is the "slow" Ethernet connection argument. The limited manpower argument carries a bit more weight, but Perl provides an excellent point of contention. However, if the FBI developers have expended this much effort to recreate tcpdump, it makes me wonder if they'd be able to use Perl. Perhaps they'd roll their own there, too, creating OysterEater.

You'll never take my data alive!

So what can privacy-conscious individuals do to prevent the FBI from reading their emails and seeing that they've visited porn sites?

  • Encrypt your email with SMIME or PGP.
  • Use a service like, which hides all web traffic to your desktop by sending encrypted web requests through many of its servers, none of which know where the data ultimately came from.
  • Use FreeNet to exchange files.
  • Or, more simply, don't commit crimes that will make the FBI take an interest in you.

Special Agent Smith addressed these issues without anyone bringing them up. If Carnivore is easily defeated, is it valuable? It is, he said, because the average criminal isn't all that bright. He cited an example of one suspect whose phone was tapped saying, "You should whisper, the line might be tapped." He also noted that devices used to scramble telephone calls are widely available, but infrequently used.

Although I'm concerned with Carnivore's capabilities, I believe FBI agents truly need it to do their jobs effectively, and would be hard-pressed to find a much better, less-intrusive solution. While Carnivore is potentially more intrusive than wiretaps, the FBI has proven its restraint with them, and has not abused that power. Why should IP wiretaps prove any different?

If it seems I'm being sympathetic to the FBI, please look at system administrators. At their companies, these folks are graced with the power to read anyone's mail that they want, to play with people's private files, and can easily impersonate their company's CEO. They can do this very quietly, so that no one notices. They generally have no security clearance. Few have sworn to uphold their company's ideals. However, very few abuse the power that they've been given, instead using their powers for good.

Massive conspiracy theories aside, why should we believe that FBI agents are any different? They're deeply involved in criminal cases when they deploy Carnivore -- much like a system administrator would be involved with routing out a cracker when deploying tcpdump.

Sure, the capability is there to read their boss's mail, but who has the time?

Mike DeGraw-Bertsch is a security and Unix system administration consultant in the Boston, Mass. area. When he's not at a job, writing, hacking with Perl, or playing with his wireless network, he can usually be found playing goal in ice hockey.

Return to the Linux DevCenter.

Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!

Linux Resources
  • Linux Online
  • The Linux FAQ
  • Linux Kernel Archives
  • Kernel Traffic

  • Sponsored by: