Key Highlights:
- The company, Global Resource Systems’ has no web presence.
- The company did not come to existence until September 2020.
- The military aims at assessing network vulnerabilities by the help of this enigmatic company
The US Defence seeks external help to locate security breaches
In an attempt to find loopholes in the network and infiltrators, the US Department of Defense has handed over the responsibility of about 175 millions of DoD IP addresses to a tiny Florida company, running under the name of ‘Global Resource Systems’.
Military’s efforts towards troubleshooting loopholes
The company began managing the IP addresses since 20 January, as a “pilot effort” to “identify vulnerabilities” and “prevent unauthorized use of DoD IP address space.” However, the Department of Defense still owns the authorization of the IP addresses.
According to reports, the initiative is apparently being run by a group within the Pentagon called Defense Digital Service, which solves problems and does technology experiments for the military. The group reports directly to the secretary of defense.
Responsibilities of the company
Global Resource Systems, residing at a shared workspace above a Florida Bank, announced its presence to the world’s computer networks, whilst announcing it was now managing a colossal chunk of the internet owned by the US Department of Defense, which was previously idle.
The military hopes to “assess, evaluate and prevent unauthorized use of DoD IP address space,” said a statement issued Friday by Brett Goldstein, chief of the Pentagon’s Defense Digital Service, which is running the project. It also hopes to “identify potential vulnerabilities” as part of efforts to defend against cyber-intrusions by global adversaries, who are consistently infiltrating U.S. networks, sometimes operating from unused internet address blocks.
What exactly Global Resource Systems has been tasked with doing for the DoD isn’t known, but the Post found it sent a “fire hose of internet traffic” at the DoD IP addresses. One security expert speculated that it may give the DoD information about how attackers operate online, and any possible misconfigurations that need to be repaired.
Related: Why Hackers Are Targeting COVID-19 Vaccine Distributors?
The ‘enigmatic’ company
What labels the company ‘unusual’ is that the announcement of its task intake came a day after President Joe Biden’s swearing ceremony. Furthermore, the company’s existence couldn’t be traced prior to September 2020, along with no available federal contracts for the company or any public-facing website.
The Pentagon has chosen to answer a few questions on the decision while denying to comment on why it chose to entrust management of the address space to a company that seems not to have existed until September.
According to cybersecurity experts, the newly advertised space might be used by the Pentagon to create “honeypots”, machines set up with vulnerabilities to draw hackers. Or it could be looking to set up dedicated software and servers to scour traffic for suspect activity.
“As to why the DoD would have done that I’m a little mystified, same as you,” said Paul Vixie, an internet pioneer credited with designing its naming system and the CEO of Farsight Security.
The company with no web presence, although with a domain grscorp.com, did not return phone calls or emails from The Associated Press. Its name couldn’t be located in Florida’s directory.
The only name associated with it on the Florida business registry coincides with that of a man listed as recently as 2018 in Nevada corporate records as a managing member of a cybersecurity/internet surveillance equipment company called Packet Forensics. The company had nearly $40 million in publicly disclosed federal contracts over the past decade, with the FBI and the Pentagon’s Defense Advanced Research Projects Agency among its customers.
Also Read: All you need to know about the increasing Accellion FTA Attacks
