not a data breach but an interesting development with the pentagon and the internet
www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/By
Craig Timberg and Paul Sonne
April 24, 2021 at 8:19 a.m. EDT
While the world was distracted with President Donald Trump leaving office on Jan. 20, an obscure Florida company discreetly announced to the worldâs computer networks a startling development: It now was managing a huge unused swath of the Internet that, for several decades, had been owned by the U.S. military.
What happened next was stranger still.
The company, Global Resource Systems LLC, kept adding to its zone of control. Soon it had claimed 56 million IP addresses owned by the Pentagon. Three months later, the total was nearly 175 million. Thatâs almost 6 percent of a coveted traditional section of Internet real estate â called IPv4 â where such large chunks are worth billions of dollars on the open market.
The entities controlling the largest swaths of the Internet generally are telecommunications giants whose names are familiar: AT&T, China Telecom, Verizon. But now at the top of the list was Global Resource Systems â a company founded only in September that has no publicly reported federal contracts and no obvious public-facing website.
As listed in records, the companyâs address in Plantation, Fla., outside Fort Lauderdale, is a shared workspace in an office building that doesnât show Global Resource Systems on its lobby directory. A receptionist at the shared workspace said Friday that she could provide no information about the company and asked a reporter to leave. The company did not respond to requests for comment.
The only announcement of Global Resources Systemsâ management of Pentagon addresses happened in the obscure world of Border Gateway Protocol (BGP) â the messaging system that tells Internet companies how to route traffic across the world. There, messages began to arrive telling network administrators that IP addresses assigned to the Pentagon but long dormant could now accept traffic â but it should be routed to Global Resource Systems.
Network administrators began speculating about perhaps the most dramatic shift in IP address space allotment since BGP was introduced in the 1980s.
âThey are now announcing more address space than anything ever in the history of the Internet,â said Doug Madory, director of Internet analysis for Kentik, a network monitoring company, who was among those trying to figure out what was happening. He published a blog post on the mystery Saturday morning.
The long life of a quick âfixâ: Internet protocol from 1989 leaves data vulnerable to hijackers
The theories were many. Did someone at the Defense Department sell off part of the militaryâs vast collection of sought-after IP addresses as Trump left office? Had the Pentagon finally acted on demands to unload the billions of dollars worth of IP address space the military has been sitting on, largely unused, for decades?
An answer, of sorts, came Friday.
The change is the handiwork of an elite Pentagon unit known as the Defense Digital Service, which reports directly to the secretary of defense. The DDS bills itself as a âSWAT team of nerdsâ tasked with solving emergency problems for the department and conducting experimental work to make big technological leaps for the military.
Created in 2015, the DDS operates a Silicon Valley-like office within the Pentagon. It has carried out a range of special projects in recent years, from developing a biometric app to help service members identify friendly and enemy forces on the battlefield to ensuring the encryption of emails Pentagon staff were exchanging about coronavirus vaccines with external parties.
Brett Goldstein, the DDSâs director, said in a statement that his unit had authorized a âpilot effortâ publicizing the IP space owned by the Pentagon.
âThis pilot will assess, evaluate and prevent unauthorized use of DoD IP address space,â Goldstein said. âAdditionally, this pilot may identify potential vulnerabilities.â
Goldstein described the project as one of the Defense Departmentâs âmany efforts focused on continually improving our cyber posture and defense in response to advanced persistent threats. We are partnering throughout DoD to ensure potential vulnerabilities are mitigated.â
The specifics of what the effort is trying to achieve remain unclear. The Defense Department declined to answer a number of questions about the project, and Pentagon officials declined to say why Goldsteinâs unit had used a little-known Florida company to carry out the pilot effort rather than have the Defense Department itself âannounceâ the addresses through BGP messages â a far more routine approach.
What is clear, however, is the Global Resource Systems announcements directed a fire hose of Internet traffic toward the Defense Department addresses. Madory said his monitoring showed the broad movements of Internet traffic began immediately after the IP addresses were announced Jan. 20.
These hackers warned the Internet would become a security nightmare
Madory said such large amounts of data could provide several benefits for those in a position to collect and analyze it for threat intelligence and other purposes.
The data may provide information about how malicious actors operate online and could reveal exploitable weaknesses in computer systems. In addition, several Chinese companies use network numbering systems that resemble the U.S. militaryâs IP addresses in their internal systems, Madory said. By announcing the address space through Global Resource Systems, that could cause some of that information to be routed to systems controlled by the U.S. military.
The data could also include accidental misconfigurations that could be exploited or fixed, Madory said.
âIf you have a very large amount of traffic, and someone knows how to go through it, youâll find stuff,â Madory added.
The U.S. government spent billions on a system for detecting hacks. The Russians outsmarted it.
Russell Goemaere, a spokesman for the Defense Department, confirmed in a statement to The Washington Post that the Pentagon still owns all the IP address space and hadnât sold any of it to a private party.
Dormant IP addresses can be hijacked and used for nefarious purposes, from disseminating spam to hacking into a computer system and downloading data, and the pilot program could allow the Defense Department to uncover if those activities are taking place using its addresses.
A person familiar with the pilot effort, who agreed to speak on the condition of anonymity because the program isnât public, said it is important for the Defense Department to have âvisibility and transparencyâ into its various cyber resources, including IP addresses, and manage the addresses properly so they will be available if and when the Pentagon wants to use them.
âIf you canât see it, you canât defend it,â the person said.
Lori Rozsa in Plantation, Fla., and Alice Crites contributed to this report.