FBI retires Carnivore!

The Black Flag Cafe is the place travelers come to share stories and advice. Moderated by Robert Young Pelton the author of The World's Most Dangerous Places.

Moderator: coldharvest

FBI retires Carnivore!

Postby Kurt » Sat Jan 15, 2005 5:39 pm

By Kevin Poulsen, SecurityFocus
Published Saturday 15th January 2005 10:41 GMT

FBI surveillance experts have put their once-controversial Carnivore Internet surveillance tool out to pasture, preferring instead to use commercial products to eavesdrop on network traffic, according to documents released Friday...

(read the rest here)

http://www.theregister.com/2005/01/15/f ... carnivore/

Of course not one talks exactly about what it did or even if it succeeded during its 5 year run. But goddam it was out there and damned if it didn't scare the crap out of people who view the Government as all powerful and not a bunch of fuck-ups.

For fun later I will teach you all how to make your very own "Home Carnivore". The only disagvantage it will have to the FBI's version is that you can't get a warrent to sniff the traffic at an ISP's T3 line.
User avatar
Kurt
In Manus Manus
 
Posts: 21997
Joined: Mon Mar 08, 2004 6:29 am
Location: New York City

Postby Kurt » Sat Jan 15, 2005 6:42 pm

The Hardware for the BFC Carnivore. We will emphasise "cheap"

I chose to link to Monarch Computing because they are easy to follow and a good company (I use them often) But you may find cheaper stuff elsewhere. (click on prices for links)

First The Motherboard. The requirement is that it have everything on it plus SATA (Serial ATA). Since our Carnivore is gonna be on all day long we want good airflow and SATA cables are thin, and they write and read faster than regular ATA Drives.

Motherboard DFI Athlon XP w/ Audio , video , SATA RAID, LAN, USB.

<a href=http://www.monarchcomputer.com/Merchant2/merchant.mv?Screen=PROD&Store_Code=M&Product_Code=110643&Category_Code=AMB>$58.00</a>

Now we must put the data on some type of media. The FBI uses various IOMEGA ZIP disk products. These are very expensive, cannot be mass copied and cannot hold alot of data. However CDRW's are cheap ($.25 each) and easy to mass produce to have your home spy network distrubute data to "other agencies"..like your mom.

Samsung CDRW/DVD combo drives are good, cheap and come with Nero.

<a href=http://www.monarchcomputer.com/Merchant2/merchant.mv?Screen=PROD&Store_Code=M&Product_Code=160217&Category_Code=cdrw-combo>$57.00</a>


The most important thing is going to be the Network card. On board network cards that our motherboard has are fine for home and office networks but we gotta do real spy work with this, so we need a good GB ethrnet card to sniff traffic faster than it can be produced.

We will put in the 3Com Gigabit NIC. 3Com practically invented ethernet, their drivers are always good and it is still pretty cheap.

<a href=http://www.monarchcomputer.com/Merchant2/merchant.mv?Screen=PROD&Store_Code=M&Product_Code=280116&Category_Code=NetCards>$56.00</a>


The next will be the Processor. Once again the idea is to go cheap and not get the top end stuff. It sucks when your top of the line processor burns out and takes your motherboard with it (unlikely) and it also sucks paying $500+ for a processor that will cost $50 in two years.

So I am going with the lowest end AMD there is ..the Sempron 2400 Socket A Boxed set (comes with fan and thermal grease and warrenty).

<a href=http://www.monarchcomputer.com/Merchant2/merchant.mv?Screen=PROD&Store_Code=M&Product_Code=120279&Category_Code=amdsempron>$67.00</a>

For RAM I always use the money I save on the processor to get mroe RAM. Corsair is cheap and durable. Never had a bad stick of it yet.

We will get 1GB in two 512mb sticks of PC 2700 DDR. Get two sticks in case one goes bad.

