Pentagon internet mystery partially solved, but questions remain
An obscure company residing in a shared workspace above a Florida bank now manages more internet space than China Telecom, AT&T or Comcast.
BOSTON – A very strange thing happened on the Internet the day President Joe Biden was sworn in. An obscure company residing in a shared workspace above a bank in Florida has announced to computer networks around the world that it now manages a colossal, previously inactive portion of the Internet owned by the US Department of Defense.
This building has since more than quadrupled to 175 million addresses, or about 1 / 25th the size of the Internet today.
“It’s huge. It’s the most important thing in Internet history,” said Doug Madory, director of Internet analytics at Kentik, a network operating company. It is also more than twice the size of the Internet space actually used by the Pentagon. .
After weeks of wonder on the part of the networking community, the Pentagon has now provided a very terse explanation of what it is doing. But he didn’t answer many basic questions, starting with why he chose to hand over the management of the address space to a company that only appeared to have existed in September.
The military hopes to “assess, assess and prevent unauthorized use of DoD’s IP address space,” said a statement released Friday by Pentagon chief Brett Goldstein. Digital Defense Service, who is running the project. It also hopes to “identify potential vulnerabilities” as part of the defense efforts against cyber intrusions from global adversaries, which constantly infiltrate US networks, sometimes operating from unused blocks of Internet addresses.
The statement did not specify whether the “pilot project” would involve outside contractors.
The Pentagon regularly faces unauthorized squats in its space, in part because there has been a dearth of first-generation Internet addresses since 2011; they are now auctioning for over $ 25 each.
Madory said the address space advertisement would make it easier to hunt down squatters and allow the US military to “collect a massive amount of background Internet traffic for threat intelligence.”
Some cybersecurity experts have speculated that the Pentagon could use the newly announced space to create “honeypots,” machines configured with vulnerabilities to lure hackers. Or it could be looking to set up a dedicated infrastructure – software and servers – to scan traffic for suspicious activity.
âIt dramatically increases the space they could monitor,â said Madory, who posted a blog post on the topic on Saturday.
What a Pentagon spokesperson couldn’t explain on Saturday is why the Defense Department chose Global Resource Systems LLC, a company without government contract registration, to manage the address space.
âAs to why the DoD would have done this, I’m a little puzzled, as are you,â said Paul Vixie, an Internet pioneer known for his naming system design and CEO of Farsight Security.
The company did not return phone calls or emails from The Associated Press. It does not have a web presence, although it does own the domain grscorp.com. His name does not appear on the directory for his plantation, Florida home, and a receptionist pulled a blank when an AP reporter asked for a company representative in the office earlier this month. She found her name on a tenant list and suggested trying the email. Records show that the company did not obtain a business license in Plantation.
Incorporated in Delaware and registered by a Beverly Hills attorney, Global Resource Systems LLC now manages more internet space than China Telecom, AT&T or Comcast.
The only name associated with him in the Florida business registry coincides with that of a man listed as recently as 2018 in the Nevada business records as a managing member of a manufacturing equipment company. cybersecurity / internet surveillance called Packet Forensics. The company has held nearly $ 40 million in publicly disclosed federal contracts over the past decade, with the FBI and the Pentagon’s Defense Advanced Research Projects Agency among its clients.
This man, Raymond Saulino, is also listed as a principal at a company called Tidewater Laskin Associates, which was incorporated in 2018 and obtained an FCC license in April 2020. He shares the same address in Virginia Beach, Virginia – a UPS store – in company records like Packet Forensics. The two have different mailbox numbers. Calls to the number listed on the Tidewater Laskin FCC record are handled by an automated service that offers four different options but does not connect callers with just one, recycling all calls to the original voice recording.
Saulino did not return phone calls for comment, and longtime Packet Forensics colleague Rodney Joffe said he believed Saulino was retired. Joffe, a cybersecurity luminary, declined to comment further. Joffe is CTO of Neustar Inc., which provides Internet intelligence and services for major industries, including telecommunications and defense.
In 2011, Packet Forensics and Saulino, its spokesperson, were featured in a Wired story because the company was selling a device to government agencies and law enforcement agencies that allowed them to spy on people’s web browsing using fake security certificates.
The company continues to sell “lawful interception” equipment, according to its website. One of his current contracts with the Defense Advanced Research Projects Agency relates to âthe exploitation of autonomy to fight against cyber-adversary systemsâ. A contract description indicates that it is studying “technologies to conduct safe, non-disruptive and effective active defense operations in cyberspace.” The language of the 2019 contract says the program “would study the feasibility of creating safe and reliable stand-alone software agencies capable of effectively countering malicious botnet implants and similar malware on a large scale.”
Deepening the mystery is the name of Global Resource Systems. It’s identical to that of a company that independent internet fraud researcher Ron Guilmette said was emailing spam using the same internet routing ID. It closed its doors over ten years ago. All that differs is the type of business. This is a limited liability company. The other was a corporation. Both used the same address in Plantation, a suburb of Fort Lauderdale.
“It’s deeply suspect,” said Guilmette, who unsuccessfully sued the previous incarnation of Global Resource Systems in 2006 for unfair business practices. Guilmette considers such a masquerade, known as “slip-streaming”, a clumsy tactic in this situation. “If they wanted to be more serious about hiding this, they couldn’t have used Ray Saulino and that suspicious name.”
Guilmette and Madory were alerted to the mystery when network operators began inquiring about a mailing list in mid-March. But almost everyone involved didn’t want to talk about it. Mike Leber, who owns Hurricane Electric, the Internet backbone company that handles address block traffic, did not return emails or phone messages.
Despite an Internet address crisis, the Pentagon – which created the Internet – has shown no interest in selling any of its address spaces, and Defense Department spokesman Russell Goemaere said Saturday to the AP that none of the newly announced spaces had been sold. .
Associated Press editor Terry Spencer of Fort Lauderdale, Florida contributed to this report.