Snowden: NSA Was Building 'Automated' System To Hit Back At Perceived Cyberattacks

from the bad-ideas dept

One final story to highlight from James Bamford's really wonderful Wired profile of Ed Snowden. This one might not be that surprising, but the NSA was building an internal automated "cyberwar" system called MonsterMind, which would seek to detect an incoming "cyber attack" and then automatically launch a counterattack. Here's how Bamford describes Snowden's explanation in his article:
The massive surveillance effort was bad enough, but Snowden was even more disturbed to discover a new, Strangelovian cyberwarfare program in the works, codenamed MonsterMind. The program, disclosed here for the first time, would automate the process of hunting for the beginnings of a foreign cyberattack. Software would constantly be on the lookout for traffic patterns indicating known or suspected attacks. When it detected an attack, MonsterMind would automatically block it from entering the country—a “kill” in cyber terminology.

Programs like this had existed for decades, but MonsterMind software would add a unique new capability: Instead of simply detecting and killing the malware at the point of entry, MonsterMind would automatically fire back, with no human involvement.
Yeah, because false alarms never happen at all. Hell, just this week I was hearing about a series of false alarms when the US thought that Russia had launched thousands of nuclear missiles at the US. Imagine an automated system taught to respond to that?

And, of course, this only works... if the NSA has access to private company's networks:
In addition to the possibility of accidentally starting a war, Snowden views MonsterMind as the ultimate threat to privacy because, in order for the system to work, the NSA first would have to secretly get access to virtually all private communications coming in from overseas to people in the US. “The argument is that the only way we can identify these malicious traffic flows and respond to them is if we’re analyzing all traffic flows,” he says. “And if we’re analyzing all traffic flows, that means we have to be intercepting all traffic flows. That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.”
This puts into context some stories from last year, which noted that Keith Alexander seemed particularly focused on getting companies to give the NSA access to their networks. Last October, he gave a speech in which he pitched exactly that:
Drawing an analogy to how the military detects an incoming missile with radar and other sensors, Alexander imagined the NSA being able to spot "a cyberpacket that's about to destroy Wall Street." In an ideal world, he said, the agency would be getting real-time information from the banks themselves, as well as from the NSA's traditional channels of intelligence, and have the power to take action before a cyberattack caused major damage.
And in a Washington Post profile of Keith Alexander from over a year ago, a similar idea was discussed:
His proposed solution: Private companies should give the government access to their networks so it could screen out the harmful software. The NSA chief was offering to serve as an all-knowing virus-protection service, but at the cost, industry officials felt, of an unprecedented intrusion into the financial institutions’ databases.

The group of financial industry officials, sitting around a table at the Office of the Director of National Intelligence, were stunned, immediately grasping the privacy implications of what Alexander was politely but urgently suggesting. As a group, they demurred.

“He’s an impressive person,” the participant said, recalling the group’s collective reaction to Alexander. “You feel very comfortable with him. He instills a high degree of trust.”

But he was proposing something they thought was high-risk.

“Folks in the room looked at each other like, ‘Wow. That’s kind of wild.’ ”
This all should probably make you wonder why those very same financial institutions seem willing to shell out somewhere between $600,000 and $1 million per month for Alexander's "patent-pending" solutions to "cybersecurity."

Furthermore, this should shed some light on why the NSA was so in favor of CISPA and now CISA -- cybersecurity bills in Congress that would give private companies liability protections if they... shared network data with the NSA (and other parts of the federal government). The NSA needs those liability protections to get some companies to be willing to open up their networks to do this kind of MonsterMind offering, or they won't participate. It's also why Congress shouldn't pass such a bill.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    AJ, Aug 13th, 2014 @ 1:20pm

    Shall we play a game?

    -Joshua

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 1:23pm

    We need a system that automatically ejects people from government positions when they: Violate the Constitution, are caught willfully lying (even least untruthful lies), and/or violate their oath of office.
    I think that should just about cover most things. Perhaps others could add to the list.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    hoare (profile), Aug 13th, 2014 @ 1:26pm

    another leak?

    did Snowden just leak Alexander's patents?

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    GMacGuffin (profile), Aug 13th, 2014 @ 1:35pm

    Strangelovian Indeed

    I doubt the NSA would learn any lessons from the brilliant film though, loving secrets as they do:

    "...the whole point of the doomsday machine is lost... if you KEEP IT A SECRET!"

