Your Source for Leaks Around the World!

MonsterMind: NSA’s Autonomous Cyberwarfare Program

In Archive, Hacking, Internet, Malware, NSA, Snowden, Surveillance, Technology on August 13, 2014 at 7:38 PM

nsa-hal-9000

08/13/2014

James Bamford/WIRED:

The last straw for Snowden was a secret program he discovered while getting up to speed on the capabilities of the NSA’s enormous and highly secret data storage facility in Bluffdale, Utah. Potentially capable of holding upwards of a yottabyte of data, some 500 quintillion pages of text, the 1 million-square-foot building is known within the NSA as the Mission Data Repository. (According to Snowden, the original name was Massive Data Repository, but it was changed after some staffers thought it sounded too creepy—and accurate.) Billions of phone calls, faxes, emails, computer-to-computer data transfers, and text messages from around the world flow through the MDR every hour. Some flow right through, some are kept briefly, and some are held forever.

The massive surveillance effort was bad enough, but Snowden was even more disturbed to discover a new, Strangelovian cyberwarfare program in the works, codenamed MonsterMind. The program, disclosed here for the first time, would automate the process of hunting for the beginnings of a foreign cyberattack. Software would constantly be on the lookout for traffic patterns indicating known or suspected attacks. When it detected an attack, MonsterMind would automatically block it from entering the country—a “kill” in cyber terminology.

Programs like this had existed for decades, but MonsterMind software would add a unique new capability: Instead of simply detecting and killing the malware at the point of entry, MonsterMind would automatically fire back, with no human involvement. That’s a problem, Snowden says, because the initial attacks are often routed through computers in innocent third countries. “These attacks can be spoofed,” he says. “You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital. What happens next?”

In addition to the possibility of accidentally starting a war, Snowden views MonsterMind as the ultimate threat to privacy because, in order for the system to work, the NSA first would have to secretly get access to virtually all private communications coming in from overseas to people in the US. “The argument is that the only way we can identify these malicious traffic flows and respond to them is if we’re analyzing all traffic flows,” he says. “And if we’re analyzing all traffic flows, that means we have to be intercepting all traffic flows. That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.”

Kim Zetter/WIRED:

It would also require sensors placed on the internet backbone to detect anomalous activity.

Cryptographer Matt Blaze, an associate professor of computer science at the University of Pennsylvania, says the algorithm scanning system Snowden describes sounds similar to the government’s recent Einstein 2 and Einstein 3 programs, which use network sensors to identify malicious attacks aimed at U.S. government systems. If that system were secretly being extended to cover all U.S. systems, without public debate, that would be a concern.

Although MonsterMind does resemble the Einstein programs to a certain degree, it also sounds much like the Plan X cyberwarfare program run by DARPA. The five-year, $110 million research program has several goals, not the least of which is mapping the entire internet and identifying every node to help the Pentagon spot, and disable, targets if needed. Another goal is building a system that allows the Pentagon to conduct speed-of-light attacks using predetermined and pre-programmed scenarios. Such a system would be able to spot threats and autonomously launch a response, the Washington Post reported two years ago.

It’s not clear if Plan X is MonsterMind or if MonsterMind even exists. The Post noted at the time that DARPA would begin accepting proposals for Plan X (PDF) that summer. Snowden said MonsterMind was in the works when he left his work as an NSA contractor last year.

The NSA, for its part, would not respond to questions about the MonsterMind program.

Related Link: CyberCOP: NSA System Monitors Cyberattacks in Real-Time

  1. […] program, which NDR does not mention by name but is most likely called MonsterMind and has been reported on earlier, could then automatically with no human involvement, decide […]

  2. […] search for foreign cyber attacks has long since been largely automated by the NSA and its Five Eyes partners. The TUTELAGE system can identify incursions and ensure that […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: