FBI's Carnivore hunts in a pack

[William Knowles <wk () C4I ORG>]

http://www.zdnet.com/zdnn/stories/news/0,4586,2641902,00.html

By Brock Meeks, MSNBC
October 18, 2000 4:44 AM PT

WASHINGTON -- Carnivore, the FBI's controversial e-mail snooping
program, is part of covert surveillance triad known inside the bureau
as the "DragonWare Suite," according to recently declassified
documents. The documents also outline how the DragonWare Suite is more
than simply an e-mail snooping program: It's capable of reconstructing
the Web surfing trail of someone under investigation.

According to an analysis of the declassified documents by
SecurityFocus, a California-based computer security firm, the
DragonWare Suite can "reconstruct Web pages exactly as a surveillance
target saw them while surfing the Web."

Besides Carnivore, the DragonWare Suite includes programs called
"Packeteer" and "Coolminer," the documents reveal. These latter
programs are used to reconstruct the raw data scooped up in the
initial phase by Carnivore.

Omnivore came first The FBI was forced to release documents relating
to Carnivore as the result of a lawsuit brought by the Electronic
Privacy Information Center (EPIC). The suit was filed to force the
bureau to comply with a Freedom of Information Act request the
Washington-based privacy watchdog organization filed earlier this
year.

The FBI released about 600 pages from its Carnivore files, with most
of the information hidden from view by huge blocks of blacked-out
paragraphs. But by combing through the information left in view, the
details of Carnivore's evolution begin to emerge.

Two other e-mail monitoring programs preceded Carnivore, dating back
to at least January 1996. Omnivore was Carnivore's immediate
predecessor, developed to run on a Sun Solaris system at a cost of
$900,000. But an earlier program that still remains classified
"secret" preceded Omnivore.

Omnivore was pushed into service because the older system was deemed
to have "deficiencies that rendered the design solution unacceptable,"
a product review document says.

Omnivore was designed to "sniff" an e-mail stream and print out
targeted e-mails in real time, while storing other data on an 8mm tape
drive, the documents say. The project was conceived in February 1997
and deployed in October of that year. It was officially retired in
June 1999.

The system was apparently pressed into service earlier than planned.
While still in its beta phase, the FBI deployed Omnivore during an
investigation, but technical problems arose that required the
program's commercial developers to support the installation of the
program. That situation made its full development schedule "difficult
to maintain," the documents show.

More than it could chew But the Solaris operating system proved
unwieldy in the field, and in September 1998 the bureau devised
project "Phiple Troenix" -- a bastardization of the phrase "Triple
Phoenix" -- as the upgrade path that would eventually become
Carnivore.

The main objective of Phiple Troenix was to rewrite the Omnivore
software to make it work on a Windows NT platform, according the
declassified documents.

"This will facilitate the miniaturization of the system and support a
wider range of personal computer equipment," the documents say.

This $800,000 project also included funding to train FBI agents and
employees of the National Infrastructure Protection Center.

Carnivore 1.2 was officially unleashed on the world in September 1999.
But that version of the beast apparently scooped up data it wasn't
supposed to, botching an investigation due to digital indigestion, or
what the FBI documents say were "bugs found during a deployment."

'Enhanced Carnivore' Problems with the early version of Carnivore
spawned a project called "Enhanced Carnivore" in November 1999.
Meanwhile, a patched version of the first Carnivore was launched in
March of this year.

The FBI has budgeted some $650,000 for Enhanced Carnivore. The current
version of Carnivore is due to be retired in January of next year, the
documents say.

The commercial firm developing Enhanced Carnivore is redacted in the
documents. Scant clues are given as to Carnivore's creators.

"The development contractor ... performed the initial Carnivore
development work," the documents say. "This contractor was selected
again based on a solid track record in this technology area."

Meanwhile, the documents also show that Carnivore 2.0 and 3.0 are
already in the design phase. The documents also underscore an earlier
MSNBC.com report that the FBI is already developing Carnivore-like
tools capable of wiretapping Net-based telephone calls. The FBI calls
this technology "Dragon Net: Voice over IP."

"DragonWare suite? What were they thinking?" House Majority Leader
Richard Armey, R-Texas, asked incredulously. Armey is an outspoken
critic of the Carnivore program and has called on the Justice
Department to halt the program until a full investigation is finished
to determine if the program is open to privacy abuse.

"Until the constitutional questions have been adequately addressed,
the Justice Department should not only stop developing new versions of
cybersnooping software, they should stop using the existing programs,"
Armey said.

The Justice Department recently contracted with an independent
research firm to evaluate the underlying code that makes Carnivore
tick in hopes of once and for all stemming criticisms that the program
is a wholesale risk to privacy.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".