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 1:36pm

    This kind of trouble has happened before

    The dangers of such a 'MonsterMind' system remind me of a story of anti-spam software in the earlier days of the Internet.

    The way the anti-spam software worked that one company made, if someone emails you a message their software sees as spam, their software will email 50 emails back to that person saying "Please take me off of your mailing list" or something to that effect, to spam the spammers back with useless junk so they don't email you again.

    Sounds fine, until you take into account
    1) false alarms that mark legitimate emails as spam
    and
    2) the fact that the person who sent the 'spam' email might also have the exact same anti-spam software installed...

    Needless to say, that company's anti-spam software managed to take down a few servers. Their software viewed their own 'please take me off of your mailing list' emails as spam, which caused an infinite loop of those emails to get sent back and forth, constantly increasing 50-fold because each new spam email had to get 50 new responses.

    That company was later fined over their anti-spam software, for violating anti-spam laws.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Chris-Mouse (profile), Aug 13th, 2014 @ 1:49pm

    What would that software do if someone were to hire a botnet of infected US government computers, and use it to attack the NSA?

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    John Fenderson (profile), Aug 13th, 2014 @ 1:50pm

    Re: This kind of trouble has happened before

    and
    3) Spammers started spoofing the "From" header field to point to innocent others they happen to be mad at.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Jay (profile), Aug 13th, 2014 @ 1:52pm

    Bright side

    At least now we know who to blame for Skynet.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    John Fenderson (profile), Aug 13th, 2014 @ 1:53pm

    I'd forgotten that bit of crazy

    Alexander imagined the NSA being able to spot "a cyberpacket that's about to destroy Wall Street."


    Ah yes, that mysterious single packet that could wipe out Wall Street. I'd forgotten. I think the cybermen will find it sitting right next to the unicorn that pisses lemonade and shits jellybeans.

     

    reply to this | link to this | view in thread ]

  10. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 1:56pm

    Yeah, because false alarms never happen at all. Hell, just this week I was hearing about a series of false alarms when the US thought that Russia had launched thousands of nuclear missiles at the US. Imagine an automated system taught to respond to that?

    Grasp at straws much, Drama Queen?

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    BJ, Aug 13th, 2014 @ 2:09pm

    WarGames

    Joshua: Greetings, Professor Falken.

    Stephen Falken: Hello, Joshua.

    Joshua: A strange game. The only winning move is not to play. How about a nice game of chess?

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 2:28pm

    Re:

    I had a similar idea earlier, except it involved a grenade attached to the center of each politician's forehead.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 2:38pm

    Re: I'd forgotten that bit of crazy

    Seriously. I can't believe Alexander considers himself worth hundreds of thousands of dollars, when even an amateur like me can tell he knows absolutely nothing about computers.
    Really, if he was just an obnoxious blowhard, he'd be using the technical terms just to show off. The fact that he keeps using made-up words ("cyberpacket"? really?) shows that he's a complete sham.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 2:38pm

    Re: I'd forgotten that bit of crazy

    Remember the only effective way to stop the Cybermen is to destroy their neural inhibitors

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    024601, Aug 13th, 2014 @ 2:53pm

    Deadhand for the digital age.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    ECA (profile), Aug 13th, 2014 @ 3:16pm

    This suggests

    This suggests that they had NO basic knowledge of BASIC protections on remote accessed computers.
    OR that the corps didnt want to enable them. just to have someone ELSE to blame for their OWN incompetence..

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Jeremy2020 (profile), Aug 13th, 2014 @ 3:21pm

    Re:

    What exactly is grasping at straws about something that happened?

    An automated cyber system automatically responds to an infected machine at the New York Stock Exchange and takes down the whole system instead of just blocking that traffic? Sounds BRILLIANT!

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 3:34pm

    'It's also why Congress shouldn't pass such a bill.'

    it's also why there should be no way to financially influence politics and both the donor and the recipient facing serious charges if they do. then add in an end to lobbying money and maybe, just maybe we could get some real politics and decision making done that genuinely benefits country and citizens!

