Carnivore By Pedro E. Cusinga

advertisement
Carnivore
The Electronic Surveillance Tool
Pedro E. Cusinga
CIS450
Strayer University
Jump to first page
Some Statistics

Not even ten years ago , most people didn’t know what the Internet or
e-mail was.

Before that, most people didn’t have computers at home or at work

Fifty years ago, In fact, there were no computers



Today, one in two Americans has computers at home or at work, and
the use of the Internet has became the preferred medium for
communication exchange
Now that the use of Internet is growing exponentially, so is the
computer crime.
Criminals use the Internet’s inexpensive and easy communications to
commit, fraud, theft, larceny, forgery, sabotage, espionage, terrorism,
information warfare, hacking and many other serious and violent
crimes.
Jump to first page
But, who is out there to protect us?



The FBI is.
In fact, the FBI along with many other law enforcement agencies ,are
busy conducting lawful electronic surveillance to prevent serious criminal
activities.
It has become common knowledge that that terrorist, spies, hackers, and
many other dangerous criminals are occupied using computers and
computer networks,Including the Internet, to commit their malicious acts.
Counterattacking criminal activities
Investigating and deterring such wrongdoing not only requires tools and
techniques designed to work with new evolving computers and network
technologies . But it also requires to work in coordination and under the
supervision of the Department of Justice.
Jump to first page


To begin with, in every FBI investigation involving electronic surveillance,
all surveillance efforts are approved, monitored, and overseen at each step
of the way by both the local United States Attorneys Office and the
appropriate U.S. District Court Judge.
In surveillance conducted under the Foreign Intelligence Surveillance Act
(FISA), FBI is monitored and overseen by the Department of Justice’s
Office of Intelligence Policy and Review, and by the Foreign Intelligence
Surveillance Court.
Types of Cyber-crimes threats that law enforcement agencies have
been and will encounter in the future.



Terrorism - Terrorist groups are increasingly using new information (IT)
and the Internet to formulate plans ,raise founds, spread propaganda, and
communicate securely
Espionage - Foreign intelligence services view the Internet and computer
intrusions as useful tools for acquiring sensitive U.S. government and
private sector information.
Information Warfare - Perhaps the greatest threat to national security by
foreign militaries against the Nation’s critical infrastructures.
Jump to first page


Child Pornography and Sexual Exploitation of Children - Sexual
predators find the Internet as the perfect medium to trap unwary children.
Serious Fraud - The North American Securities Administrators
Association has estimated that Internet-related stock fraud results in a loss
of approximately $10 billion per year (nearly $1 million per hour)
The Electronic Surveillance Process
The decision to use Carnivore comes only after a criminal investigation
has proceed substantially.





First, the FBI must demonstrate that a crime has been committed or is
about to be committed
Second, the FBI must explain why traditional enforcement methods are
insufficient to obtain the information desired.
Third, in order to obtain a court order, the FBI must discover the identity
of the target’s ISP, e-mail address, etc.
Fourth, the FBI will seek to deploy such means only in large ongoing
investigations.
Fifth, FBI agents will use electronic surveillance as a last resort.
Jump to first page
Deployment of carnivore
Carnivore is a very specialized network analyzer or “sniffer” which runs as an
application program in a normal computer under the Microsoft Windows
operating system.
It works by “sniffing the proper portions of network packets and copying and
storing only those packets in conformity with the court order
The Carnivore device provides the FBI with a “surgical” ability to collect only the
data they are looking for while ignoring those communications which they are
not authorized to intercept.
Carnivore is superior to any commercial-available “sniffer” tool. Commercial
sniffers are typically designed to work only with fixed IP addresses.Carnivore on
the other hand was specifically designed to interface with ISP networks so that
when dynamic addressing occurs it can immediately respond to it.
Jump to first page
The example above shows how the system identifies which packets to store
Jump to first page
System Architecture
The carnivore system architecture comprises of:
1- A one-way tap into an Ethernet data steam
2- A general purpose computer to filter and collect data
3- Additional general purpose computers to control the collection and examine
the data
4- A telephone link to the collection computer, and
5- DragonWare software written by the FBI.
DragonWare includes Carnivore software to filter and record IP packets and
Packeteer and CoolMiner, which are two additional programs that reconstruct
e-mail and other Internet traffic from the collected packets.
Jump to first page
THE ETHERNET TAP
Carnivore is connected to a 10Base-T Ethernet using a Century Tap made by
Shoniti Systems. In a typical installation, an existing line is disconnected from a hub or
switch and plugged into port A of the tap. A new line is run from port B to the
hub/switch. The tap passes the traffic along the line from A to B to A if it were standard
cable. At the same time, it takes a copy of the transmit data in each direction and feeds
it to ports 1 and 2. Additional cables connect ports 1 and 2 to standard hub. This
connection ensures that both sides of the communication on the Ethernet appear at the
hub, but no data can be sent from the hub. The carnivore system is then connected to
any open port on the hub.
Jump to first page
This cabling arrangement and the Shoniti tap ensure Carnivore is in a receive-only mode.
The FBI technicians who install Carnivore work with ISP personnel to have Carnivore
connected to the smallest bandwidth pipe possible.
Jump to first page
CARNIVORE SOFTWARE PROGRAM




Carnivore is the name of the software program running on the collection
computer that filters and records IP packets. When the collection computer is
started, it automatically logs in as the Administrator.
Carnivore has two levels of functionality: a main screen and an advanced
screen.
When the program is started, the agent sees the main screen with four
functions implemented via button selections. One set of buttons starts and
stops collection. Another toggles the collection detail display. A third forces
collection to start using a new file, making the current file available for
downloading. The fourth is used to access the advanced screen (filter
settings).
The program has a separate password for accessing the filter settings. A case
agent, can access the collection device via device via remote dial-in to start
and stop the collection, and cause the collection to start into a new file and
download the collected data. However, that agent does not need to know the
password that allows the filter settings to be changed.
Jump to first page
CARNIVORE MAIN SCREEN
Jump to first page
CARNIVORE ADVANCED MENU
Jump to first page
Download