Home  |   Website Portfolio  |   Internet Marketing  |  Writer Portfolio  |  Contact

 

Cloaking Technology: the Web’s Equivalent of the Stealth Bomber

Part II Email and Online Privacy

-Dyanna Culp

We need protection from the nuisance Spam messages that overload and crash our systems, the growing multitude of hackers, and the FBI’s Carnivore surveillance system on the loose. Privacy advocates are in an uproar these days and tools to cloak our presence such as Encryption, Remailers, Alias addresses, along with a paranoid personality are critical for those looking to protect their privacy online. It’s looking more and more like George Orwell’s 1984.

 

Identity Theft Online

Every time we visit a Web site, we unknowingly leave behind pieces of information about ourselves. Data gathering (or data mining) is a billion dollar business, with despicable firms such as American Data Link, A1-Trace USA, 1-800 U.S. Search, Dig Dirt, and Discreet Data Systems pooling what they know about us. A social security number can get you addresses and phone numbers for up to the past ten years along with a host of other bits of very personal data. And it is not illegal for these folks to sell our personal information. Federal and state agencies lead the way by selling motor vehicle records, voter registration files, etc. to information resellers. “Increasingly, the personal data that identity thieves are after can be discovered online”  -Beth Givens, director of the Consumer Group Privacy Rights Clearinghouse.

We may not be able to do anything about the apparent lack of security (otherwise how would all of this online identity theft be occurring?) surrounding our medical files, credit card data, credit reports… But we can take steps to cover our personal tracks through the online snow. Install Anonymizer at http://www.onlineprivacystore.com to cloak your IP address and prevent visited websites, hackers, and other undesirables from tracking you online. This is particularly vital if you’re stuck with a dial-up connection.  For additional privacy strategies visit the FTC Web site www.consumer.gov to learn how to prohibit companies from using your credit card records for direct marketing, remove your name from direct mailing and telemarketing lists, and a host of other items which you are sure to find quite irritating.

 

The FBI’s Carnivore / DCS1000

The FBI's email surveillance system known as "Carnivore” or DCS1000, in use since early 2000, was designed to monitor the email of criminal suspects. Armed with a court order the FBI installs Carnivore on a suspect’s ISP and controls it from a remote location where they can monitor and retrieve email messages. The FBI’s use of Carnivore has radically increased since the 9-11 terrorist attacks because Congress passed the Patriot Act. The intent of the Patriot Act was to improve law enforcement’s ability to monitor, track down, and prosecute both potential and actual terrorists. The sweeping powers granted apply to all investigations not just terrorists. The Patriot Act expands the FBI's wiretap powers, which includes intercepting Internet communications and the recently acquired ability to examine messages sent by cell phones and other handheld devices.

FBI email monitor warrants can now be obtained if intelligence gathering is only a "significant purpose," rather than the "primary purpose" and if the FBI feels monitoring is "relevant to an ongoing criminal investigation." The bottom line is that the FBI can now get a warrant to capture all of your Internet communications by showing that they might be relevant to their investigation of a case. The case does not have to involve terrorism. It does not have to directly involve you and they are not required to show probable cause that you have committed any crime. Your email data would be collected using Carnivore and Carnivore has no accountability.

Carnivore enables the FBI to perform fine tuned email searches, but also gives them the capability for broad sweeps. This gives them the potential to monitor all emails traveling though the ISP’s network.

Carnivore/DCS1000 is capable of:

  • Reading all ISP incoming and outgoing emails, including sender, recipient, message subject and body.
  • Monitoring web surfing and downloads of all ISP customers.
  • Monitoring or reading any instant messages, file transfers, web publishing, Telnet, newsgroup postings, online purchases, basically anything routed through the ISP.

Electronic freedom advocates suggest that non-Carnivore clones might satisfy the FBI if ISPs could provide the requested information about criminal suspects. Network Ice Inc. developed Altivore.c to give ISPs another option for complying with court orders without installing Carnivore.  Altivore.c, a free source code Internet sniffing program, came complete with inspectable source code. It used to be posted for free use on the Network Ice company website, BUT On June 6th, 2001, Internet Security Systems completed its acquisition of Network Ice— Altivore has disappeared from their website. The hard to find code is still available at the original developers (Robert Graham) personal Website http://www.robertgraham.com/altivore/altivore.c

Altivore contains the basic Carnivore features outlined in the FBI's solicitation for independent review of Carnivore. These basic capabilities are:

  • Monitoring suspect's email (both headers and full content).
  • Monitoring suspect's accesses to certain types of servers such as FTP and HTTP. 
  • Full "sniffing" of suspect IP address.
  • Discovery of suspect's current IP address through RADIUS logon.

