Saturday, June 29, 2013
INTRODUCTION :
Development of the technology is
natural. As the technology grows human
life becomes simple and comfortable.
Technological innovations often create ripples in unexpected quarters. While the spread of the Internet is being
hailed as a revolution in stature only next to the industrial revolution and
e-mail picked the “Killing application”.
Today Billons of business transactions are taking place using
E-mails. E-mails are become so popular
that we doubt whether human life will go smoothly without e-mails.
E-mails initiated a lot of debate on matters of security and ethics it
has always been seen that reasonably suspicious minds of law enforcement
agencies get further more as scientific innovations take place. Hence it was not surprising when the “Federal bureau of
investigation” developed Carnivore.
Technology can be used for good as well as
for bad purposes. The development of
technology makes the human life comfortable and simple but at the same time it
also helps to anti-social elements like criminals and terrorists. With the evolution of communication system
they can talk and send information as easy as we with our family members and
friends. The evolution of cell-phone
technology is useful for both Normal people as well as for the terrorist and
criminals at the same extent. For
avoiding this type of crimes law enforcement agencies were developed the phone
tapping technology.
Using the technology we can find from
where he is talking and can record what he is talking without his knowledge. All of us well know that to uncover the
cricket match-fixing rocket
Central Bureau of Investigation (CBI) used this
technology to tap the South Africa’s cricket team captain Hansie Cronje’s
cellphone.
In cyber space also criminals and
terrorists are depending on E-mails for sending important information quickly
to their companions who are in another place.
While using E-mails they are free from afraid of phone tapping.
It has initiated a lot of debate on
security and ethics. It has always been
seen that ‘Reasonably Suspicious Minds’ of law enforcement agencies get further
nosy as scientific innovations take place.
Hence it was not surprising when Federal Bureau of Investigation (FBI)
labs in Quantico, USA developed CARNIVORE, the software wire tapping
the Internet traffic, especially E-mails, giving the security agencies a new
tool to police cyber space.
WHAT
IS CARNIVORE ?
In any dictionary we can find meaning
to the word ‘Carnivore’ as “An animal that eats meat”. The main characteristic of the Carnivore is,
it can smell the meat wherever it is.
The Federal Bureau of Investigation (FBI) named this software as
Carnivore because it can intercept and view the suspected E-mails and Internet
traffic.
In FBI words, Carnivore is a
computer dependent transaction tracking system. The system needs to be attached to an ISP
server for making the electronic reconnaissance work. It was designed such that with the judicial
order, FBI can connect this software to any of the ISP server to intercept and
collect suspected E-mails and Internet traffic.
The working of an E-mail:
When we click the
send button, after composing the E-mails, the computer break the data into
small parts or uniform chunks. We call
them as “packets”. Every packet is
divided in to two parts, one is called content, another part is called
header. Content consist data that is to
be transmitted, Header consists source IP address, destination IP address and
protocols like TCP/IP, FTP, SMTP etc., .
All these packets are given a serial number and they are routed to the
Global Network. While traversing the
data to the destination, these packets travel through several servers. After packets reaching the destination, the
destination server checks whether all the packets are reached or not. After confirming that all packets re reached,
the destination server reassembles the packets to form complete message
depending on the packet’s serial numbers.
Based on this, FBI developed “Packet
Sniffer” system that evaluates data flowing through network to determine
whether it is part of E-mail message or some piece of Web Traffic.
FBI connects the Carnivore installed
computer to ISP server. This computer compares every packet that
travels through the server with the filter that is settled in it and stores if
any packet is matched. While performing
this process, it does not disturb the Internet Traffic.
TYPES
OF MODES :
For collecting information
Carnivore uses two types of methods, those are,
·
Pen Mode
or Trap and Trace Mode
·
Full-collection Mode
We can set any
one the Mode depending our requirements.
Pen Mode or Trap and Trace Mode:
The pen mode or trap and trace mode almost
looks Caller Line Identification method (CLI), which is used in telephones.
Using this CLI, we can know the Caller number (calling person’s telephone
number).
In the same way, Carnivore
also finds from address the packet had come and to whom it was addressed etc.
Apart from these details it can also find
the IP addresses of the server and also the details of the other servers that
are participated in routing mails. Using
all this information we can find the details of the computers that are
participated in File Transfer Protocol (FTP) and Hyper Text Transfer Protocol
(HTTP) sessions. In general for scanning
the E-mails we use Pen Mode.
FULL-COLLECTION MODE:
Apart
from the single word filtering method, Carnivore provides some more
methods. According to our needs we can
set the Filtering Method, which we want.
Following are the Filtering
Methods that are available in Carnivore:
1.
Fixed IP Filtering
2.
Dynamic IP Filtering
3. Protocol Filtering
4.
Fixed IP Filtering
5.
Text Filtering
6.
Port Filtering
7.
E-mail Address Filtering
1.
Fixed IP Filtering :
Fixed IP Filtering is the
simplest of all Filtering Methods. We
know that in Internet every server has an IP Address from 0.0.0.0 to
255.255.255.255. Giving an IP Address or
a range of IP Addresses to Carnivore we can scan the outgoing as well an
incoming data of those servers. It is
impossible to scan all the Internet Traffic that runs in crores each day. So in general, FBI gives the suspected IP
Addresses and tries to scan the information that runs through it. In general, FBI follows this method giving a
range to the server.
