Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Politech mailing list archives

FC: More on FBI demo of Carnivore -- and when it's used
From: Declan McCullagh <declan () well com>
Date: Thu, 26 Oct 2000 10:53:01 -0400
[I copied the FBI's Marcus Thomas on my original post (http://www.politechbot.com/p-01448.html) but have not heard back. He or the appropriate person at the agency is welcome to reply and I will distribute the comments unedited. --Declan] 

*******

Declan,
I was there for the presentation. There was a heated exchange between
Marcus and one ISP operator over whether or not the FBI would deploy
Carnivore without the ISP's agreement. Actually, heated is an
understatement, he called Marcus a "bald faced liar" (exact words).
If you use this, please keep my name confidential.
Thanks,
[snip]

********


Date: Tue, 24 Oct 2000 22:16:46 -0700
From: Troy Davis <troy () nack net>
To: Declan McCullagh <declan () well com>
Subject: Re: FC: FBI agent reportedly gives public demo of Carnivore

This sounds like every other packet sniffer available -- Ethereal,
Netboy, and Microsoft's NT resource kit one one come to mind.

If, as it appears (and as they claim, based on the email below), Carnivore
operates the same as any other traffic sniffer, the FBI's closed-source
policy doesn't provide any added protection against those trying to thwart
it.  Everyone who doesn't want to have their data read will use PGP.  I've
yet to see why the FBI needs its own sniffer application (let alone its
own closed-source sniffer).

Cheers,

Troy


**********


To: "'declan () well com'" <declan () well com>
Subject: Carnivores can sniff but they can't crack
Date: Wed, 25 Oct 2000 09:52:54 +0200

Declan,

I have one answer to the Carnivore ruckus: free and strong encryption.
By free I mean readily available PKI or single sided encryption without key escrow or backdoors.
By strong I mean, at the very least, 128bit key length but ultimately much stronger key lengths.
I continue to wonder why privacy advocates do not push the implementation of IPSec and S/MIME and demand wider adoption of SSL/HTTPS as urgent needs on the Internet.
Where is the general information campaign on this subject? Where are the articles exposing the weakness of the open HTTP mail session transmissions of Yahoo, MSN Hotmail and others? Why is the general public so in the dark on this subject and nothing is being done about it? Why is this e-mail readable to anyone on the wire?
With the introduction of Carnivore, the government has managed to draw attention and resources away from their biggest Internet fear and the general public's biggest Internet need: encryption. I believe they know it will not be easy to break strong encryption in (near) real time.
The good reasons for encryption (the first amendment, economic prosperity, individual privacy, and keeping a micromanaging government at bay) far outweigh the few and far between criminals that will use this technology for evil ends. Let us catch terrorists and criminals through other more appropriate means rather than through mass invasion of privacy.
Without free and strong encryption, not only will the privacy of America be compromised, but ultimately the economic effectiveness of American companies will be compromised.
I suppose that when Carnivore advances beyond sniffing it will have to be called Crackhead. Or can the American Internet community make Pipe-dream a more appropriate name? 

====
Please remove name and e-mail before any redistribution, thanks.

Regards,


[someone in a non-police government agency]

*********


Date: Wed, 25 Oct 2000 00:48:50 -0400 (EDT)
From: Charles Platt <cp () panix com>
To: Declan McCullagh <declan () well com>
Subject: Re: FC: FBI agent reportedly gives public demo of Carnivore

Anyone know if the accused Silicon Valley child molester, who made a deal
to avoid going to jail, has been helping with Carnivore 2.0? Supposedly he
promised to help develop tools to monitor pedophiles online.

The timing would fit.

********




-------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
  • FC: More on FBI demo of Carnivore -- and when it's used Declan McCullagh (Oct 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]