Altivore is provided for programmers in source form only and requires extensive debugging. Programmer instructions for compiling exist within the source, but it is definitely not a supported product.

The FBI and the Justice Department maintain that strict oversight by the courts prevents Carnivore privacy abuses, but they have failed to assure electronic privacy activists that only legitimate uses take place.

Statements and Testimony on Carnivore/DCS1000 http://www.stopcarnivore.org/statetestimony.htm

Use the ACLU's Carnivore Alert tool to send a fax to Washington!!  http://www.aclu.org/action/carnivore107.html

 

Spamming

We all “know” what Spam is. Some people correlate Spam with “nuisance mail” but its big business and has brought many ISP system servers to their knees. Spammers scour the Web using software that looks for signs (such as @ or Mail to:) indicating an email address. If you want to keep your personal mailbox “clean: set up an account with one of the many websites now offering email services. Basically you’re using their Website for email, which is then delivered to your true email address or held, in a POP3 box. This “alias email” can be posted as your website email address and used for all non-critical correspondence- practically eliminating junk mail overload from your primary mailbox.

Spam protection programs may scan incoming messages, but they are not cloaking devices. To scan for incoming Spam PC World recommends the Spam Buster at http://www.contactplus.com

 

Privacy Protection Software & Tools 

How to hide your messages of love, lust, fury, business.. from those prying eyes?

Cloaking applications have been available for years, providing open source code to encrypt emails. Anonymous relays can also be used to hide the tracks of email correspondence. These features may be widely available, but they’re generally difficult or inconvenient, or both, which has discouraged their widespread use.

Learn how to check your ISP for Carnivore infection and, if infected, report it to an online monitor - http://www.stopcarnivore.org/howtostopit/fpisp.htm.

Encryption: Encryption is a useful tool to protect sensitive messages between individuals/ companies who send regular correspondence to one another. First you use your recipients' public keys. The recipient then decodes the encrypted message using their private keys. This can be an annoying task because you need your recipients' public keys first (and a mail program with encryption) in order to send messages.

Two Highly Rated Encryption Programs

Quanta Mail Encryption http://www.quantamail.com is an encryption program with an additional security step. It is designed to protect e-mail messages from programs like the FBI's Carnivore. Quanta Mail provides users with the ability to password protect an encrypted message. The email recipient must know the password to open the email, and then they still have to remove the encryption.  Quanta Mail service is compatible with, Outlook, Eudora, AOL, Hotmail and all other MIME compliant email programs.   Zero Knowledge, Inc. offers their Freedom software as a safeguard against the prying of Carnivore or any other potential privacy violations at http://www.freedom.net.

Centurion Soft  produces another highly rated encryption tool. It encrypts (encodes) and/or decrypts (decodes) email messages but must be used online at their website. They can also send encrypted messages. Centurion Soft is available for free use at http://mail.steganos.com/

Outlook, Netscape, and Eudora all support encryption, but you may not be able to open messages encrypted in a different mail program. So, you also need a third-party utility such as PGP– free download at http://web.mit.edu/network/pgp.html. Encryption is somewhat of a pain to implement.

Disappearing Email: This is an add-on to Microsoft Outlook which lets you set a time limit after which your email self destructs and becomes unreadable. Developed by Disappearing Inc., at http://www.disappearing.com, the program doesn't require your recipient to have a plug in or special software to read your message. Any html mail client, including browser-based email such as Hotmail, can read the email. When the message is opened it retrieves the decryption key from Disappearing's server (so you must have an online connection open) and the message is displayed in decrypted form.  But after the time limit specified by the sender, the decryption key is erased from Disappearing's server. Even if the recipient has stored the email on their hard drive they will not be able to decrypt it again after the time limit has elapsed.

Remailers: Strip off your name (and email address) and send emails anonymously to Usenet news groups, mailing lists, or anyone your heart desires without revealing your identity. The Anonymizer is a good one http://www.onlineprivacystore.com.

One final reminder that we all know but get slack about -Don't store your passwords on the computer, it’s like leaving your house key under the doormat. Write them down somewhere, anywhere you’ll remember—your secret diary, financial planner, copy of Interview With a Vampire.

Big brother is here, and yes he is watching us. Protect any sensitive private files on your hard drive though encryption, or remove and store on CDs, learn to travel the Internet and send emails without leaving any footsteps, check out your ISP for Carnivore infection, guard your personal data and private email address like your life depends upon it. Keep a low online profile and practice the strategy of war “Cloaking” to avoid being an easy target. Paranoid yet?

 

 

Home | Website Portfolio Marketing | Writers Portfolio |  Contact

Resources  |  IT-SEO-Marketing Articles  | CATS  | Science | Gardens   |  Birds

Copyright © 2008

DWM Tech