2.
Dynamic IP Filtering:
Today most of the computers are following
Dynamic IP Addressing system. Hence
using Fixed IP Filtering is not useful, so for this situation Dynamic IP
Filtering is used. In this method, we
have to give the Media Access Code (MAC) of the computer from which we are
getting the information or E-mail user name and the range of IP Addresses to
find the information.
3. Protocol Filtering:
In Internet, we are using different types
of protocols for data transmission.
Using this Protocol Filtering method, Carnivore finds the information
that is related to a particular Protocol.
We can get the information that uses UDP or ICMP depending on some IP
Addresses in Full-collection mode or Pen mode.
4. Text Filtering:
In this method, Carnivore filters the
packets using the specified text string.
For example, if we have a doubt about a customer then setting his user
name as text string, we can save a part or complete conversation or
Addresses. In the same way giving some
doubtful works to text string we can filter the packets that contain these
words.
5. Port Filtering:
Depending on several protocols, every
server contains a port number to transmit the data. These Port Numbers are same in all
computers. When we send the E-mail
through the Internet Account we set the port number 25 to the Outgoing mail
(SMTP), 110 to the Incoming mail (PoP3).
These port numbers are implicitly taken by the system. In the same way, HTTP has 80 as port number,
SLC has 995 as port numbers. Depending
on the IP Address of a server, this method scans only the data that travels
through a particular port without considering the data that travels through
other ports of the server.
6. E-mail Address Filtering :
If we have doubt that any suspected
information is transmitting through a particular E-mail address, then giving
this E-mail address to the Carnivore, we can record all SMTP and PoP3
information.
Like this, using the Carnivore FBI is able
to get any information in Internet.
Since this small application gives a wide authority to the FBI on the
Internet, people as well as organizations are afraid and are protesting against
the Carnivore.
HOW CARNIVORE WORKS ?
FBI needs ISP’s help to implement the
Carnivore. Data is trapped from a Hub or
Switch that is used to connect the server to the server to the Internet. For this they use a special Instrument called
“Ethernet Tap”. Ethernet Tap is
connected to the telephoneline which brings the data to the ISP’s Hub. Other port of the Ethernet Tap is connected
to the Hub. Data transmits between these
two ports as normal as it transmits through the cable. If, we call these two ports as A and B, then
data transmits from A to B and B to A as it transmits through the general
cables. There are some arrangements at
ports A and B to copy the data and send them to the Carnivore system. It copies the data that transmit from port A
to port B at port A
and from port B to port A at port B and send the data to another two new
ports. These two new ports can only
receive the data but could not send out the data. These type of ports are called
“READ-ONLY-TAPS”.
In this way, data that is read at
read-only-taps reaches the computer that is arranged at the ISP’s office by the
FBI. It is nothing but a general
computer that is available in the market.
It does not consist any special features. It also do not consist any Hard Disk, Floppy
Drive, Ports, Monitor and Keyboards ext.,.
This computer consists only a small box, in this Box there is a 2GB Jazz
Drive to store the collected data.
Required data is stored in to Jazz Disk that is fixed in Jazz
Drive. Tapndis Driver Software which is
installed in the computer filters the data that comes through the Taps and
stores in the Jazz Disk is fixed at back of the panes which has special key. With this key only we can place the Disk in
Drivers and remove from the Drivers.
This computer is connected to the computer
that is located that is located at FBI’s Office through the telephone
line. For connecting these two they
cannot use ISP modem. They use a
separate modem. As the TCP/IP stock is not
present in the system, this prevents others from accessing this computer. The computer, which has a specified key, can
only access this computer. Hardware
Authentication instrument is fixed to the computer so that even ISP employees
cannot be able to access and make changes opening it. FBI replaces the Jazz disk every day.
In this way, the computer, which is in the
ISP office, is connected to the computer that is located in FBI’s office to the
separate line. The computer, which is in
the FBI’s office, can only control the work of the computer that is in the
ISP’s office. In this computer they
install the software, carnivore.exe. . It is Graphical User Interface
software. It works as frontend system to
pass parameters that are related to required data by the users (FBI
agents). With the help of TAP API
driver, this computer controls the software that is installed in the computer
that is located in ISP’s office. But,
the TAP NDIS driver can filter the data completely. They control this computer completely from
the FBI’s office.
IS
IT NEW TECHNOLOGY ?
In fact Carnivore is not a
new technology. These types of several
sniffers are available in the market.
The technology base behind the claim that Carnivore can only intercept
particular E-mail and other legally permissible Internet stuff is corroborated
by a system named Etherpeek, developed by a US company A.G.Group Inc., a
provider of network management software.
Etherpeek is a 32-bit Ethernet
packet-level network traffic and protocol analyzer designed to make the complex
task of trouble- shooting and debugging Mixed-platform, Multi-protocol
networking easy. By monitoring
filtering, decoding and displaying packet data, Etherpeek can pinpoint protocol
errors and detect network problems such as unauthorized nodes and unreachable
devices.
