Carnivore (software)

From Wikipedia, the free encyclopedia
  (Redirected from Carnivore (FBI))
Jump to navigation Jump to search

Carnivore, later renamed DCS1000, was a system implemented by the Federal Bureau of Investigation (FBI) that was designed to monitor email and electronic communications. It used a customizable packet sniffer that could monitor all of a target user's Internet traffic. Carnivore was implemented in October 1997. By 2005 it had been replaced with improved commercial software.[1]


Carnivore grew out of an earlier FBI project called "Omnivore", which itself replaced an older undisclosed (at the time) surveillance tool migrated from the US Navy by FBI Director of Integrity and Compliance,[2] Patrick W. Kelley. In September 1998, the FBI's Data Intercept Technology Unit (DITU) in Quantico, Virginia, launched a project to migrate Omnivore from Sun's Solaris operating system to a Windows NT platform. This was done to facilitate the miniaturization of the system and support a wider range of personal computer (PC) equipment. The migration project was called "Phiple Troenix" and the resulting system was named "Carnivore."[3]


The Carnivore system was a Microsoft Windows-based workstation with packet-sniffing software and a removable Jaz disk drive.[4] This computer must be physically installed at an Internet service provider (ISP) or other location where it can "sniff" traffic on a LAN segment to look for email messages in transit. The technology itself was not highly advanced—it used a standard packet sniffer and straightforward filtering. No monitor or keyboard was present at the ISP. The critical components of the operation were the filtering criteria. Copies of every packet were made, and required filtering at a later time. To accurately match the appropriate subject, an elaborate content model was developed.[5] An independent technical review of Carnivore for the Justice Department was prepared in 2000.[6]


Several groups expressed concern regarding the implementation, usage, and possible abuses of Carnivore. In July 2000, the Electronic Frontier Foundation submitted a statement to the Subcommittee on the Constitution of the Committee on the Judiciary in the United States House of Representatives detailing the dangers of such a system.[7] The Electronic Privacy Information Center also made several releases dealing with it.[8]

The FBI countered these concerns with statements highlighting the target-able nature of Carnivore. Assistant FBI Director Donald Kerr was quoted as saying:

The Carnivore device works much like commercial "sniffers" and other network diagnostic tools used by ISPs every day, except that it provides the FBI with a unique ability to distinguish between communications which may be lawfully intercepted and those which may not. For example, if a court order provides for the lawful interception of one type of communication (e.g., e-mail), but excludes all other communications (e.g., online shopping) the Carnivore tool can be configured to intercept only those e-mails being transmitted either to or from the named subject.

... [it] is a very specialized network analyzer or "sniffer" which runs as an application program on a normal personal computer under the Microsoft Windows operating system. It works by "sniffing" the proper portions of network packets and copying and storing only those packets which match a finely defined filter set programmed in conformity with the court order. This filter set can be extremely complex, and this provides the FBI with an ability to collect transmissions which comply with pen register court orders, trap & trace court orders, Title III interception orders, etc....

...It is important to distinguish now what is meant by "sniffing." The problem of discriminating between users' messages on the Internet is a complex one. However, this is exactly what Carnivore does. It does NOT search through the contents of every message and collect those that contain certain key words like "bomb" or "drugs." It selects messages based on criteria expressly set out in the court order, for example, messages transmitted to or from a particular account or to or from a particular user.[9]

After prolonged negative coverage in the press, the FBI changed the name of its system from "Carnivore" to the more benign-sounding "DCS1000." DCS is reported to stand for "Digital Collection System"; the system has the same functions as before.


The Associated Press reported in mid-January 2005 that the FBI essentially abandoned the use of Carnivore in 2001, in favor of commercially available software, such as NarusInsight, a mass surveillance system.[1] A report in 2007 described the successor system as being located "inside an Internet provider's network at the junction point of a router or network switch" and capable of indiscriminately storing data flowing through the provider's network.[10]

See also[edit]

Other FBI cyber-assets:

  • COINTELPRO: a series of covert and illegal FBI projects aimed at surveilling, infiltrating, discrediting, and disrupting American political organizations
  • DWS-EDMS: an electronic FBI database; its full capabilities are classified but at a minimum, provides a searchable archive of intercepted electronic communications, including email sent over the Internet
  • DITU: an FBI unit responsible for intercepting telephone calls and e-mail messages
  • DCSNet: FBI's point-and-click surveillance system
  • Magic Lantern: FBI's keylogger

Similar projects:

  • ECHELON: NSA's worldwide digital interception program
  • Room 641A: NSA's interception program, started circa 2003, but first reported in 2006
  • Total Information Awareness: a mass detection program by the United States Defense Advanced Research Projects Agency (DARPA)



  1. ^ a b "FBI Ditches Carnivore Surveillance System". Associated Press. 2005-01-18. Archived from the original on 2006-08-22. Retrieved 2008-10-29.
  2. ^
  3. ^ EPIC Obtains First Set of FBI Carnivore Documents, October 12, 2000
  4. ^ "How Carnivore Email Surveillance Worked". Archived from the original on 2008-09-25. Retrieved 2021-02-22.CS1 maint: unfit URL (link)
  5. ^ Kevin Poulsen (October 4, 2000). "Carnivore Details Emerge". SecurityFocus.
  6. ^ Independent Technical Review of the Carnivore System, 8 December 2000
  7. ^ "EFF "Surveillance: Carnivore & Internet Surveillance" Archive". Archived from the original on October 12, 2007. Retrieved August 15, 2014.
  8. ^ Electronic Privacy Information Center: Carnivore FOIA Documents
  9. ^ "Internet and Data Interception Capabilities Developed by the FBI, Statement for the Record, U.S. House of Representatives, the Committee on the Judiciary, Subcommittee on the Constitution, 07/24/2000, Laboratory Division Assistant Director Dr. Donald M. Kerr".
  10. ^ "FBI turns to broad new wiretap method". CNET News. January 30, 2007.

External links[edit]