Attention B2B Marketers: Access 30 Million IT Decision Makers with a Custom Lead Generation Program Click to Learn More!
Welcome Guest | Sign In

Snowden Blows NSA's MonsterMind

By Richard Adhikari
Aug 13, 2014 3:02 PM PT
Edward Snowden Wired NSA

The United States National Security Agency is working on a new program codenamed "MonsterMind" that will automate the monitoring of traffic patterns on the Internet to look for attacks, NSA whistleblower Edward Snowden told Wired.

When it detects an attack, MonsterMind will automatically block it from entering the U.S. cyberinfrastructure.

It also will automatically fire back at the server from which the attack was launched.

That could be a problem because such attacks can be spoofed -- routed through the servers of innocent third parties, Snowden told Wired.

MonsterMind will require the NSA to access just about all electronic communications coming into the U.S. from abroad, which violates our Fourth Amendment rights, he pointed out.

It's the Constitution, Stupid!

"Judging from that account of MonsterMind, it sounds like it could very well be a violation of Fourth Amendment rights, although it's hard to say without any more information, said Hudson B. Kingston, legal director of the Center for Digital Democracy (CDD).

Other NSA programs have what Hudson calls "fig leaf" controls built in to somewhat limit the collection and dissemination of more personal communications, which MonsterMind apparently lacks.

"Mass collection of personal information is a violation of privacy rights even if it might be used to stop cyberattacks, and the NSA does not seem to be balancing constitutional protections in its efforts to intercept all traffic on the Internet," Hudson told TechNewsWorld.

Protect First, Talk Later

"Cyberwarfare is a genuine threat to the stability of the U.S., and it's understandable that the NSA and other agencies are working tirelessly to identify the sources of threats, methods of defense, and ways to fight back," said Darren Hayes, assistant professor and director of cybersecurity at Pace University's Seidenberg School of CSIS.

"If the U.S. government was not working on a cyberwar defense program, we should be concerned," Hayes told TechNewsWorld. "An attack on our financial system or utilities by a foreign government would lead to a loss of confidence and perhaps result in a loss of lives."

The high speed at which cyberattacks occur requires the development of automated defenses, Hayes argued.

Shooting Ourselves in the Monsterfoot

Here's the thing, though: MonsterMind cannot guarantee our cybersafety -- and in the worst case, actually could result in our attacking ourselves.

"Automated responses usually have a limited set of [issues] they can respond to," David Swift, chief architect at Securonix, told TechNewsWorld. "Zero-day malware by definition is unknown, and an automated response to an unknown attack without human analysis is a recipe for denial of service."

For example, a spike on Twitter, NetFlix or other streaming media could be seen as anomalous if the algorithms used weren't up to snuff, Swift explained. Looking for a single-frame attack in a billion frames that doesn't match a known malware pattern is difficult, and scaling up a tool to deal with the hundreds of millions of actors on the Internet is a "monumental task."

Possible Solutions to Issues With MonsterMind

Behavioral analytics tools might be the way to go, because they learn what is normal from collecting data on an organization's user population and profiling user and peer patterns, Swift suggested.

Another option is to use benign cyberworms.

Snowden is describing pre-Internet technology known as a "ferret," Kyle Kennedy, CTO at Stealthbits, told TechNewsWorld. For a cyberferret to be effective and avoid problems, such as attacking innocent parties' servers, cyberferrets could be joined with cyberworms -- tracking and infiltration programs that can map a virus or intrusion back to the original source, even if the source uses antidetection techniques.

"Cyberworms inherently do no damage unless they carry a Trojan Horse or a cyberbomb or virus component," Kennedy said.

In any event, fears that MonsterMind might take out an innocent third party's servers in an automated counterattack might be overstated.

"By the phrasing [of Snowden's statements], it appears it would not be a direct attack back, which is illegal in most cases, Swift pointed out, but rather a cutting off of the connection to the IP address or address range determined to be malicious."

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Facebook Twitter LinkedIn Google+ RSS
How do you feel about accidents that occur when self-driving vehicles are being tested?
Self-driving vehicles should be banned -- one death is one too many.
Autonomous vehicles could save thousands of lives -- the tests should continue.
Companies with bad safety records should have to stop testing.
Accidents happen -- we should investigate and learn from them.
The tests are pointless -- most people will never trust software and sensors.
Most injuries and fatalities in self-driving auto tests are due to human error.