4 possible explanations for why a mysterious Florida company is managing a huge chunk of Pentagon internet addresses, according to cybersecurity experts

cyber attack hacker
  • Moments before the inauguration, a Florida company began managing nearly 175 million Pentagon IP addresses.
  • The Department of Defense said it is using the addresses to “identify vulnerabilities” in DoD space.
  • Here are four possible explanations for the Pentagon’s decision, according to cybersecurity experts.
  • See more stories on Insider’s business page.

A mysterious startup in Florida with no online presence or history with the government captured public attention this week after it was revealed that it was managing nearly 175 million of the Pentagon’s Internet Protocol addresses.

What’s more, the deal was announced about three minutes before former US president Donald Trump left office and it encompasses almost 6% of usable internet space.

It is largely unknown what the Pentagon is planning to do with the IP addresses, as well as why the government chose the unknown startup, Global Resource Systems LLC. Cybersecurity experts told Insider the Pentagon could be looking to do anything from lure in hackers and build up online government defenses to surveillance of US citizens and reconnaissance on foreign countries.

When contacted for comment, a government spokesperson pointed Insider to a Friday statement from the Pentagon’s chief of defense digital service, Brett Goldstein, who said federal officials are working to “assess, evaluate and prevent unauthorized use of DoD IP address space” and hopes to “identify potential vulnerabilities” in its fight to curb cyberattacks of US networks. The Pentagon confirmed that the government has maintained ownership of the internet addresses while Global Resource Systems LLC is managing them.

The Pentagon could be using the newly advertised internet space as a “honeypot”

Honeypots are spaces on the internet with obvious vulnerabilities that are designed to draw in hackers or other bad actors. Scott Schober, the CEO of cybersecurity firm Berkeley Varitronics Systems, told Insider an effective honeypot would allow the Department of Defense (DoD) to study hackers’ tactics and identify the vulnerabilities that they are targeting.

Read more: The Pentagon’s mysterious move to start using inactive internet space could help it see into the networks of big companies

“This would allow the government to observe the hackers without any trace of surveillance in order to anticipate future moves,” Schober said.

The move would be particularly poignant in light of recent threats to the government’s system, including the SolarWinds hack.

While Schober and founder of cyber analytics company ExtraHop Jesse Rothstein agreed a honeypot is a likely explanation for the move, other cybersecurity experts expressed doubts regarding the theory.

Morgan Wright, the chief security officer of Sentinel One, said it could be difficult to set up the space for a honeypot, as it has been so heavily publicized that the IP addresses belong to the DoD. Similarly, Mike Hamilton, former CISO of Seattle and CISO of cybersecurity firm CI Security, told Insider the government wouldn’t need nearly that much space on the internet to set up a trap.

The government could be setting up a surveillance system to scour internet traffic

Hamilton told Insider that the Pentagon could be piloting software and servers to identify suspicious activity on the internet, whether from outside countries and hackers or internal internet chatter in the US.

About 175 million IP addresses could encompass the internet footprint of the entire US, according to Hamilton, who says the government could be practicing the scaling required to analyze large portions of US internet use. The data gathered could help prevent organized crime in the US – instances like the US Capitol siege, which first came together online.

While privacy laws deter internet surveillance, Hamilton said the involvement of a private company could create plausible deniability for the government. He pointed to similar internet surveillance in China and even the UK – which has been testing online surveillance technology for the past two years, logging and storing the web browsing history of every individual in the country.

“I can see that as an outcome because the alternative would be legislation making it okay for the NSA to surveill internally and nobody’s going to do that,” he said, calling the new company a “relic of the Trump administration.”

To date, the NSA’s “upstream” surveillance program allows the organization to search the international online activity of Americans, but it requires a type of warrant from a special court and does not aggregate and analyze entire data sets.

While Hamilton said the company could use BGP route injections (a process that allows outside sites to hijack a route) to collect data on US citizens, as well as foreign organizations, Rothstein told Insider he doesn’t see any evidence for BGP interception.

However, the government could easily scarf up extra data as the Pentagon’s IP addresses include significant addresses. Even though internet connections in residential areas, enterprise environments, and office spaces should be using private IP addresses under address allocations in RFC1918, many do not, according to Rothstein. He said some of the Pentagon’s IP prefixes could be in use by outside parties.

Many cybersecurity experts were optimistic that the government would be more focused on external traffic from other countries than collecting data from within the US.

The government could be preparing to launch a series of cyber attacks

The decision to activate the formerly dormant IP addresses could be a way for the US to keep up with other countries, including Russia, China, and North Korea, that use high level cyber intelligence.

