The Pentagon’s Great Internet Mystery Is Now Partially Solved | Business News

By Frank Bajak, AP . Technology Writer

BOSTON (Associated Press) – Something very strange happened on the Internet the day President Joe Biden was sworn in. A shadowy company residing in a coworking space above a bank in Florida announced to the World’s Computer Networks that it was now running a huge, previously dormant group much of the internet owned by the US Department of Defense.

That real estate has since more than quadrupled to 175 million addresses – about 1/25 of the size of the current internet.

it’s huge. “This is the biggest thing in the history of the Internet,” said Doug Madhuri, director of internet analysis at Kentik, the network operator. It’s also more than double the amount of internet actually used by the Pentagon.

After weeks of questioning by the network community, the Pentagon has now given a very succinct explanation of what it’s doing. But it didn’t answer many basic questions, starting with why it chose to entrust address space management to a company that didn’t seem to exist until September.

political cartoons

The Army hopes to “evaluate, assess and prevent unauthorized use of the Department of Defense’s IP address space,” said a statement released Friday by Brett Goldstein, chief of the Pentagon’s Defense Digital Service, which manages the project. It also hopes to “identify potential vulnerabilities” as part of efforts to defend against cyber intrusions by global adversaries, who constantly infiltrate US networks, sometimes operating from blocks of unused Internet addresses.

The statement did not specify whether the “pilot project” would include external contractors.

The Pentagon periodically deals with the unauthorized seizure of its space, in part because there has been a shortage of first-generation Internet addresses since 2011; They are now selling at auction for over $25 each.

Announcing the address space, Madhuri said, would make it easier to go after squatters and allow the US military to “collect a massive amount of Internet traffic in the background for threat intelligence.”

Some cybersecurity experts have speculated that the Pentagon may be using the newly declared space to create “slick spots,” machines set up with vulnerabilities to lure hackers. Or he might be looking to build a dedicated infrastructure — software and servers — to clean up traffic for suspicious activity.

“This greatly increases the area they can monitor,” said Madhuri, who posted a blog on the matter on Saturday.

What a Pentagon spokesperson could not explain on Saturday was why the Department of Defense chose Global Resource Systems LLC, a company with no record of government contracts, to manage the address space.

“As for why the Department of Defense does this, I’m a bit baffled, just like you,” said Paul Fixey, the Internet pioneer who is credited with designing the naming system and CEO of Farsight Security.

The company did not respond to phone calls or emails from The Associated Press. It does not have a web presence, although it does have the grscorp.com domain. Her name does not appear in her Plantation, Florida, residence directory, and the receptionist drew a blank when an Associated Press reporter asked for a company representative in the office earlier this month. She found her name in the list of tenants and suggested trying the email. Records show that the company did not obtain a license to operate at Plantation.

Founded in Delaware and registered by a Beverly Hills attorney, Global Resource Systems LLC now operates a larger online space than China Telecom, AT&T or Comcast.

The only name associated with it on the Florida business registry matches that of a man who was recently listed in 2018 in Nevada corporate records as a managing member of a cybersecurity/internet surveillance equipment company called Packet Forensics. The company has had nearly $40 million in publicly disclosed federal contracts over the past decade, with the FBI and the Pentagon’s Defense Advanced Research Projects Agency among its clients.

This man, Raymond Solino, is also listed as a principal at a company called Tidewater Laskin Associates, which was established in 2018 and received an FCC license in April 2020. It shares a Virginia Beach, Virginia address — a UPS store — on corporate records such as Packet Forensics. They both have different PO Box numbers. Calls to the number listed on the Tidewater Laskin FCC profile are answered by an automated service that offers four different options but does not bind callers to a single option, with all calls recycled back to the initial audio recording.

Saulino did not return calls for comment, and longtime colleague at Packet Forensics, Rodney Joffe, said he believed Saulino had retired. Joffe, a leading figure in the field of cybersecurity, declined to comment further. Jovi is the chief technical officer of Neustar Inc. , which provides Internet information and services to key industries, including telecommunications and defense.

In 2011, Packet Forensics and Saulino, its spokesperson, appeared in Wired’s story because the company was selling a device to government agencies and law enforcement that would allow them to spy on people’s web browsing using forged security certificates.

The company continues to sell “lawful intercept” equipment, according to its website. One of its current contracts with the Defense Advanced Research Projects Agency is to “harness autonomy to counter enemy cyber systems.” The contract description states that it is investigating “technologies for conducting safe, unobtrusive and efficient active defense operations in cyberspace”. Contract language from 2019 states that the program will “investigate the feasibility of creating secure and reliable independent software agencies that can effectively counter bot transplants and similar large-scale malware.”

Deepening the mystery is the name Global Resource Systems. It’s similar to a company that independent internet fraud researcher Ron Gilmett said was sending spam email using the same Internet routing ID. It was closed over a decade ago. All that differs is the type of company. This is a limited liability company. The other was a company. They both used the same street address in Plantation, a suburb of Fort Lauderdale.

“It’s very suspicious,” said Gilmett, who sued Global Resource Systems’ previous incarnation in 2006 of unfair trade practices. Guilmette such a disguise, known as sliding flow, is a tricky tactic in this situation. “If they wanted to be more serious about hiding this, they couldn’t have used Ray Saulino and that dubious name.”

Guilmette and Madory were alerted to the mystery when network operators began inquiring about it on an email list in mid-March. But almost everyone involved didn’t want to talk about it. Mike Lieber, who owns Hurricane Electric, the primary Internet company that handles data traffic, did not return emails or phone messages.

Despite the Internet’s address crisis, the Pentagon — which created the Internet — has shown no interest in selling any of its address space, and Defense Department spokesman Russell Guimery told The Associated Press on Saturday that none of the newly announced space has been sold. .

Associated Press writer Terry Spencer in Fort Lauderdale, Florida, contributed to this report.

Copyright 2021 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.