Information Security News
mailing list archives
Anti-Attack Feds Push Carnivore
From: InfoSec News <isn () c4i org>
Date: Thu, 13 Sep 2001 00:48:43 -0500 (CDT)
By Declan McCullagh
2:00 a.m. Sep. 12, 2001 PDT
WASHINGTON -- Federal police are reportedly increasing Internet
surveillance after Tuesday's deadly attacks on the World Trade Center
and the Pentagon.
Just hours after three airplanes smashed into the buildings in what
some U.S. legislators have dubbed a second Pearl Harbor, FBI agents
began to visit Web-based, e-mail firms and network providers,
according to engineers at those companies who spoke on condition of
An administrator at one major network service provider said that FBI
agents showed up at his workplace on Tuesday "with a couple of
Carnivores, requesting permission to place them in our core, along
with offers to actually pay for circuits and costs."
The person declined to say for publication what the provider's
response was, "but a lot of people" at other firms were quietly going
along with the FBI's request. "I know that they are getting a lot of
'OKs' because they made it a point to mention that they would only be
covering our core for a few days, while their 'main boxes were being
set up at the Tier 1 carriers' -- scary," the engineer said.
The FBI's controversial Carnivore spy system, which has been renamed
DCS1000, is a specially configured Windows computer designed to sit on
an Internet provider's network and monitor electronic
communications. To retrieve the stored data, an agent stops by to pick
up a removable hard drive with the information that the Carnivore
system was configured to record.
Microsoft's Hotmail service has also been the target of increased
federal attention, according to an engineer who works there.
"Hotmail officials have been receiving calls from the San Francisco
FBI office since mid-(Tuesday) morning and are cooperating with their
expedited requests for information about a few specific accounts," the
person said. "Most of the account names start with the word 'Allah'
and contain messages in Arabic."
By Tuesday evening, nearly 12 hours after the twin attacks that
crippled Manhattan and left Washington deserted by mid-afternoon, it
was unclear who was responsible. The Washington Post, citing anonymous
government sources, reported that former Saudi businessman Osama bin
Laden appears to be the prime suspect.
In February, U.S. officials claimed that bin Laden had turned to
data-hiding steganography software to conceal communications with his
operatives by means of public websites.
In Washington, use of data-scrambling encryption software is also
frequently mentioned in conjunction with terrorists. "Uncrackable
encryption is allowing terrorists Hamas, Hezbollah, al-Qaida and
others to communicate about their criminal intentions without fear of
outside intrusion," then-FBI Director Louis Freeh told a Senate panel
last year. "They're thwarting the efforts of law enforcement to
detect, prevent and investigate illegal activities."
Those comments, and the prospect of congressional reaction to
Tuesday's terrorist attacks, have prompted some civil libertarians to
fret about possible domestic regulation of encryption products.
A few years ago, one House committee approved a bill that would have
banned any encryption product without a back door entrance for the
federal government. By Tuesday afternoon, at least one NBC affiliate
had interviewed defense expert Jim Dunnigan, who warned that "PGP and
Internet encryption" would be blamed for the attacks.
"Those of us who value our liberty, even in the face of danger, will
need to be vigilant in the days to come," says Thomas Leavitt, an
online activist who co-founded Webcom.
Other civil libertarians say it's a mistake to believe that the
U.S. government will overreact to Tuesday's disasters. Marc Rotenberg
of the Electronic Privacy Information Center said he believes that the
better approach is to argue that the U.S. must not allow a terrorist
attack on our form of open government to succeed.
It's too early to tell whether he's right or not, but by late Tuesday,
operators of anonymous remailers were already so worried about being
conduits for terrorist communications -- or being blamed for the
communications, rightly or wrongly -- that they pulled the plug.
Operator Len Sassaman said in a post to a remailer-operators list: "I
don't want to get caught in the middle of this. I'm sorry. I'm
currently unemployed and don't have the resources to defend myself. At
this point in time, a free-speech argument will not gain much sympathy
with the Feds, judges and general public."
Remailers forward messages but remove the originating information, so
that the resulting e-mail is anonymized. They customarily don't keep
logs, so if the system works as designed, it should be nearly
impossible for anyone to find who sent the message.
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
- Anti-Attack Feds Push Carnivore InfoSec News (Sep 13)