lobsters.txt

Delivered-To: shawn.webb@hardenedbsd.org
Received: by 2002:a05:6e04:81d:0:0:0:0 with SMTP id m29csp2761731imz;
        Sat, 24 Apr 2021 14:30:20 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxMCxhTldBA8rP/kPZJJwgcJXsyGdm4lDd9HwMSjKNFnpqg74+32TyctDt/s7vVEfaSiBhJ
X-Received: by 2002:a05:6214:1470:: with SMTP id c16mr11201345qvy.60.1619299819931;
        Sat, 24 Apr 2021 14:30:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1619299819; cv=none;
        d=google.com; s=arc-20160816;
        b=R+rRdnvpN0QetcNLWfgeAdLiqrbg69XcZApGynPOxVxTMOLHRvPpmrb1r4YccIXXWD
         dBdDe2AZrV6eoawy6sGsNnsDRXTQv8nvJrDgXIMmZOF/MnQBTCWW7+iW/W98xw47OJVm
         WlUneIYggJBI3Cm/UK7TOAWsEN7PBuiwixrZbD+BCkHdQYIxxs10+iqYrCjZYqJDx9/0
         a+UCTjRH6ipM9C23p2zJh7z4dD1HDITpO0xTkogx3cQTpJvUYZu7rJyrO5CzP1Ck2Gvx
         Grhfs09w05FCha+Qq+EQNdiRz96pAorF2eh361wn6rDws6iuPWaf1UFmruXEUH24yCJr
         9+wQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=subject:date:message-id:content-transfer-encoding:mime-version
         :precedence:list-unsubscribe:list-id:to:reply-to:from;
        bh=xa/sB77vM+QJMrv10CBiz0z92YPDRYOc1+JeA+vMAbM=;
        b=aEVbZOKIz6Q2sR399BsUBdYG1xaoyIcrasIGwROo8H6KwlLxW4kh5sQoHbGmdpdNCE
         Bns1BRuhgCzb6OeE3l6QMF8KlSNQaR2O+psrX+k2KW1yWm7kLhTbftEOdEiYpcrQ3Fzd
         Uo+tiGrOIXqigLLY9tp1i6YFY9MjvBbpu1KBSHc1yPQnFgHj7H843LWUpog7GBX4Z8hM
         ntwSgrfCs5RmZr52yRgc4xG/UiC0tC6G02YNieM1+J5RbS2KfGPabM2GjhMaSv3u0jJw
         xu14k7098cJjYHR8iv7ziMKDug2D26sfPbacDhlo5iPugYMiQvBp/NARPQhrAAFjqO/d
         8aCg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of nobody@lobste.rs designates 67.205.128.5 as permitted sender) smtp.mailfrom=nobody@lobste.rs;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=lobste.rs
Return-Path: <nobody@lobste.rs>
Received: from lobste.rs (lobste.rs. [67.205.128.5])
        by mx.google.com with ESMTPS id x8si8040916qkp.216.2021.04.24.14.30.19
        for <shawn.webb@hardenedbsd.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 24 Apr 2021 14:30:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of nobody@lobste.rs designates 67.205.128.5 as permitted sender) client-ip=67.205.128.5;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of nobody@lobste.rs designates 67.205.128.5 as permitted sender) smtp.mailfrom=nobody@lobste.rs;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=lobste.rs
Received: by lobste.rs (Postfix, from userid 1024)
	id 9971713C6B5; Sat, 24 Apr 2021 21:30:19 +0000 (UTC)
From: dtgriscom <dtgriscom@lobste.rs>
X-Is-Author: false
Reply-To: lobsters-X1yVfXzOSu@lobste.rs
To: lobsters-X1yVfXzOSu@lobste.rs
X-BeenThere: lobsters-X1yVfXzOSu@lobste.rs
List-Id: Lobsters <lobsters-X1yVfXzOSu@lobste.rs>
List-Unsubscribe: <https://lobste.rs/settings>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID: <story.fczl6h.1619299603@lobste.rs>
Date: Sat, 24 Apr 2021 16:26:43 -0500
Subject: =?UTF-8?Q?Minutes?= =?UTF-8?Q?_before?= =?UTF-8?Q?_Trump?=
	=?UTF-8?Q?_left?= =?UTF-8?Q?_office,?= =?UTF-8?Q?_millions?=
	=?UTF-8?Q?_of?= =?UTF-8?Q?_the?= =?UTF-8?Q?_Pentagon=E2=80=99s?=
	=?UTF-8?Q?_dormant?= =?UTF-8?Q?_IP?= =?UTF-8?Q?_addresses?=
	=?UTF-8?Q?_sprang?= =?UTF-8?Q?_to?= =?UTF-8?Q?_life?=
	=?UTF-8?Q?_[networking]?= =?UTF-8?Q?_[security]?=

Via: https://www.washingtonpost.com/technology/2021/04/24/pentagon-intern=
et-address-mystery/

While the world was distracted with President Donald Trump leaving
office on Jan. 20, an obscure Florida company discreetly announced to
the world=E2=80=99s computer networks a startling development: It now was=

managing a huge unused swath of the Internet that, for several decades,
had been owned by the U.S. military.

