Minutes before the official end of President Donald Trump’s term, a young company based in Florida reportedly took control over a large chunk of internet space owned by the Pentagon.
Eight months later, it has been returned to the Department of Defense, The Washington Post reported Friday, but questions remain about the program.
The company at one point held 175 million IP addresses, controlling more of the internet than some of the world’s largest internet companies, including Comcast and AT&T.
The company was identified as Global Resource Systems LLC, headquartered in Plantation, Florida, Insider’s Kevin Shalvey reported in April. The company appeared to have been founded in the fall of last year, filing paperwork in Florida in October, and was incorporated in Delaware.
When news of the transfer of the internet space broke in April, the Department of Defense told the Associated Press it was being done to “assess, evaluate and prevent unauthorized use of DoD IP address space.”
But AP said officials could not answer why Global Resource Systems, a company that seemed to only be in existence for less than six months, was chosen to take over the space.
The Post reported Friday the 175 million IP addresses, a whopping 6% of the entire internet, were transferred back to the Pentagon this week.
A Pentagon spokesperson told the outlet that the cybersecurity program, started by the self-described “swat team of nerds” from the Defense Digital Service, had ended, and confirmed that the internet space was back under the control of the Department of Defense Information Network.
“The Defense Digital Service established a plan to launch the cybersecurity pilot and then transition control of the initiative to DoD partners,” Defense Department Spokesperson Russell Goemaere told The Post.
“Following the DDS pilot, shifting DoD Internet Protocol (IP) advertisement to DoD’s traditional operations and mature network security processes, maintains consistency across the DODIN. This allows for active management of the IP space and ensure the Department has the operational maneuver space necessary to maintain and improve DODIN resiliency,” the statement said.
Goemaere said the program was launched in the fall and that the timing of the transfer was “agnostic of administration change.”
The Pentagon did not give details about what exactly the program did or why that company was chosen. Global Resource Systems did not respond to requests for comment from Insider, The Post, or AP.
Your computer, like every device that connects to the internet, has an IP (Internet Protocol) address. It’s a series of numbers interspersed with decimal points (for example, “198.169.0.101”), and acts like a home address that identifies where other devices can find your computer.
Related Article Module: ‘What is my IP?’: Here’s what an IP address does, and how to find yours
Here’s everything to know about changing both your local and public IP addresses.
How to change your public IP address
No matter what kind of computer you have – Windows or Mac – it’s pretty easy to change your public IP address.
Your public IP address is usually set by your internet service provider (ISP), and you can’t choose it yourself. However, you can “coax” it to change in any of several different ways:
Change your network or location: Your public IP address will change based on where and how you connect to the internet. If you have a phone with LTE, for example, turning off Wi-Fi so it uses that LTE signal will compel it to use a different IP address. You can also connect to a different Wi-Fi network.
Reboot your internet modem: When you reboot the modem (turn it off, wait two to three minutes, then turn it back on) it’ll refresh all the IP addresses on the network.
Connect with a VPN: A VPN (Virtual Private Network) hides your public IP address, and connects you to a server in a different location with a different IP address. When you use a VPN, you don’t get to choose the IP address directly, but you can usually choose what geographic region you want to appear to come from, which will determine what IP addresses the VPN software will use to identify you.
If all else fails, contact your ISP and ask them to change your IP address. They might not be able to do it, but there’s no harm in asking.
How to change your local IP address in Windows
1. Click the Start button and then click “Settings.”
2. Click “Network & Internet.”
You can change your local IP address in Settings.
Dave Johnson/Insider
3. In the navigation pane on the left, click “Wi-Fi” and then click the name of your Wi-Fi network. If you’re connected with an Ethernet cable, select “Ethernet.”
Select your network to change the IP address.
Dave Johnson/Insider
4. On the details page for your Wi-Fi network, scroll down to the IP settings section and click “Edit.” With Ethernet, click “Properties.”