<a href=http://www.monarchcomputer.com/Merchant2/merchant.mv?Screen=PROD&Store_Code=M&Product_Code=140440&Category_Code=Unbuffered_Corsair>$144.00</a>

Next is hard drive. The goal is big space, cheap and a long warrenty. Seagate has a 200GB drive with a five year warrenty for 129.00. That will do.

<a href=http://www.monarchcomputer.com/Merchant2/merchant.mv?Screen=PROD&Store_Code=M&Product_Code=150504&Category_Code=SATAHardDrives>$129.00</a>

Nothing worse than building your computer only to have it comibng out looking really ugly. So we better get a cool looking case for it. For price, low shipping cost and bitchin design I chose a Black Silverstone Mid Sized Aliminum case. Remember if you gotta spend money somewhere, spend it on the case, they last the longest.

<img src=http://www.monarchcomputer.com/Merchant2/graphics/00000001/100473.jpg></img>

<a href=http://www.monarchcomputer.com/Merchant2/merchant.mv?Screen=PROD&Store_Code=M&Product_Code=100473&Category_Code=C1-ALL>$75.00</a>

Last of all is the power supply. We have to have it be quiet and go with the case. Plus it needs SATA connectors and has to be dependable.

So I went with OCZ's 450 watt Mod power Stream. It has detachable cables wich is very nice and helps keep everything easy to dust and cool.

<a href=http://www.monarchcomputer.com/Merchant2/merchant.mv?Screen=PROD&Store_Code=M&Product_Code=100176&Category_Code=ps-generic>$82.00</a>

The rest like keyboard, floppies, monitors , mouse and various cables you gotta figure out yourself. I recomend re-using stuff from old systems whenever possible.

So far the total cost of our brand new carnivore is $539.00. You can make a cheaper one out of old components too...since it just needs to run Windows NT 4.0 and have enough power to write to media. I'd say you could easily do it with a Pentium 266 and 128MB RAM.

More on the software stuff later.
User avatar
Kurt
In Manus Manus
 
Posts: 21997
Joined: Mon Mar 08, 2004 6:29 am
Location: New York City

Postby Kurt » Sat Jan 15, 2005 10:27 pm

For the software.

First we will start with a basic operating system. Most people will use Windows. I prefer Windows 2000 because I change hardware alot and don't like to have to notify Microsoft that I have done so. XP will sometimes stop working or work in a limited fashion if you switch hardware enough from the original install. So get a copy of whatever your prefer to use. Make it at least Windows 2000 or XP. Windows NT 4 can be used, but I would only do so if you have really low end hardware. This will add anywhere between $100 to $200 to the cost depending on what version you pick.

Next:

After installing all the software and drivers for your hardware and updating the patches you will need to search for your free sniffer software.

The first thing we are going to do is install WinPcap 3.0 This program allows you to capture and read internet traffic. Get it here and run the executeable.

http://www.ethereal.com/distribution/wi ... ap_3_0.exe

Next we will install ethereal for windows. This alows you to look at network traffic in real time and capture the traffic to a file to be looked at later. (with winpcap installed)

Click here and install.

http://www.ethereal.com/distribution/wi ... 0.10.8.exe

Next check out the online documents and read about what you are going to do and the best way to sniff for "terrorist communication" at home or at your school.

http://www.ethereal.com/docs/user-guide/

When you run ethereal and capture the packets to a file you will se run in its raw state that it makes a pretty big file in a short period of time. Now imagine that on the trunk of an ISP you have to filter to look for "key" words to capture in your packets. This will still produce a big file, perhaps too big for the FBI's IOMEGA zip disks...this is where I think we get the term "chatter". The FBI gets too big of file to look at, so a report on the file size made by the key words and phrases in online activity is looked at.

A big file means "increased chatter" and the useless terror alert color goes up to Orange. A smaller file means "reduced chatter" and Tom Ridge pats himself on the back while not taking into account the FBI's recent problems with computer upgrades on the Tsunami wiping out a good deal of infrastructure in Norther Indonesia.