The company, Global Resource Systems LLC, kept adding to its zone of
control. Soon it had claimed 56 million IP addresses owned by the
Pentagon. Three months later, the total was nearly 175 million. That=E2=80=
=99s
almost 6 percent of a coveted traditional section of Internet real
estate =E2=80=94 called IPv4 =E2=80=94 where such large chunks are worth =
billions of
dollars on the open market.

The entities controlling the largest swaths of the Internet generally
are telecommunications giants whose names are familiar: AT&T, China
Telecom, Verizon. But now at the top of the list was Global Resource
Systems =E2=80=94 a company founded only in September that has no publicl=
y
reported federal contracts and no obvious public-facing website.

As listed in records, the company=E2=80=99s address in Plantation, Fla., =
outside
Fort Lauderdale, is a shared workspace in an office building that
doesn=E2=80=99t show Global Resource Systems on its lobby directory. A
receptionist at the shared workspace said Friday that she could provide
no information about the company and asked a reporter to leave. The
company did not respond to requests for comment.

The only announcement of Global Resources Systems=E2=80=99 management of
Pentagon addresses happened in the obscure world of Border Gateway
Protocol (BGP) =E2=80=94 the messaging system that tells Internet compani=
es how
to route traffic across the world. There, messages began to arrive
telling network administrators that IP addresses assigned to the
Pentagon but long dormant could now accept traffic =E2=80=94 but it shoul=
d be
routed to Global Resource Systems.

Network administrators began speculating about perhaps the most dramatic
shift in IP address space allotment since BGP was introduced in the
1980s.

=E2=80=9CThey are now announcing more address space than anything ever in=
 the
history of the Internet,=E2=80=9D said Doug Madory, director of Internet
analysis for Kentik, a network monitoring company, who was among those
trying to figure out what was happening. He published a blog post on the
mystery Saturday morning.

The theories were many. Did someone at the Defense Department sell off
part of the military=E2=80=99s vast collection of sought-after IP address=
es as
Trump left office? Had the Pentagon finally acted on demands to unload
the billions of dollars worth of IP address space the military has been
sitting on, largely unused, for decades?

The change is the handiwork of an elite Pentagon unit known as the
Defense Digital Service, which reports directly to the secretary of
defense. The DDS bills itself as a =E2=80=9CSWAT team of nerds=E2=80=9D t=
asked with
solving emergency problems for the department and conducting
experimental work to make big technological leaps for the military.

Created in 2015, the DDS operates a Silicon Valley-like office within
the Pentagon. It has carried out a range of special projects in recent
years, from developing a biometric app to help service members identify
friendly and enemy forces on the battlefield to ensuring the encryption
of emails Pentagon staff were exchanging about coronavirus vaccines with
external parties.

Brett Goldstein, the DDS=E2=80=99s director, said in a statement that his=
 unit
had authorized a =E2=80=9Cpilot effort=E2=80=9D publicizing the IP space =
owned by the
Pentagon.

=E2=80=9CThis pilot will assess, evaluate and prevent unauthorized use of=
 DoD IP
address space,=E2=80=9D Goldstein said. =E2=80=9CAdditionally, this pilot=
 may identify
potential vulnerabilities.=E2=80=9D

Goldstein described the project as one of the Defense Department=E2=80=99=
s =E2=80=9Cmany
efforts focused on continually improving our cyber posture and defense
in response to advanced persistent threats. We are partnering throughout
DoD to ensure potential vulnerabilities are mitigated.=E2=80=9D

The specifics of what the effort is trying to achieve remain unclear.
The Defense Department declined to answer a number of questions about
the project, and Pentagon officials declined to say why Goldstein=E2=80=99=
s unit
had used a little-known Florida company to carry out the pilot effort
rather than have the Defense Department itself =E2=80=9Cannounce=E2=80=9D=
 the addresses
through BGP messages =E2=80=94 a far more routine approach.

What is clear, however, is the Global Resource Systems announcements
directed a fire hose of Internet traffic toward the Defense Department
addresses. Madory said his monitoring showed the broad movements of
Internet traffic began immediately after the IP addresses were announced
Jan. 20.

Madory said such large amounts of data could provide several benefits
for those in a position to collect and analyze it for threat
intelligence and other purposes.

The data may provide information about how malicious actors operate
online and could reveal exploitable weaknesses in computer systems. In
addition, several Chinese companies use network numbering systems that
resemble the U.S. military=E2=80=99s IP addresses in their internal syste=
ms,
Madory said. By announcing the address space through Global Resource
Systems, that could cause some of that information to be routed to
systems controlled by the U.S. military.

Russell Goemaere, a spokesman for the Defense Department, confirmed in a
statement to The Washington Post that the Pentagon still owns all the IP
address space and hadn=E2=80=99t sold any of it to a private party.

Dormant IP addresses can be hijacked and used for nefarious purposes,
from disseminating spam to hacking into a computer system and
downloading data, and the pilot program could allow the Defense
Department to uncover if those activities are taking place using its
addresses.

A person familiar with the pilot effort, who agreed to speak on the
condition of anonymity because the program isn=E2=80=99t public, said it =
is
important for the Defense Department to have =E2=80=9Cvisibility and
transparency=E2=80=9D into its various cyber resources, including IP addr=
esses,
and manage the addresses properly so they will be available if and when
the Pentagon wants to use them.

-- =

Vote: https://lobste.rs/s/fczl6h=