Red Hook

Red Hook (FBI)

A Department of Justice Audit Report from March 2006 described Red Hook as "a system to collect voice and data calls and then process and display the intercepted information in the absence of a CALEA solution." The redacted report can be found online at http://www.usdoj.gov/oig/reports/FBI/a0613/app8.htm

The Electronic Frontier Foundation has obtained documents regarding Red Hook and DSC-3000 through their FOIA Litigation on documents relating to electronic surveillance systems.

Wired Magazine published an article on these systems, citing the EFF documents, on August 29, 2007.

Carnivore (software)

Carnivore was a system implemented by the Federal Bureau of Investigation that was designed to monitor email and electronic communications. It used a customizable packet sniffer that can monitor all of a target user's Internet traffic. Carnivore was implemented in October 1997 and replaced in 2005 with improved commercial software such as NarusInsight.

Configuration

The Carnivore system was a Microsoft Windows-based workstation with packet-sniffing software and a removable disk drive. This computer must be physically installed at an Internet service provider (ISP) or other location where it can "sniff" traffic on a LAN segment to look for email messages in transit. The technology itself was not highly advanced — it used a standard packet sniffer and straightforward filtering. The critical components of the operation were the filtering criteria. To accurately match the appropriate subject, an elaborate content model was developed.

Placement

The Carnivore system could be installed on a system either through the cooperation of the system owner, or by use of a court order. Once in place, the system was restricted by U.S. Federal law[citation needed] to only monitor specific persons. Under the current regulations, publicly acknowledged government personnel are required to get a warrant or court order naming specific people or email addresses that may be monitored. When an email passes through that matches the filtering criteria mandated by the warrant, the message is logged along with information on the date, time, origin and destination. This logging was believed to be relayed in real time to the FBI. All other traffic would presumably be dropped without logging or capture.

Controversy

Several groups expressed concern regarding the implementation, usage, and possible abuses of Carnivore. In July 2000, the Electronic Frontier Foundation submitted a statement to the Subcommittee on the Constitution of the Committee on the Judiciary United States House of Representatives detailing the dangers of such a system. The Electronic Privacy Information Center also made several releases dealing with it.

The FBI countered these concerns with statements highlighting the target-able nature of Carnivore. Assistant FBI Director Donald Kerr was quoted as saying:

The Carnivore device works much like commercial "sniffers" and other network diagnostic tools used by ISPs every day, except that it provides the FBI with a unique ability to distinguish between communications which may be lawfully intercepted and those which may not. For example, if a court order provides for the lawful interception of one type of communication (e.g., e-mail), but excludes all other communications (e.g., online shopping) the Carnivore tool can be configured to intercept only those e-mails being transmitted either to or from the named subject. ... [it] is a very specialized network analyzer or "sniffer" which runs as an application program on a normal personal computer under the Microsoft Windows operating system. It works by "sniffing" the proper portions of network packets and copying and storing only those packets which match a finely defined filter set programmed in conformity with the court order.

This filter set can be extremely complex, and this provides the FBI with an ability to collect transmissions which comply with pen register court orders, trap & trace court orders, Title III interception orders, etc.... ...It is important to distinguish now what is meant by "sniffing." The problem of discriminating between users' messages on the Internet is a complex one. However, this is exactly what Carnivore does. It does NOT search through the contents of every message and collect those that contain certain key words like "bomb" or "drugs." It selects messages based on criteria expressly set out in the court order, for example, messages transmitted to or from a particular account or to or from a particular user.

After prolonged negative coverage in the press, the FBI changed the name of its system from "Carnivore" to the more benign-sounding "DCS1000." DCS is reported to stand for "Digital Collection System"; the system has the same functions as before. The Associated Press reported in mid-January 2005 that the FBI essentially abandoned the use of Carnivore in 2001, in favor of commercially available software, such as NarusInsight.

Computer and Internet Protocol Address Verifier

The Computer and Internet Protocol Address Verifier (CIPAV) is a data gathering tool that the United States Federal Bureau of Investigation (FBI) uses to track and gather location data on suspects under electronic surveillance. The software operates on the target computer much like spyware, whereas it is unknown to the operator that the software has been installed and is monitoring and reporting on their activities.

The CIPAV captures location-related information, such as: IP address, MAC address, open ports, running programs, operating system and installed application registration and version information, default web browser, and last visited URL.

Once that initial inventory is conducted, the CIPAV slips into the background and silently monitors all outbound communication, logging every IP address to which the computer connects, and time and date stamping each.

The CIPAV made headlines in July, 2007, when its use was exposed in open court during an investigation of a teen who had made bomb threats against his high school.

FBI sought approval to use CIPAV from United States Foreign Intelligence Surveillance Court in terrorism or spying investigations.

And never mind, as Wired also informed us, that the Bureau's "computer and internet protocol address verifier," or CIPAV, once called Magic Lantern, is a malicious piece of software, a virtual keystroke reader, that,

"gathers a wide range of information, including,

* the computer's IP address
*MAC address
*open ports
*the operating system type, version and serial number
*preferred internet browser and version
*the computer's registered owner and registered company name
*the current logged-in user name
*the last-visited URL"

Insidiously, the U.S. Ninth Circuit Court of Appeals ruled at the time, since the Bureau's malware doesn't capture the content of communications, it can be conducted without a wiretap warrant, because, as our judicial guardians opined, users have "no reasonable expectation of privacy" when using the internet.

And with the secret state clamoring for the broadest possible access to our data, its become a lucrative business for greedy, I mean patriotic, ISPs who charge premium prices for services rendered in the endless "War on Terror."