Millions of the Pentagon’s Dormant IP Addresses Sprang to Life, Just Minutes Before Trump Left Office

 

While the world was focused on President Donald Trump's departure on Jan. 20, an obscure Florida corporation quietly revealed a shocking development to the world's computer networks: it was now controlling a vast unused swath of the internet that had been owned by the US military for decades. 

What happened after that was even stranger when Global Resource Systems LLC, the company, continued to expand its zone of influence. It quickly claimed the Pentagon's 56 million IP addresses. After three months, the number had risen to nearly 175 million dollars. That's nearly 6% of a coveted traditional segment of the internet known as IPv4, where such vast pieces are worth billions of dollars on the open market. 

Telecommunications powerhouses of well-known names like AT&T, China Telecom, and Verizon dominate the largest swaths of the internet. Global Resource Systems, a company created only in September with no publicly known federal contracts and no apparent public-facing website, was now at the top of the list. 

On Friday, a receptionist at the shared workplace told a reporter that she couldn't give her any details about the company and asked her to leave. Global Resources Systems' control of Pentagon addresses was only revealed in the mysterious world of Border Gateway Protocol (BGP), the messaging system that instructs internet companies on how to channel traffic around the world. Messages started to arrive informing network administrators that IP addresses previously allocated to the Pentagon but inactive could now accept traffic if routed to Global Resource Systems. 

After the introduction of BGP in the 1980s, network administrators have been speculating about the most drastic change in IP address space allocation. The Defense Digital Service, an elite Pentagon agency that reports directly to the Secretary of Defense, is responsible for the transition. The DDS describes itself as a "SWAT team of nerds" associated with solving departmental emergency problems and doing groundbreaking work to enable significant technical advances for the military. 

The Pentagon's DDS, which was founded in 2015, has a Silicon Valley-style office. In recent years, it has worked on a variety of special initiatives, including designing biometric software to help service members distinguish between friendly and enemy forces on the battlefield and ensuring the encryption of emails Pentagon personnel exchanged with third parties about coronavirus vaccines. 

The DDS's director, Brett Goldstein, said in a statement that his unit had approved a "pilot effort" to publicize the Pentagon's IP room. According to Goldstein, “this pilot will analyze, evaluate, and prevent unauthorized use of DoD IP address space.” In addition, this pilot could reveal possible security flaws. 

The plan, according to Goldstein, is one of the Pentagon's many attempts to constantly improve the cyber posture and security in response to advanced persistent threats. “We're working together through the Department of Defense to ensure that any possible vulnerabilities are addressed,” he added.

The details of what the campaign is attempting to accomplish are still unknown. The Pentagon refused to answer a variety of questions about the project, including why Goldstein's unit used a little-known Florida company to carry out the pilot rather than having the Defense Department itself "announce" the addresses via BGP messages, which would have been a much more common method. 

The Global Resource Systems announcements, on the other hand, seem to have directed a flood of internet traffic toward Defense Department addresses. According to Madory's tracking, large-scale internet traffic movements started almost immediately after the IP addresses were announced on January 20. 

Russell Goemaere, a spokesman for the Defense Department, confirmed in a statement to The Washington Post that the Pentagon still owns all the IP address space and hadn’t sold any of it to a private party. 

Since the programme isn't public, a person familiar with the pilot effort agreed to speak on the condition of anonymity. He said it's critical for the Department of defense to have "visibility and accountability" into its various cyber tools, including IP addresses, and to maintain the addresses appropriately so they'll be available if and when the Pentagon needs them.


from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/3ezf97V

Comments