Anyway now you too can have your own "terror alert system" installed that will probably be about as useful and alot cheaper than the FBI's.

When the FBI ditches Carnivore, it will move on to something else. I am guessing it is going to be something like SNORT http://www.snort.org/ but instead feeding info to an online database (probably Oracle) with encryption hiding the traffic. This too can be easily made with one computer but for more accuracy you could use two. Get a friend to help and each set up a Snort computer with a mysql database http://www.mysql.com/ then you can set up a VPN tunnel to one anothers computers to use the data bases.

Then you have a WHOLE ANTI-TERRORIST CRIMEFIGHTING NETWORK!!

At home and really cheap.
User avatar
Kurt
In Manus Manus
 
Posts: 21997
Joined: Mon Mar 08, 2004 6:29 am
Location: New York City

Postby kilroy » Mon Jan 17, 2005 1:43 pm

i'm not surprised the gov't retired it. the damn thing didn't have any teeth. i dont know why everybody was freaked about it. i've said this quite a few times, including on this board.

by the way, the carnivore edition of 'this old house' was pretty nifty kurt.
when they ask how you feeling
you tell em you feeling like something important died screaming
you tell em you feeling like something even more important arrived breathing
something you should probably try feeding
User avatar
kilroy
BFCus Regularus
 
Posts: 5691
Joined: Thu Mar 25, 2004 7:34 am
Location: Alabambam

Postby redharen » Wed Jan 19, 2005 10:39 pm

Kurt:

Just for kicks, you ought to send this to 2600.com as an article for their print edition. Some of their readers, I'm sure, would appreciate it, and might even give it a try. Just don't use your real name.
User avatar
redharen
small ax
 
Posts: 2653
Joined: Mon Apr 19, 2004 2:22 am
Location: Jerusalem

Postby Kurt » Wed Jan 19, 2005 11:02 pm

I want to see what their replacement for Carnivore is supposed to do first, then see if I can make that.
User avatar
Kurt
In Manus Manus
 
Posts: 21997
Joined: Mon Mar 08, 2004 6:29 am
Location: New York City

Re: FBI retires Carnivore!

Postby Kurt » Thu Jun 17, 2021 2:39 pm

Oddly enough I am working with this sort of equipment now.

I was right 16 years ago, it is similar to Snort but the speed is now crazy.

Now "Carnivore" is done via "taps" as an appliance that does not interfere with the routing but instead takes 6 nanoseconds to copy up to 100GB of traffic per port and ports can be combined.

So now it is possible to view traffic, record traffic and route mirrors of traffic to active monitors, meaning humans at a computer by traffic and by IP.

So if a judge give a wiretap warrant for me but only for a specific website they could technically have a crew of monitors watching me interact with the BFC and only the BFC.

The labor part is expensive but pretty much anything and everything that is not encrypted can be monitored.

But, setting this up in the right area is a hell of an operation.

It's funny though, because Carnivore was never frightening. If the US put Stasi like enthusiasm in monitoring it's citizens it could easily be done. ..but again the manpower to disseminate the collection would cost a fortune.
User avatar
Kurt
In Manus Manus
 
Posts: 21997
Joined: Mon Mar 08, 2004 6:29 am
Location: New York City

Postby el3so » Sat Jun 19, 2021 12:05 am

Kurt wrote: takes 6 nanoseconds to copy up to 100GB of traffic per port
I didn't understand any of the computer mumbo-jumbo but that is a hell of a lot of porn.
Yo Kurt, hook a brother up!
skynet prompt: witty line, a bit offensive, medium levels of spelling error, Rastafy by 10 % or so
User avatar
el3so
Creepy Uncle
 
Posts: 8900
Joined: Tue Apr 27, 2004 9:25 am
Location: never-ending labyrinth of pain


Return to Black Flag Cafe

Who is online

Users browsing this forum: Google [Bot] and 27 guests

cron