Carnivore

Carnivore
Carnivore is a “network diagnostic tool” created by the U.S. Federal Bureau of Investigation (FBI) to aid in crime investigations. It is software that acts as a network sniffer that listens to all the internet traffic like e-mail, web surfing, etc. in a particular local network. Then it will serve the data stream to interface and analyze or interpret the network traffic in various ways. The FBI typically installs carnivore in an ISP data center when investigating individual suspect such as terrorist, hackers and drug traffickers. Carnivore scans essentially all data flow through the network and saves the target data such as e-mail sent or received from a particular user name or all data sent to web site for a particular IP address to collect evidence for criminal case. Carnivore theoretically able to scan millions of e-mail per second as much as 6 gigabytes of data per hour

Carnivore's History
Carnivore was created in February 1997 under the name Omnivore which was originally proposed for a Sun Mircosystems Inc. Solaris x86 based computer. In June 1999 Omnivore was replaced by FBI’s Carnivore, which runs on Microsoft Crop. Windows NT based computers. Carnivore was first revealed in April 2000 when a legal representative of Atlanta based internet service provider (ISP) [|EarthLink Inc.] informed the House Judiciary Committee that the FBI was requiring the company to install the system on its network to accomplish court-order of surveillance of criminal suspects. But [|EarthLink] resisted the installation of the secretive system due to the performance problem on its network. [|EarthLink] determine Carnivore that it might capture customers’ e-mail, IP address or other traffic that violate other customer’s privacy.

The Process of Carnivore

 * 1) The FBI has a reasonable suspect that engaged in criminal activities and request a court order to inspection their online activities.
 * 2) The court grants the request for a full content- wiretap (which means that everything in the packet can be captured and used.) of the e-mail traffic only and issue an order.
 * 3) The FBI will then contact the suspect’s internet service provider (ISP) and requests a copy of the back up files of the suspect’s online activities.
 * 4) The FBI sets up a carnivore computer at the ISP to monitor the suspect’s activities.
 * 5) The FBI configures the Carnivore software with suspect’s IP address in order to capture packet form the particular location.
 * 6) Carnivore copies all the packets from the suspect’s system without interrupting the flow of the network traffic.
 * 7) Then they will go through a filter that keeps the e-mail packet. Based on the protocol, the program will determine what the packets contain.
 * 8) The e-mail packet will then save to the Jaz cartridge which is a 2 gigabyte removable driver that can be easily swapped out like floopy disk.
 * 9) The FBI agent will visit the ISP and swaps out the cartridge and retrieve it.
 * 10) The surveillance is valid for no more then one month without court extension. Once the FBI had completed the investigation, the system will be removed from the ISP.
 * 11) If the FBI collects enough evidence, they can use it as part of the case against the suspect.

It shows how the system identified which packet to store.

Work Cited

“Carnivore, Sniffers, And You” 2000 http://compnetworking.about.com/od/networksecurityprivacy/l/aa071900a.htm Heinz Tschabitscher. “ How Carnivore Email Surveillance Worked”. 2003 http://email.about.com/od/staysecureandprivate/a/carnivore.htm