A significant portion of the limited IPv4 IP addresses was long reserved for the needs of the US Department of Defense, but most of it remained dormant. Now, this huge chunk of addresses is being used in a cyberoperation with goals that are not entirely clear.
As the US was watching the inauguration of President Joe Biden on 20 January, internet companies witnessed at the same moment a much more unusual event – several million of long-dormant IP addresses reserved by the US Department of Defense suddenly coming to life, according to the Washington Post.
The process, invisible to the eyes of ordinary people and netizens, was seen only by those with access to the Border Gateway Protocol (BGP) – the system responsible for routing internet traffic and maintaining since the 1980s global web connections. On 20 April, announcements rushed through the BGP saying that a large chunk of Pentagon-reserved addresses would now be routed through an obscure, newly-minted, shadowy organization called the Global Resource Systems (GBS).
Little-Known Company Outpaces Telecom Giants
What is GBS? No one really knows – this small company was registered in September 2020, has no web site and has never surfaced in any publicly-reported federal contract. And yet, this anonymous company at first claimed control of over 56 million IP addresses and, later, over 119 millions more in a matter of months, making it the largest domain host on the internet.
According to the Washington Post, they amount to roughly 6% of all addresses in the classic IPv4 protocol, which most of us use in day-to-day internet communications. This is reportedly a bigger stake in the global network than anything separately-owned by telecom giants, and could potentially be worth billions of dollars on the market, according to the media outlet. The entity does not responded to requests on how it became the world’s largest manager for DoD-reserved IP address space.
What These Addresses Used For?
While the reasons why the Pentagon’s choice of GBS remains a mystery, the Department of Defense shed some light on the purpose of the move. The Pentagon’s Defense Digital Service (DDS) was in charge of IP address activation and transition under GBS control, the Washington Post reported, citing a statement by the DoD.
The DDS is officially tasked with conducting experiments that might yield significant technological leaps for the military, as well as with resolving various emergency problems in the digital sphere. Here is how the DDS’s chief Brett Goldstein described the service’s latest operation, which led to the activation of the previously dormant IP addresses:
“This pilot [effort] will assess, evaluate and prevent unauthorized use of DoD IP address space. Additionally, this pilot may identify potential vulnerabilities. [The project is one of] many efforts focused on continually improving our cyber posture and defense in response to advanced persistent threats. We are partnering throughout DoD to ensure potential vulnerabilities are mitigated”, he said.
While this description gives only a vague understanding regarding the goals of the new Pentagon operation, the Department of Defense refused to provide additional details, including on why it chose to manage the efforts via the little-known newly-minted company.
The Pentagon might use these new addresses to study the activities of malicious actors in cyberspace by looking into traffic coming through these addresses, Doug Madory, the director of internet analysis for network monitoring company Kentik, told the Washington Post. Madory added that the move could also result in some of the traffic of certain Chinese companies becoming rerouted through the GBS for The Pentagon to study: some of these firms use network systems that use IP addresses similar or identical to the ones reserved by the American military and hence potentially vulnerable for such cyber “highjacking”.
In the past, Washington has repeatedly accused China of using its alleged cyberespionage capabilities to steal the intellectual property of American companies. The US recently added more disruptive actions in the networks on American soil to the list of accusations.