Cybersecurity experts think the anonymity of a small Florida company managing a huge chunk of the internet could be part of the Pentagon's plan — and masking a bigger company

  • A startup took over management of over 175 million Pentagon IP addresses in January.
  • The company has no real history and was only created 7 months ago.
  • Cybersecurity experts say the company is likely a shell organization, masking the Pentagon’s plans.
  • See more stories on Insider’s business page.

About three minutes before former President Donald Trump left office, a mysterious startup began managing nearly 175 million Pentagon Internet Protocol addresses.

The company that is managing about 6% of usable internet space was identified as Global Resource Systems LLC. The 7-month old Florida company has no internet history or prior contracts with the government, but cybersecurity experts told Insider the startup may not what be it seems.

Four experts said the Pentagon is likely using the company’s lack of history as a shield for its plans and Global Resource Systems could be operating as a shell to hide a much larger organization.

The anonymity is likely key to the Pentagon’s plan

Cybersecurity experts say the mystery shrouding Global Resource Systems is not surprising.

The company has no real history, but the people behind the company undoubtedly have government connections, Morgan Wright, the chief security officer of SentinelOne, told Insider.

The name on the company’s incorporation documents, Raymond Saulino, matches the name of a managing member of the cybersecurity firm Packet Forensics, a company that has worked with the government before, according to the company’s legal filings. The company has had nearly $40 million in federal contracts over the past decade and currently sells lawful intercept equipment — a process that allows law enforcement agencies to selectively wiretap individuals via a court order.

A spokesperson for Packet Forensics did not respond to a request for comment from Insider. 

Read more: The Pentagon’s mysterious move to start using inactive internet space could help it see into the networks of big companies

The company also bears the same name as a firm that shut down over 10 years ago and was sending out email spam, internet-fraud researcher Ron Guilmette told The Washington Post. That company had the same office address and used the same internet routing identifier. The only difference between the two companies is that the newer one operates as a limited liability corporation.

Mike Hamilton, former CISO of Seattle and CISO of cybersecurity firm CI Security, told Insider the company’s anonymity provides an extra layer of protection for the government and makes it even easier to hide what the Pentagon is planning to do with its IP addresses.

“Global Resource Systems can function as an extension of the government without direct connection allowing them to monitor activities without the overwhelming presence of the Pentagon nor the scrutiny of public opinion,” Scott Schober, CEO of cybersecurity firm Berkeley Varitronics Systems, told Insider.

The company provides an extra layer of security for the Pentagon

The company also provides the government with plausible deniability, according to Hamilton. The government would be able to launch cyber attacks, obtain data, and create faulty gateways on the internet without having to take responsibility for the actions. The attacks could easily be attributed to mistakes by a new and unrecognized third-party company, according to Hamilton.

Global Resource Systems LLC provides a layer of disguise for the project, according to Wright. He told Insider if the company was recognizable it would be easy for hackers to avoid detection and the US government would tip its hand.

“If it’s obvious where the information is going it gives them an idea of what we’re looking for,” Wright said. “We don’t want to telegraph to them too early what it is we’re doing and how we’re looking at the problem.”

The mysterious company could be a shell for a bigger organization

Wirght and Hamilton agreed that the company’s anonymity was not only beneficial but that it was likely hiding a major company. They pointed out that the company would need significant telecommuting power in order to process information from nearly 175 million IP addresses — more than AT&T or Comcast.

“It would be like trying to eat an elephant,” Wright said. “Not many companies can do that.” 

Hamilton said Google is one of few companies that could process that much information at the moment. A Google spokesperson did not respond to a request to questions about whether the company had any ties to Global Resource Systems.

In contrast, founder of cyber analytics company ExtraHop, Jesse Rothstein, told Insider that Global Resource Systems could still be building up its system and would not necessarily need tremendous telecommuting power for the formerly dormant addresses, though it would still need to have significant financial resources. 

Despite the layer of confusion behind the Pentagon’s decision, most cybersecurity experts agree that the move to put the dormant addresses to use makes sense.

“I think any academic institution or research institution would love to be able to conduct that type of research on such a large scale,” Rothstein told Insider, “This block of IP addresses is very valuable, and I’m sure many countries would prefer the DoD relinquish it, but it’s better to do something with it and use it for research than nothing at all.”

Source: Read Full Article