5. Finally, in the Edit IP settings dialog box, click “Automatic (DHCP)” and choose “Manual.” Then turn on IPv4 by swiping the button to the right and enter the details of the new IP address. Click “Save.”
Change the IP setting from automatic to manual.
Dave Johnson/Insider
How to change your local IP address on a Mac
1. In the Apple menu, click “System Preferences.”
2. Click “Network.”
Open the network settings in System Preferences.
Dave Johnson/Insider
3. In the pane on the left, select the network you’re connected to, and then click “Advanced” at the bottom right of the window.
After selecting your network, go to the Advanced settings.
Dave Johnson/Insider
4. Click the “TCP/IP” tab at the top.
5. In the Configure using IPv4 section, click “Using DHCP” and then choose “Manually.”
You need to switch from DHCP (which is the automatic mode) to select the IP address manually.
Dave Johnson/Insider
6. Finally, enter the details of the new IP address. Click “OK.”
How to change the local IP address on a mobile device
Like any internet-connected device, your phone has its own IP address. If you have a compelling reason to, you can change your IP address for your phone as well.
The company that is managing about 6% of usable internet space was identified as Global Resource Systems LLC. The 7-month old Florida company has no internet history or prior contracts with the government, but cybersecurity experts told Insider the startup may not what be it seems.
Four experts said the Pentagon is likely using the company’s lack of history as a shield for its plans and Global Resource Systems could be operating as a shell to hide a much larger organization.
The anonymity is likely key to the Pentagon’s plan
Cybersecurity experts say the mystery shrouding Global Resource Systems is not surprising.
The company has no real history, but the people behind the company undoubtedly have government connections, Morgan Wright, the chief security officer of SentinelOne, told Insider.
The name on the company’s incorporation documents, Raymond Saulino, matches the name of a managing member of the cybersecurity firm Packet Forensics, a company that has worked with the government before, according to the company’s legal filings. The company has had nearly $40 million in federal contracts over the past decade and currently sells lawful intercept equipment – a process that allows law enforcement agencies to selectively wiretap individuals via a court order.
A spokesperson for Packet Forensics did not respond to a request for comment from Insider.
The company also bears the same name as a firm that shut down over 10 years ago and was sending out email spam, internet-fraud researcher Ron Guilmette told The Washington Post. That company had the same office address and used the same internet routing identifier. The only difference between the two companies is that the newer one operates as a limited liability corporation.
Mike Hamilton, former CISO of Seattle and CISO of cybersecurity firm CI Security, told Insider the company’s anonymity provides an extra layer of protection for the government and makes it even easier to hide what the Pentagon is planning to do with its IP addresses.
“Global Resource Systems can function as an extension of the government without direct connection allowing them to monitor activities without the overwhelming presence of the Pentagon nor the scrutiny of public opinion,” Scott Schober, CEO of cybersecurity firm Berkeley Varitronics Systems, told Insider.
The company provides an extra layer of security for the Pentagon
The company also provides the government with plausible deniability, according to Hamilton. The government would be able to launch cyber attacks, obtain data, and create faulty gateways on the internet without having to take responsibility for the actions. The attacks could easily be attributed to mistakes by a new and unrecognized third-party company, according to Hamilton.
Global Resource Systems LLC provides a layer of disguise for the project, according to Wright. He told Insider if the company was recognizable it would be easy for hackers to avoid detection and the US government would tip its hand.
“If it’s obvious where the information is going it gives them an idea of what we’re looking for,” Wright said. “We don’t want to telegraph to them too early what it is we’re doing and how we’re looking at the problem.”
The mysterious company could be a shell for a bigger organization
Wirght and Hamilton agreed that the company’s anonymity was not only beneficial but that it was likely hiding a major company. They pointed out that the company would need significant telecommuting power in order to process information from nearly 175 million IP addresses – more than AT&T or Comcast.
“It would be like trying to eat an elephant,” Wright said. “Not many companies can do that.”
Hamilton said Google is one of few companies that could process that much information at the moment. A Google spokesperson did not respond to a request to questions about whether the company had any ties to Global Resource Systems.
In contrast, founder of cyber analytics company ExtraHop, Jesse Rothstein, told Insider that Global Resource Systems could still be building up its system and would not necessarily need tremendous telecommuting power for the formerly dormant addresses, though it would still need to have significant financial resources.
Despite the layer of confusion behind the Pentagon’s decision, most cybersecurity experts agree that the move to put the dormant addresses to use makes sense.
“I think any academic institution or research institution would love to be able to conduct that type of research on such a large scale,” Rothstein told Insider, “This block of IP addresses is very valuable, and I’m sure many countries would prefer the DoD relinquish it, but it’s better to do something with it and use it for research than nothing at all.”
What’s more, the deal was announced about three minutes before former US president Donald Trump left office and it encompasses almost 6% of usable internet space.
It is largely unknown what the Pentagon is planning to do with the IP addresses, as well as why the government chose the unknown startup, Global Resource Systems LLC. Cybersecurity experts told Insider the Pentagon could be looking to do anything from lure in hackers and build up online government defenses to surveillance of US citizens and reconnaissance on foreign countries.
When contacted for comment, a government spokesperson pointed Insider to a Friday statement from the Pentagon’s chief of defense digital service, Brett Goldstein, who said federal officials are working to “assess, evaluate and prevent unauthorized use of DoD IP address space” and hopes to “identify potential vulnerabilities” in its fight to curb cyberattacks of US networks. The Pentagon confirmed that the government has maintained ownership of the internet addresses while Global Resource Systems LLC is managing them.
The Pentagon could be using the newly advertised internet space as a “honeypot”
Honeypots are spaces on the internet with obvious vulnerabilities that are designed to draw in hackers or other bad actors. Scott Schober, the CEO of cybersecurity firm Berkeley Varitronics Systems, told Insider an effective honeypot would allow the Department of Defense (DoD) to study hackers’ tactics and identify the vulnerabilities that they are targeting.
“This would allow the government to observe the hackers without any trace of surveillance in order to anticipate future moves,” Schober said.
The move would be particularly poignant in light of recent threats to the government’s system, including the SolarWinds hack.
While Schober and founder of cyber analytics company ExtraHop Jesse Rothstein agreed a honeypot is a likely explanation for the move, other cybersecurity experts expressed doubts regarding the theory.
Morgan Wright, the chief security officer of Sentinel One, said it could be difficult to set up the space for a honeypot, as it has been so heavily publicized that the IP addresses belong to the DoD. Similarly, Mike Hamilton, former CISO of Seattle and CISO of cybersecurity firm CI Security, told Insider the government wouldn’t need nearly that much space on the internet to set up a trap.
The government could be setting up a surveillance system to scour internet traffic
Hamilton told Insider that the Pentagon could be piloting software and servers to identify suspicious activity on the internet, whether from outside countries and hackers or internal internet chatter in the US.
About 175 million IP addresses could encompass the internet footprint of the entire US, according to Hamilton, who says the government could be practicing the scaling required to analyze large portions of US internet use. The data gathered could help prevent organized crime in the US – instances like the US Capitol siege, which first came together online.
While privacy laws deter internet surveillance, Hamilton said the involvement of a private company could create plausible deniability for the government. He pointed to similar internet surveillance in China and even the UK – which has been testing online surveillance technology for the past two years, logging and storing the web browsing history of every individual in the country.
“I can see that as an outcome because the alternative would be legislation making it okay for the NSA to surveill internally and nobody’s going to do that,” he said, calling the new company a “relic of the Trump administration.”
To date, the NSA’s “upstream” surveillance program allows the organization to search the international online activity of Americans, but it requires a type of warrant from a special court and does not aggregate and analyze entire data sets.
While Hamilton said the company could use BGP route injections (a process that allows outside sites to hijack a route) to collect data on US citizens, as well as foreign organizations, Rothstein told Insider he doesn’t see any evidence for BGP interception.
However, the government could easily scarf up extra data as the Pentagon’s IP addresses include significant addresses. Even though internet connections in residential areas, enterprise environments, and office spaces should be using private IP addresses under address allocations in RFC1918, many do not, according to Rothstein. He said some of the Pentagon’s IP prefixes could be in use by outside parties.
Many cybersecurity experts were optimistic that the government would be more focused on external traffic from other countries than collecting data from within the US.
The government could be preparing to launch a series of cyber attacks
The decision to activate the formerly dormant IP addresses could be a way for the US to keep up with other countries, including Russia, China, and North Korea, that use high level cyber intelligence.
The Pentagon has recently been making strides to protect its digital presence and compete with other countries in cyberspace. The government created the Defense Digital Service unit in 2015 to solve emergency problems and make technological advancements for the US military. The Pentagon’s IP address decision spawned from the DDS team that is characterized as a “SWAT team of nerds.”
Wright said the IP addresses could be used to provide foreign intelligence and launch surveillance attacks against other counties. For example, some Chinese companies use similar IP address numbering schemes for their internal networks, and there’s a chance some of their data could be directed to the US.
He said that cyberspace is the next frontier for warfare and the US is lagging behind.
“Unless we get better at defending cyberspace, we will continue to lose our national intelligence information,” Wright said. “We have a massive intelligence failure right now,” he said pointing to the recent SolarWinds hack.
Whether via launching surveillance attacks on other countries or improving its defense, the US needs to prioritize its cyberspace, Wright said.
The pilot program could help prevent attacks on the Pentagon’s IP addresses
Cybersecurity experts agreed the company would be able to identify large scale attacks and, as a result, develop strategies to better protect its system.
“When it comes down to it, it’s all about cybersecurity research,” Rothstein told Insider.
The company could identify worms on the internet, as well as distributed denial of service attacks (intentional disruptions to internet service, often referred to as DDoS attacks).
With the sheer amount of internet space that the company will be able to analyze, it would be able to come up with sophisticated defense mechanisms and generate a greater understanding of the kinds of vulnerabilities hackers and outside countries seek to exploit.
A Domain Name System (DNS) server is a fundamental part of the backbone of the internet – without it, it would be impossible to use a web browser to find websites.
You can think of the DNS server as a phone book. When you ask your computer to load a website, the DNS server matches the website’s name with the right IP address. This lets your computer find and load it properly.
How does a DNS server work?
When you enter a URL, what you’re really doing is asking your computer to find and connect to another IP address. To do this, it uses a set of related servers, all of which form the DNS server:
The DNS recursive resolver
The root nameservers
The TLD nameservers
The authoritative nameservers
Here’s how it works.
All this happens in a matter of seconds – if your internet is very fast, or you’ve visited the website recently (see below for more information), it can happen in milliseconds.
Caching can avoid calling the DNS server
If you’re visiting a new website, your browser will go through the entire process outlined above. But if it did this for every single website, things could get slow – that’s why websites you’ve visited recently are stored in your web browser’s cache.
When you try to load a website, the DNS server will first check your cache to see if the IP address is already saved there. If it is, it’ll retrieve the IP address directly from the cache, which saves time.
Every browser has a cache, which stores files and images.
Dave Johnson/Business Insider
Each entry in the cache has a time limit associated with it, referred to as the TTL (time-to-live). The TTL for any IP address is generally about 48 hours, and once that passes, the IP address will disappear from your cache. This means that the DNS server will have to go through the whole recursive search process again.
Changing your DNS server
As a general rule, your web browser uses a standard, public DNS server, usually configured and maintained by your internet service provider.
Some advanced users manually change their DNS server, though. This can boost your internet speed and protect your privacy.
Changing your DNS can be done via your computer’s “Network” menu, in the Settings app. If you’re looking for a new DNS, you can try the Google Public DNS or any number of other custom DNS servers.
Google operates its own DNS server, which you can connect your computer to for free.