The Pentagon has recently been making strides to protect its digital presence and compete with other countries in cyberspace. The government created the Defense Digital Service unit in 2015 to solve emergency problems and make technological advancements for the US military. The Pentagon’s IP address decision spawned from the DDS team that is characterized as a “SWAT team of nerds.”

Wright said the IP addresses could be used to provide foreign intelligence and launch surveillance attacks against other counties. For example, some Chinese companies use similar IP address numbering schemes for their internal networks, and there’s a chance some of their data could be directed to the US.

He said that cyberspace is the next frontier for warfare and the US is lagging behind.

“Unless we get better at defending cyberspace, we will continue to lose our national intelligence information,” Wright said. “We have a massive intelligence failure right now,” he said pointing to the recent SolarWinds hack.

Whether via launching surveillance attacks on other countries or improving its defense, the US needs to prioritize its cyberspace, Wright said.

The pilot program could help prevent attacks on the Pentagon’s IP addresses

Cybersecurity experts agreed the company would be able to identify large scale attacks and, as a result, develop strategies to better protect its system.

“When it comes down to it, it’s all about cybersecurity research,” Rothstein told Insider.

The company could identify worms on the internet, as well as distributed denial of service attacks (intentional disruptions to internet service, often referred to as DDoS attacks).

With the sheer amount of internet space that the company will be able to analyze, it would be able to come up with sophisticated defense mechanisms and generate a greater understanding of the kinds of vulnerabilities hackers and outside countries seek to exploit.

Read the original article on Business Insider

Biden administration sets the stage for retaliation against Russia over SolarWinds, election interference: report

Biden
President Joe Biden

  • The Biden administration finished an intelligence report on alleged Russian meddling, Bloomberg reported.
  • The review could lead to retaliatory action against Russia over the SolarWinds hack and election interference, according to the report.
  • Last month, Biden announced sanctions against Russian officials over the treatment of Putin critic Alexei Navalny.
  • See more stories on Insider’s business page.

The Biden administration completed an intelligence review of alleged Russian meddling in the SolarWinds cybersecurity attack and interference in US elections, Bloomberg reported Wednesday.

The review could set the stage for possible retaliatory actions like enacting sanctions or expulsion of Russian intel officers in the US, three people familiar with the matter told Bloomberg.

Now that the intelligence review is complete, the US could respond by “singling out people close to Russian President Vladimir Putin as well as agencies linked to election interference,” Bloomberg reported.

In January, a joint US intelligence task force issued a rare initial public statement to the SolarWinds hack that it was “likely Russian in nature,” Insider’s Azmi Haroun reported.

Last month, a declassified report from the Office of the Director of National Intelligence said Russia was among the countries that authorized covert influence operations aimed at altering the outcome of the 2020 election, which ended up being unsuccessful, according to Insider’s Sonam Sheth.

Representatives from the White House did not immediately respond to Insider’s request for comment. A spokesperson for the State Department declined to comment.

White House Press Secretary Jen Psaki confirmed the review in a press briefing on January 21, saying it was intended “to hold Russia to account for its reckless and adversarial actions.”

“And to this end, the President is also issuing a tasking to the intelligence community for its full assessment of the SolarWinds cyber breach, Russian interference in the 2020 election, its use of chemical weapons against opposition leader Alexei Navalny, and the alleged bounties on US soldiers in Afghanistan,” Psaki said during the press briefing.

The news of the review comes after President Joe Biden announced sanctions against Russian officials last month over the arrest and alleged poisoning of Putin critic Alexei Navalny, but has not yet acted upon the other three areas Psaki mentioned in January.

Read the original article on Business Insider

Trump is threatening Iran and Biden says the Pentagon is stonewalling him on ‘many things’ with less than a month until inauguration

Trump
President Donald Trump gives a thumbs up towards supporters as he departs Trump National Golf Club on December 13, 2020 in Sterling, Virginia.

  • Lame duck presidents typically avoid doing anything too provocative in their last days, particularly regarding national security. But Donald Trump is anything but typical. 
  • Trump has issued new threats against Iran in the wake of a rocket attack on the US Embassy in Baghdad, which the US has blamed on Iranian-backed militias. 
  • Meanwhile, President-elect Joe Biden says he’s not receiving extensive briefings from the Pentagon.
  • It’s unclear whether Biden has been briefed on the situation with Iran, which he inherits in 27 days.
  • Visit Business Insider’s homepage for more stories.

President Donald Trump is leaving the White House in less than a month, but you wouldn’t know it from his behavior.