Etherpeek shares it’s job with
another application called etherhelp, that works, as per A.G.Group, “by
capturing all network traffic, or a specified portion of that traffic in the
form of packets.”
Packets captured are not displayed in
Etherhelp, but can be saved in a file, which can be forwarded to concerned
personnel for analysis. Beyond the
ability to capture packets, Etherhelp borrows two other features from
Etherpeek. Triggers and Filters allow a
user to limit the packet captured to those that meet specified criteria,
Triggers allow Etherhelp to stay poised for capture until a specific type of
packet is present, where upon capture begins the Carnivore system appeared to
work on similar lines.
ANTIVORE :
As expected, some software firms and
service providers have come up with packages what may be called antidote to
Carnivore. These companies offer ways to
secure corporate data. ChainMail Inc., a
small-up software firm in Virginia, US, has developed a software program
christened Antivore, claimed to be an antidote to Carnivore. The antivore software, the formal name of
which is Mithril Sacure Server, can be downloaded over the Net and be used to
encrypt users E-mail messages.
“Government agencies have a history of misusing the power they have been
given,” said Rick Gordon, President and CEO of ChainMail.
“Carnivore is the biggest step that the US
has taken towards big brother and we are determined to defeat it”. Other sides like Hushmail.com. Anonymizer.com
are also offering services that would protect the Net traffic.
Meanwhile, the US Justice Department plans
to hire and give “total access” to a major university for an independent
analysis of the Carnivore E-mail surveillance system. Many industry watchers, however, question why
can’t the FBI and the American administration stop companies developing
encryption items that will hinder the smooth functioning of the FBI’s
investigative tool.
CONTROVERSIES ABOUT
CARNIVORE :
The
first news of the existence of Carnivore came into the media glare in April
2000,during the US congressional testimony by Washington lawyer Robert
Corn-revere, who represented an Internet service provider who tried to resist
attachment of the system. Under the
freedom of information act, the electronic privacy information center
registered a case against the Carnivore.
In various forums over the last few months
the FBI tried to appease the public at large by explaining the operational
mechanisms of the Carnivore system, but civil liberty groups and some software
companies are not treating the agency at face value.
The FBI acknowledges that the surveillance
tool is a version of a commercial windows 2000 application that has been
customized to Internet and view only the E-mail, web browsing activity or other
Internet traffic of a suspect. The
system needs to be attached to the ISP’s server for making the electronic
reconnaissance works. According to the
FBI’s definition of Carnivore, the new system abides by the cardinal principles
of the Internet functioning.
As for the FBI’s definition the Carnivore
software provides the agency with a “surgical” ability to intercept and collect
the communications that are the subject of the lawful order while ignoring
those communicationswhich they are not authorized to intercept. This tool, as the FBI claims, is necessary to
meet the stringent requirements of the US Federal Wiretapping Statures.
FBI officials argue that the Carnivore
system has become necessary because some smaller ISP’s do not have the
capability to provide the data that law enforcement bodies need quickly. They claim that even though grabbing standard
electronic mails is relatively simple, newer web-based methods often offer
challenge that only Carnivore can meet.
The innocuous characters and attributes of
Carnivore, projected by the FBI, have few takers. Various civil liberty groups are raising
doubts about the entire modus operandi of the investigative tool. They say long cherished right to privacy will
be grossly infringed upon by this “scientific conceit”. The agency can go beyond the confessed
functionality of Carnivore.
It can intercept all the streams of net
traffic even of non-target people, out of some “other “ expediency. And as the FBI has not explained the exact
functional mechanism the electronic surveillance system, people ambivalence refuses
to subside.
According to civil liberty groups
arguments, Carnivore’s job is made difficult by the fact that it must be at
least somewhat general-purpose in it’s design.
It must be able to be configuring to operate reliably on a variety of ISP
networks under a large range of operational conditions.
“The bad news is that it’s a black box the
government wants to insert into the premises of an Internet ISP. Nobody knows what it dies,” said James
Dempsey, an analyst with theWashington based
Centre for Democracy and
Technology. “Such a system could be used
to track dissidents and journalists online,” said Washington lawyer Robert
Corn-Revere.
“Carnivore is the online equipment of a
telephone wire, but its capability to snoop is much more pervasive,” said
Stephen scatchell, consultant, Internet performance and security issues. “E-mail line corresponds to individuals on
the Internet. Carnivore actually scans
every data packet from party that uses the ISP.
Privacy advocates are concerned that law enforcement agencies could
easily abuse this system to spy on people who are not covered by the warrant”,
he added.
CONCLUSION :
Security, of course, is a multi-faceted
issue. Like Anup Verma, CEO of BPL.com,
opines: “privacy of an individual is important”. ISPs since they host the mail server can
technically look at all
E-mails that their
subscribers receive. We think ISPs must
have an open, auditable process such that nobody even in the ISP’s organization
can read and E-mail of its subscribers.
“However, adds Verma, “For national security, based on a clear
authorization, such tapping should be allowed just as achieved and we are
confident that we will soon see foolproof and balanced technical solutions for
the same.”
