Snowden: NSA Was Building 'Automated' System To Hit Back At Perceived Cyberattacks
from the bad-ideas dept
One final story to highlight from James Bamford's really wonderful Wired profile of Ed Snowden. This one might not be that surprising, but the NSA was building an internal automated "cyberwar" system called MonsterMind, which would seek to detect an incoming "cyber attack" and then automatically launch a counterattack. Here's how Bamford describes Snowden's explanation in his article:The massive surveillance effort was bad enough, but Snowden was even more disturbed to discover a new, Strangelovian cyberwarfare program in the works, codenamed MonsterMind. The program, disclosed here for the first time, would automate the process of hunting for the beginnings of a foreign cyberattack. Software would constantly be on the lookout for traffic patterns indicating known or suspected attacks. When it detected an attack, MonsterMind would automatically block it from entering the country—a “kill” in cyber terminology.Yeah, because false alarms never happen at all. Hell, just this week I was hearing about a series of false alarms when the US thought that Russia had launched thousands of nuclear missiles at the US. Imagine an automated system taught to respond to that?
Programs like this had existed for decades, but MonsterMind software would add a unique new capability: Instead of simply detecting and killing the malware at the point of entry, MonsterMind would automatically fire back, with no human involvement.
And, of course, this only works... if the NSA has access to private company's networks:
In addition to the possibility of accidentally starting a war, Snowden views MonsterMind as the ultimate threat to privacy because, in order for the system to work, the NSA first would have to secretly get access to virtually all private communications coming in from overseas to people in the US. “The argument is that the only way we can identify these malicious traffic flows and respond to them is if we’re analyzing all traffic flows,” he says. “And if we’re analyzing all traffic flows, that means we have to be intercepting all traffic flows. That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.”This puts into context some stories from last year, which noted that Keith Alexander seemed particularly focused on getting companies to give the NSA access to their networks. Last October, he gave a speech in which he pitched exactly that:
Drawing an analogy to how the military detects an incoming missile with radar and other sensors, Alexander imagined the NSA being able to spot "a cyberpacket that's about to destroy Wall Street." In an ideal world, he said, the agency would be getting real-time information from the banks themselves, as well as from the NSA's traditional channels of intelligence, and have the power to take action before a cyberattack caused major damage.And in a Washington Post profile of Keith Alexander from over a year ago, a similar idea was discussed:
His proposed solution: Private companies should give the government access to their networks so it could screen out the harmful software. The NSA chief was offering to serve as an all-knowing virus-protection service, but at the cost, industry officials felt, of an unprecedented intrusion into the financial institutions’ databases.This all should probably make you wonder why those very same financial institutions seem willing to shell out somewhere between $600,000 and $1 million per month for Alexander's "patent-pending" solutions to "cybersecurity."
The group of financial industry officials, sitting around a table at the Office of the Director of National Intelligence, were stunned, immediately grasping the privacy implications of what Alexander was politely but urgently suggesting. As a group, they demurred.
“He’s an impressive person,” the participant said, recalling the group’s collective reaction to Alexander. “You feel very comfortable with him. He instills a high degree of trust.”
But he was proposing something they thought was high-risk.
“Folks in the room looked at each other like, ‘Wow. That’s kind of wild.’ ”
Furthermore, this should shed some light on why the NSA was so in favor of CISPA and now CISA -- cybersecurity bills in Congress that would give private companies liability protections if they... shared network data with the NSA (and other parts of the federal government). The NSA needs those liability protections to get some companies to be willing to open up their networks to do this kind of MonsterMind offering, or they won't participate. It's also why Congress shouldn't pass such a bill.
Filed Under: access, automated, cisa, cispa, cyberattack, cybersecurity, ed snowden, keith alexander, monstermind, nsa, private networks