Carnivore

There's an Enhanced-Carnivore now, but I lost a link I had in favourites to do with that, so if I find it again I'll post it up here, meanwhile you could check this one out, which is to do with Carnivore or you could always do a Google on it. The page I had was on the ACLU site I think. This link talks about the FBI's usage of Carnivore, although I'm pretty sure it was originally an NSA creation, but then again I could be wrong.

I never found any threads on this project and I was rather bemused as to why

You'd think Echelon was enough, or at least I would.

I do remember some detailed discussions regarding Carnivore and it's 'upgrades' in 2600. I did manage
for the moment find some internet links from the site
that has some information for those who are curious about Carnivore. www.2600.com...
I will try find out which ones (other than the 2000 issue) that has 'morsels' of info about it and post them here.
Yet another sign that the U.S. is attempting to be the world's policeman since this program/device doesn't care about the origins or destinations of packets. The thing that makes me wonder though is if this thing is operating on the internet, would it have an ip address too?




[Edited on 10-5-2004 by Crysstaafur]

Originally posted by Crysstaafur
...if this thing is operating on the internet, would it have an ip address too?

If it did I doubt it'd be "get-into-able" , but I think it's just hardwired into the ISP's system and stores everything.

Originally posted by Crysstaafur
if this thing is operating on the internet, would it have an ip address too?

Probably more than one. I thought Carnivore was used for email communications, and Echelon for just about all other communications system?

Yes, Carnivore is an email snooping program.
It also goes by another name: DCS-1000
I hope that helps in searches. Then there is also another program called Magic Lantern that
is sent to suspects disguised as an email attachment. If executed it will monitor keystrokes, 'x and y coordinates' plus mouse button status registers to recreate user activity thereby 'preventing' any encryption. I put that in quotes as this would probably not apply to those who are using keyless (ie passwordless) encryption.
Thank those who passed the Patriot Act and CALEA.
Apparently the upgrade (DCS-1000) is for 'all packet-switching communications' so this would also include http, ftp, Voice-over IP, and perhaps any future innovations. -sources: 2600 Winter 2001/2002 and Summer 2002

[Edited on 10-5-2004 by Crysstaafur]

Yep. Those who tought they couldn't monitor voice-over-IP communications should do some research.

Of course they couldn't let that slip. They just have to have ears and eyes everywhere. Here's a leaked document about the implemantation of their system on Voice-over-Ip provider.

www.why-war.com...

Originally posted by Crysstaafur
The thing that makes me wonder though is if this thing is operating on the internet, would it have an ip address too?

If you are running Windows, execute Start>Run..., and type 'command', to evoke the MSDOS command prompt. In the new window, type on a single line

tracert google.com

Then, your computer will send an chunk of information to google.com, and display all the computers through which that information must travel in order to reach google.com . Any one of those computers can have Carnivore / Echelon software running on it.

Thanks for the link m0rbid!
I wish I had more factual goodies to contribute, but I don't at the moment, so I will pause with a quote as food for thought.

'Snoop unto them as they snoop unto us.'->Hackers

8P

Originally posted by Jake_

Originally posted by Crysstaafur
The thing that makes me wonder though is if this thing is operating on the internet, would it have an ip address too?

If you are running Windows, execute Start>Run..., and type 'command', to evoke the MSDOS command prompt. In the new window, type on a single line

tracert google.com

Then, your computer will send an chunk of information to google.com, and display all the computers through which that information must travel in order to reach google.com . Any one of those computers can have Carnivore / Echelon software running on it.

Doubtfull.
I am quite sure that they have a robots.txt file to prevent spidering of any sort. Even if it didn't who in their right mind would want go through all that traffic. Also that would only be true for a brief moment as this would not list those systems that were on then off just before and after the route was traced. If one was so inclined as to something like this, I would think that the domain registration system of Icann would be way more effective, but that would require either a long time (not good), a large network doing the work(not likely), or a whole bunch of people doing this all at once.(not likely either) An easier way would be to take careful note of what boots up on your machine and try to look for anything would be out of place such as a client you didn't install and go from there. just my humble opinion.

Originally posted by Crysstaafur
Doubtfull. I am quite sure that they have a robots.txt file to prevent spidering of any sort. Even if it didn't who in their right mind would want go through all that traffic.

These are not webservers, but simply computers that route internet traffic to its destination. Of course, there may be computers between the hops that do not respond to tracert packets. The spying software would log the information sent to the server, then relay the information to the next hop to its destination. The logs of the information could be sent to another computer, which searches through the data for specific keywords, then reports the context of those keywords to people or other searching computers.

Originally posted by Jake_

Originally posted by Crysstaafur
Doubtfull. I am quite sure that they have a robots.txt file to prevent spidering of any sort. Even if it didn't who in their right mind would want go through all that traffic.