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    tomczerniawski, Aug 13th, 2014 @ 3:54pm

    Check this out, fellas:

    It seems Cisco has started hemorrhaging employees. It fired 6,000 of them, and is now burning operating funds on stock buyback schemes to keep their value up.

    http://www.zerohedge.com/news/2014-08-13/cisco-quarter-nutshell-terminating-6000-while-buying-bac k-15-billion-stock

    I wonder why Cisco is having problems? Could it be no-one trusts their products any more, for some strange reason?

    Just another hint of the economic damage being done by the NSA to the US economy.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Mike Masnick (profile), Aug 13th, 2014 @ 4:04pm

    Re:

    Grasp at straws much, Drama Queen?


    I'm curious: do you honestly believe that such systems wouldn't be subject to false alarms and false retribution? If so, how much computer programming have you done?

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Rich Kulawiec, Aug 13th, 2014 @ 4:18pm

    There are two ways to launch an attack

    1. Spend time and money (and other resources, like personnel) designing a weapons system. Do research. Do development. Do fabrication and deployment. Do targeting. Do fire control. Do damage assessment.

    This can be very expensive and tedious, not to mention personally risky and subject to interruption by people who would very much NOT like you to develop a weapons system. Fortunately, there is another way:

    2. Let someone else do everything in (1), and then deceive/provoke them into attacking the target of your choice. This is far cheaper and easier, plus they'll probably be blamed for it.

    Offensive network/system attacks are a very stupid idea, which is people like me have been saying for decades that it is never appropriate to respond to abuse with abuse. Automatic offensive attacks are an insanely stupid idea. Apparently some of the slow learners in the class need some remedial education basic security principles.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 5:41pm

    Re:

    False alarms regularly happen to something quite close to your heart. It's called copyright enforcement. Run by your favorite goons such as Marc Randazza, Evan Stone, John Steele and Andrew Crossley.

    But of course you're too dishonest to admit that.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    Coyne Tibbets (profile), Aug 13th, 2014 @ 6:27pm

    Why are we hiring Alexander again?

    Isn't it truly amazing how on the one hand you can be certain that (as revealed here) every company's network must be under NSA surveillance and any NSA employee (current or former) who interferes with those aims and goals is a traitor...

    ...and then when you resign you are just as certain that interfering with NSA's aims and goals is "good and profitable business" and that you are a lily-white patriot?

    So it seems either he's a dyed in the wool hypocrite, or you can't trust him near any of your company's computers. If I owned a company, and he told me the sky was blue or that hammers released in a gravity field fall, I'd triple-check before I paid him a dime.

    Soooo...now let's take a second look at the companies that signed up for his services. Maybe they're hiring him knowingly to set up company (and government) surveillance on their customers? Military-industrial complex in action?

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    Coyne Tibbets (profile), Aug 13th, 2014 @ 6:37pm

    Re: Check this out, fellas:

    Actually this suggests a corporate raider (such as Bain Capital) is after them. This sounds like a defensive move to fend off a hostile takeover.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Aug 13th, 2014 @ 7:17pm

    I am wondering why the revelations in this article and those immediately preceding it are presented as hearsay and without any substantiating documentation? Maybe they are completely true, but their presentation as unsubstantiated hearsay makes me a bit suspicious.

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    techflaws (profile), Aug 13th, 2014 @ 10:39pm

    Re:

    Spouting clueless bullshit, moron?

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Aug 14th, 2014 @ 2:33am

    Re: Re:

    Clearly it's Whatever's turn to kneel under the desk...

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Aug 14th, 2014 @ 3:41am

    Re: Re:

    "Grasp at straws much, Drama Queen?"


    I'm curious: do you honestly believe that such systems wouldn't be subject to false alarms and false retribution? If so, how much computer programming have you done?

    No, but equating the potential harm to global thermonuclear warfare is a bit over the top, don't you think.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Aug 14th, 2014 @ 3:43am

    Re: Re:

    Deary me! How many millions died in the resulting nuclear holocaust? Oh, the humanity!!!

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    John Fenderson (profile), Aug 14th, 2014 @ 8:11am

    Re: Re: Re:

    Well, fair is fair. The cybermen are constantly making the same comparison.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Ruben, Aug 14th, 2014 @ 9:03am

    Re: Re: Re:

    Alright, then how about a "cyber Pearl Harbor."

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Aug 14th, 2014 @ 10:40am

    Re: Bright side

    John: Why hack Russia?

    T-800: Because it knew the Russian Business Network would wipe out its enemies over here.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.