Beyond refusing to concede to President-elect Joe Biden, the president has continued to threaten Iran with military action and his administration has reportedly discussed potential responses to recent rocket attacks on the US Embassy in Baghdad thought to have been carried out by Iranian-backed militias. 

Meanwhile, Biden says he’s being stonewalled by the Pentagon and hasn’t been thoroughly briefed on a number of crucial issues. 

In the wake of the discovery of the massive, embarrassing SolarWinds hack, Trump has claimed that “everything is well under control.” Biden on Wednesday said he’s seen “no evidence” to back that up and suggested the department hasn’t been forthcoming with information on the hack. The president-elect said the Defense Department “won’t even brief us on many things.” The Pentagon pushed back on that assertion, describing it as “patently false” in a statement on Wednesday. 

It’s unclear if Biden has been briefed on the situation with Iran and any potential actions Trump might take. 

The Biden transition team did not offer a comment when contacted by Insider. 

Trump issued a grave warning to Iran during his final days in office

Donald Trump wildcard
US President Donald Trump looks on during a ceremony presenting the Presidential Medal of Freedom to wrestler Dan Gable in the Oval Office of the White House in Washington, DC on December 7, 2020.

Trump has been an inherently unorthodox president since the moment he was sworn-in, but his atypical approach to leadership has been especially stark since he lost the election to Biden.

Most lame duck presidents wouldn’t dream of threatening war or military action against an adversary – typically focusing on final policies for their legacy as their staffs begin updating their counterparts during the transition – but Trump has not shied away from it whatsoever. 

In mid-November, Trump reportedly asked top aides for potential military options against Iran in relation to its nuclear program, but was ultimately talked out of it by senior advisors who warned of the potential for sparking a broader conflict during his final days in office. Iran has violated the terms of the 2015 nuclear deal, which has steadily crumbled since Trump withdrew from it in May 2018. 

More recently, he’s lashed out at Iran over the attacks on the Baghdad embassy. 

“Our embassy in Baghdad got hit Sunday by several rockets. Three rockets failed to launch. Guess where they were from: IRAN,” Trump tweeted on Wednesday. “Now we hear chatter of additional attacks against Americans in Iraq. Some friendly health advice to Iran: If one American is killed, I will hold Iran responsible. Think it over.”

The attack damaged the embassy compound and killed at least one Iraqi civilian, per NPR.

“The Dec. 20, 2020, rocket attack on the green zone in Iraq was almost certainly conducted by an Iranian-backed rogue militia group,” Capt. Bill Urban, a spokesman for Central Command, said in a statement. He added that the 21-rocket attack was “clearly NOT intended to avoid casualties.”

Secretary of State Mike Pompeo explicitly blamed “Iran-backed militias.” The US is now considering closing the embassy in Iraq, Axios reported.

But Central Command chief Gen. Frank McKenzie earlier this week also told the Wall Street Journal that he doesn’t know “the degree to which Iran is complicit” in the incident. 

“We do not seek a war, and I don’t actually believe they seek one either,” McKenzie said.

Iran’s foreign minister Javad Zarif responded to Trump in a tweet, stating that the president had “recklessly” accused Iran of being behind the attack. “Trump will bear full responsibility for any adventurism on his way out,” Zarif said.

‘Trump is ending the year like he started it, trying to provoke a disastrous war’

Trump’s threats toward Iran after the rocket attack in Baghdad came nearly a year after he ordered a drone strike that killed the country’s top general, Qassem Soleimani, which pushed Washington and Tehran to the brink of war. The Soleimani assasination was partly inspired by a rocket attack in Iraq that killed an American contractor in late December 2019.

But tensions between the US and Iran had reached historic heights before that, largely due to Trump’s controversial decision to withdraw from the 2015 nuclear deal and re-impose sanctions as part of a “maximum pressure” campaign to hammer the Iranian economy.

In November, a top Iranian nuclear scientist was assassinated. Iran accused Israel of orchestrating the killing. Meanwhile, experts have suggested that the US was also involved, stating that the assassination was part of Trump’s desire to derail Biden’s ambitions of returning to the 2015 deal. Some analysts suspect Trump might take further actions to tie Biden’s hands.

“Friendly reminder before Trump does whatever crazy thing he’s about to do to Iran, this is all his fault,” Stephen Miles, executive director of Win Without War, tweeted on Wednesday. “He inherited a working diplomatic nuclear deal and thawing relations, blew that all up to try out ‘maximum pressure’ which predictably failed, and now here we are yet again.”

Derek Johnson, CEO of the anti-nuclear weapons group Global Zero, in a tweet said, “I see Trump is ending the year like he started it, trying to provoke a disastrous war with Iran.”

Read the original article on Business Insider