The Pentagon’s big internet mystery has been partially solved

Boston (AP) — On the day President Joe Biden swore, something very strange happened on the Internet. A mysterious company living in a shared workspace on a bank in Florida has announced to the world’s computer network that it manages what is now huge and previously idle. The US Department of Defense-owned Internet Chunk.

Since then, the property has more than quadrupled to 175 million addresses. This is about half the size of the current Internet.

It’s huge. This is the largest in the history of the Internet, “said Doug Madley, Internet Analysis Director at Kentic, a network operator. It’s also more than twice the size of the internet space the Pentagon actually uses.

After weeks of wonder by the networking community, the Pentagon has now provided a very brief explanation of what it is doing. However, it doesn’t answer many basic questions, such as why it left address space management to a company that didn’t seem to exist until September.

The military wants to “evaluate, evaluate, and prevent fraudulent use of the Pentagon’s IP address space,” according to a statement released Friday by Pentagon Secretary Brett Goldstein. Defense Digital Services, The project is running. We also want to “identify potential vulnerabilities” as part of our efforts to protect against cyber intrusions by global attackers who constantly invade US networks and sometimes operate from unused Internet address blocks. I’m out.

The statement did not specify whether the “pilot project” would include external contractors.

Since 2011, the Pentagon has been regularly competing with fraudulent crouching in the space, partly due to the lack of first-generation internet addresses. They are currently auctioned for over $ 25 each.

Advertising the address space will make it easier to get rid of squatters and allow the U.S. military to “collect large amounts of background Internet traffic for threat intelligence,” Madley said. ..

Some cybersecurity experts speculate that the Pentagon may be using the newly advertised space to create a “honeypot,” a machine with vulnerabilities to attract hackers. I am. Alternatively, you may be considering setting up a dedicated infrastructure (software and servers) to scrutinize traffic for suspicious activity.

“This will significantly increase the space we can monitor,” said Madley, who published a blog post on Saturday.

A Pentagon spokesman couldn’t explain on Saturday why the Pentagon chose Global Resource Systems LLC, a company with no record of contracts with the government, to manage its address space.

“Why did the Pentagon, like you, wonder why I was a little wondering,” said Paul Vixie, an internet pioneer who was recognized for the design of the naming system and the CEO of Farsight Security.

The company did not return calls or emails from the Associated Press. I have the domain, but I don’t have a web presence. The name didn’t appear at the Florida Plantation address, and the receptionist drew a blank when an AP reporter asked for a company representative in the office earlier this month. She found the name in the tenant list and suggested trying the email. Records show that the company does not have a business license on the plantation.

Built into Delaware and registered by Beverly Hills lawyers, Global Resource Systems LLC currently manages more Internet space than China Telecom, AT & T, or Comcast.

The only name associated with it in Florida’s business registry matches the name of a man listed in 2018 in Nevada’s corporate records as an administrative member of a cybersecurity / internet surveillance equipment company called Packet Forensics. I will. The company has published nearly $ 40 million in federal contracts over the past decade, including customers of the FBI and the Defense Advanced Research Projects Agency of the Department of Defense.

The man, Raymond Saulino, is also listed as a principal of a company called Tidewater Laskin Associates, which was founded in 2018 and obtained an FCC license in April 2020. Shares the same Virginia Beach address (UPS Store) in Virginia. Corporate record as packet forensics. The two have different mailbox numbers. Calls to numbers listed in the Tidewater Laskin FCC filing offer four different options, but with an automated service that does not connect the caller to one option and recycles all calls to the first voice recording. You will be answered.

Saulino didn’t call for comment, and Packet Forensics longtime colleague Rodney Joffe said he believed Saulino had retired. Cybersecurity celebrity Joffe declined to comment further. Joffe is Neustar Inc, which provides Internet intelligence and services to key industries such as telecommunications and defense. Chief Technology Officer.

In 2011, Packet Forensics and its spokesman Saulino Wired The company sold appliances to government and law enforcement agencies, so it was possible to use forged security certificates to spy on people’s web browsing.

According to the company’s website, the company continues to sell “lawful intercept” equipment. One of the current contracts with the Defense Advanced Research Projects Agency is to “use autonomy to counter cyber attack systems.” The contract states that it is investigating “technology for conducting safe, non-stop, effective active defense operations in cyberspace.” According to the 2019 contract wording, the program “explores the potential to create a secure and reliable autonomous software agency that can effectively combat malicious botnet implants and similar large-scale malware.” That is.

The name of Global Resource Systems deepens the mystery. This is the same as that of a company where independent internet fraud researcher Ron Guilmette states that he was sending email spam using the exact same internet routing identifier. It shut down over 10 years ago. The only difference is the type of company. This is a limited liability company. The other was a corporation. Both used the same address in a plantation on the outskirts of Fort Lauderdale.

“It’s very suspicious,” said Guilmet, who in 2006 sued the incarnation of the former global resource system for unfair business practices. Guilmet considers such a masquerade, known as slipstreaming, to be an unruly tactic in this situation. “If we wanted to take this more seriously, we wouldn’t have been able to use this suspicious name with Ray Saulino.”

Guilmet and Madley were warned about the mystery when network operators began inquiring about the mystery on the mailing list in mid-March. But almost everyone involved didn’t want to talk about it. Mike Reaver, who owns Hurricane Electric, an internet backbone company that handles address block traffic, did not return email or phone messages.

Despite the tightness of Internet addresses, the Pentagon that created the Internet showed no interest in selling any of its address space, and Pentagon spokesman Russell Gemaere was newly announced to AP on Saturday. He said none of the space was sold.

Associated Press writer Terry Spencer of Fort Lauderdale, Florida contributed to this report.

Posted on