- Moments before the inauguration, a Florida company began managing nearly 175 million Pentagon IP addresses.
- The Department of Defense said it is using the addresses to “identify vulnerabilities” in DoD space.
- Here are four possible explanations for the Pentagon’s decision, according to cybersecurity experts.
- See more stories on Insider’s business page.
A mysterious startup in Florida with no online presence or history with the government captured public attention this week after it was revealed that it was managing nearly 175 million of the Pentagon’s Internet Protocol addresses.
What’s more, the deal was announced about three minutes before former US president Donald Trump left office and it encompasses almost 6% of usable internet space.
It is largely unknown what the Pentagon is planning to do with the IP addresses, as well as why the government chose the unknown startup, Global Resource Systems LLC. Cybersecurity experts told Insider the Pentagon could be looking to do anything from lure in hackers and build up online government defenses to surveillance of US citizens and reconnaissance on foreign countries.
When contacted for comment, a government spokesperson pointed Insider to a Friday statement from the Pentagon’s chief of defense digital service, Brett Goldstein, who said federal officials are working to “assess, evaluate and prevent unauthorized use of DoD IP address space” and hopes to “identify potential vulnerabilities” in its fight to curb cyberattacks of US networks. The Pentagon confirmed that the government has maintained ownership of the internet addresses while Global Resource Systems LLC is managing them.
The Pentagon could be using the newly advertised internet space as a “honeypot”
Honeypots are spaces on the internet with obvious vulnerabilities that are designed to draw in hackers or other bad actors. Scott Schober, the CEO of cybersecurity firm Berkeley Varitronics Systems, told Insider an effective honeypot would allow the Department of Defense (DoD) to study hackers’ tactics and identify the vulnerabilities that they are targeting.
“This would allow the government to observe the hackers without any trace of surveillance in order to anticipate future moves,” Schober said.
The move would be particularly poignant in light of recent threats to the government’s system, including the SolarWinds hack.
While Schober and founder of cyber analytics company ExtraHop Jesse Rothstein agreed a honeypot is a likely explanation for the move, other cybersecurity experts expressed doubts regarding the theory.
Morgan Wright, the chief security officer of Sentinel One, said it could be difficult to set up the space for a honeypot, as it has been so heavily publicized that the IP addresses belong to the DoD. Similarly, Mike Hamilton, former CISO of Seattle and CISO of cybersecurity firm CI Security, told Insider the government wouldn’t need nearly that much space on the internet to set up a trap.
The government could be setting up a surveillance system to scour internet traffic
Hamilton told Insider that the Pentagon could be piloting software and servers to identify suspicious activity on the internet, whether from outside countries and hackers or internal internet chatter in the US.
About 175 million IP addresses could encompass the internet footprint of the entire US, according to Hamilton, who says the government could be practicing the scaling required to analyze large portions of US internet use. The data gathered could help prevent organized crime in the US – instances like the US Capitol siege, which first came together online.
While privacy laws deter internet surveillance, Hamilton said the involvement of a private company could create plausible deniability for the government. He pointed to similar internet surveillance in China and even the UK – which has been testing online surveillance technology for the past two years, logging and storing the web browsing history of every individual in the country.
“I can see that as an outcome because the alternative would be legislation making it okay for the NSA to surveill internally and nobody’s going to do that,” he said, calling the new company a “relic of the Trump administration.”
To date, the NSA’s “upstream” surveillance program allows the organization to search the international online activity of Americans, but it requires a type of warrant from a special court and does not aggregate and analyze entire data sets.
While Hamilton said the company could use BGP route injections (a process that allows outside sites to hijack a route) to collect data on US citizens, as well as foreign organizations, Rothstein told Insider he doesn’t see any evidence for BGP interception.
However, the government could easily scarf up extra data as the Pentagon’s IP addresses include significant addresses. Even though internet connections in residential areas, enterprise environments, and office spaces should be using private IP addresses under address allocations in RFC1918, many do not, according to Rothstein. He said some of the Pentagon’s IP prefixes could be in use by outside parties.
Many cybersecurity experts were optimistic that the government would be more focused on external traffic from other countries than collecting data from within the US.
The government could be preparing to launch a series of cyber attacks
The decision to activate the formerly dormant IP addresses could be a way for the US to keep up with other countries, including Russia, China, and North Korea, that use high level cyber intelligence.
The Pentagon has recently been making strides to protect its digital presence and compete with other countries in cyberspace. The government created the Defense Digital Service unit in 2015 to solve emergency problems and make technological advancements for the US military. The Pentagon’s IP address decision spawned from the DDS team that is characterized as a “SWAT team of nerds.”
Wright said the IP addresses could be used to provide foreign intelligence and launch surveillance attacks against other counties. For example, some Chinese companies use similar IP address numbering schemes for their internal networks, and there’s a chance some of their data could be directed to the US.
He said that cyberspace is the next frontier for warfare and the US is lagging behind.
“Unless we get better at defending cyberspace, we will continue to lose our national intelligence information,” Wright said. “We have a massive intelligence failure right now,” he said pointing to the recent SolarWinds hack.
Whether via launching surveillance attacks on other countries or improving its defense, the US needs to prioritize its cyberspace, Wright said.
The pilot program could help prevent attacks on the Pentagon’s IP addresses
Cybersecurity experts agreed the company would be able to identify large scale attacks and, as a result, develop strategies to better protect its system.
“When it comes down to it, it’s all about cybersecurity research,” Rothstein told Insider.
The company could identify worms on the internet, as well as distributed denial of service attacks (intentional disruptions to internet service, often referred to as DDoS attacks).
With the sheer amount of internet space that the company will be able to analyze, it would be able to come up with sophisticated defense mechanisms and generate a greater understanding of the kinds of vulnerabilities hackers and outside countries seek to exploit.