These are not webservers, but simply computers that route internet traffic to its destination. Of course, there may be computers between the hops that do not respond to tracert packets. The spying software would log the information sent to the server, then relay the information to the next hop to its destination. The logs of the information could be sent to another computer, which searches through the data for specific keywords, then reports the context of those keywords to people or other searching computers.

"tracert", or traceroute as it's really know (it's a unix tool, ported to dos), does not use any sort of special packets. it's simply using ICMP (also known as "ping") packets with a incramenting TTL (time to live). This means that you are pinging a host somewhere on the internet, but since the packet's TTL value is given say +1 every time it's sent (starting with zero), every host between will respond to you.

thus, you see where your data is going.

therefor, it's quite hard to be an active node on the net and hide from a traceroute. the only sort of exception would be if your were sniffing on a lower layer of the network (look here-> www.webopedia.com... for more information on the OSI Model), say around layer 2, you wouldn't be noticed. (one thing to consiter is that communication on the internet is done with tcp/ip, which is all the way up in layer 7 [the application layer], so if you're sniffing layer 2, you will get *everything*).

i imagine this is probably how the next carnivore works.

Originally posted by Crysstaafur
Then there is also another program called Magic Lantern that
is sent to suspects disguised as an email attachment. If executed it will monitor keystrokes, 'x and y coordinates' plus mouse button status registers to recreate user activity thereby 'preventing' any encryption.

Thanks for the information there Crysstaafur, I'd heard the name Magic Lantern before but I'd never looked into what it was, but now I see it's yet another privacy invasion system. I take it the NSA are responsible for this one?

Then there is also another program called Magic Lantern that is sent to suspects disguised as an email attachment

meaning you have to be dumb enough to open it, right?

and would spybot/adaware/norton or other anitvirus catch it?

Originally posted by NothingMakesSense

Then there is also another program called Magic Lantern that is sent to suspects disguised as an email attachment

meaning you have to be dumb enough to open it, right?

and would spybot/adaware/norton or other anitvirus catch it?

Magic Lantern is basically a very dirty trick.

It involves embedding a 1x1 pixel image (that you wouldn't notice really) in a html email. but the trick? the image is hosted on a government system, so when you open the email, you give them your ip simply by requesting the embedded image (this happens automatically when you open the e-mail. its like when you load a web page). ms outlook, netscape mail, mozilla/thunderbird, etc are all open to this sort of trick.

it's really nothing special, just a play on how computer illiterate most people are.



[Edited on 12-5-2004 by negativenihil]

Couldn't the program be downloaded via alternate methods?

If the program was attached to other software, then it could get in with wanted stuff. Maybe the government is running this kind of thing?

Originally posted by Lyriox
Couldn't the program be downloaded via alternate methods?

If the program was attached to other software, then it could get in with wanted stuff. Maybe the government is running this kind of thing?

it's not a program though! you're simply loading a VERY tiny image, hosted on a government site, when you open the e-mail that is sent. Within the email there is html code, which directs your email client to pull the tiny image off a government system, thus exposing your ip address, and possibly your physical location.

i imagine they would use this sort of tool if they had been chasing after someone and had no luck.

Originally posted by negativenihil
...it's not a program though!...

Doesn't this conflict with the idea of it logging your keystrokes? If it does then it needs to be an executable program on the computer:

Originally posted by Crysstaafur
Then there is also another program called Magic Lantern that
is sent to suspects disguised as an email attachment. If executed it will monitor keystrokes, 'x and y coordinates' plus mouse button status registers to recreate user activity thereby 'preventing' any encryption. I put that in quotes as this would probably not apply to those who are using keyless (ie passwordless) encryption.

[Edited on 12/5/2004 by Lyriox]

Originally posted by Lyriox

Originally posted by negativenihil
...it's not a program though!...

Doesn't this conflict with the idea of it logging your keystrokes? If it does then it needs to be an executable program on the computer:

Hrm. you're right.
www.msnbc.com...

I must have gotten the name mixed up, but i'm pretty sure i have heard or read about the fbi using this embedded image trick as well.

i'm going to dig a bit...

Originally posted by negativenihil
...i'm going to dig a bit...

Keep that ignorance denied

well as soon as they have your ip your screwed because then they can do all kinds of nasty things to you without your knowing it. a thought-would running through an anonymous proxy like those you can temproarily get ffrom websites work to foil this thing?

like i said, as soon as they have your ip address they can send you packets wich your computer would automatically reconstruct in ram and those packets would be the xecutable. and as soon as its complete in ram it writes itself to you hard drive. just specukation.

another idea---- maybe the recently discovered hole in the tcp/ip protocol was actually made by the goverment to keep a check system inplace on the internet--and maybe this flaw runs deeper than just simply resetting routers. perhaps there is a way to convonce a computer to accept certain packets a certaion way that would make them more conducive to transmitting a virus.......

when i say packets i mean network/internet information packets....