fbpx
Connect with us

News

The big Pentagon internet mystery now partially solved

Associated Press

Published

 on

Pentagon internet mystery

A very strange thing happened on the internet the day President Joe Biden was sworn in. A shadowy company residing at a shared workspace above a Florida bank announced to the world’s computer networks that it was now managing a colossal, previously idle chunk of the internet owned by the U.S. Department of Defense.

That real estate has since more than quadrupled to 175 million addresses — about 1/25th the size of the current internet.

“It is massive. That is the biggest thing in the history of the internet,” said Doug Madory, director of internet analysis at Kentik, a network operating company. It’s also more than twice the size of the internet space actually used by the Pentagon.

After weeks of wonder by the networking community, the Pentagon has now provided a very terse explanation for what it’s doing. But it has not answered many basic questions, beginning with why it chose to entrust management of the address space to a company that seems not to have existed until September.

The military hopes to “assess, evaluate and prevent unauthorized use of DoD IP address space,” said a statement issued Friday by Brett Goldstein, chief of the Pentagon’s Defense Digital Service, which is running the project. It also hopes to “identify potential vulnerabilities” as part of efforts to defend against cyber-intrusions by global adversaries, who are consistently infiltrating U.S. networks, sometimes operating from unused internet address blocks.

The statement did not specify whether the “pilot project” would involve outside contractors.

The Pentagon periodically contends with unauthorized squatting on its space, in part because there has been a shortage of first-generation internet addresses since 2011; they now sell at auction for upwards of $25 each.

Madory said advertising the address space will make it easier to chase off squatters and allow the U.S. military to “collect a massive amount of background internet traffic for threat intelligence.”

Some cybersecurity experts have speculated that the Pentagon may be using the newly advertised space to create “honeypots,” machines set up with vulnerabilities to draw hackers. Or it could be looking to set up dedicated infrastructure — software and servers — to scour traffic for suspect activity.

“This greatly increases the space they could monitor,” said Madory, who published a blog post on the matter Saturday.

What a Pentagon spokesman could not explain Saturday is why the Defense Department chose Global Resource Systems LLC, a company with no record of government contracts, to manage the address space.

“As to why the DoD would have done that I’m a little mystified, same as you,” said Paul Vixie, an internet pioneer credited with designing its naming system and the CEO of Farsight Security.

The company did not return phone calls or emails from The Associated Press. It has no web presence, though it has the domain grscorp.com. Its name doesn’t appear on the directory of its Plantation, Florida, domicile, and a receptionist drew a blank when an AP reporter asked for a company representative at the office earlier this month. She found its name on a tenant list and suggested trying email. Records show the company has not obtained a business license in Plantation.

Incorporated in Delaware and registered by a Beverly Hills lawyer, Global Resource Systems LLC now manages more internet space than China Telecom, AT&T or Comcast.

The only name associated with it on the Florida business registry coincides with that of a man listed as recently as 2018 in Nevada corporate records as a managing member of a cybersecurity/internet surveillance equipment company called Packet Forensics. The company had nearly $40 million in publicly disclosed federal contracts over the past decade, with the FBI and the Pentagon’s Defense Advanced Research Projects Agency among its customers.

That man, Raymond Saulino, is also listed as a principal in a company called Tidewater Laskin Associates, which was incorporated in 2018 and obtained an FCC license in April 2020. It shares the same Virginia Beach, Virginia, address — a UPS store — in corporate records as Packet Forensics. The two have different mailbox numbers. Calls to the number listed on the Tidewater Laskin FCC filing are answered by an automated service that offers four different options but doesn’t connect callers with a single one, recycling all calls to the initial voice recording.

Saulino did not return phone calls seeking comment, and a longtime colleague at Packet Forensics, Rodney Joffe, said he believed Saulino was retired. Joffe, a cybersecurity luminary, declined further comment. Joffe is chief technical officer at Neustar Inc., which provides internet intelligence and services for major industries, including telecommunications and defense.

In 2011, Packet Forensics and Saulino, its spokesman, were featured in a Wired story because the company was selling an appliance to government agencies and law enforcement that let them spy on people’s web browsing using forged security certificates.

The company continues to sell “lawful intercept” equipment, according to its website. One of its current contracts with the Defense Advanced Research Projects Agency is for “harnessing autonomy for countering cyber-adversary systems.” A contract description says it is investigating “technologies for conducting safe, nondisruptive, and effective active defense operations in cyberspace.” Contract language from 2019 says the program would “investigate the feasibility of creating safe and reliable autonomous software agencies that can effectively counter malicious botnet implants and similar large-scale malware.”

Deepening the mystery is Global Resource Systems’ name. It is identical to that of a firm that independent internet fraud researcher Ron Guilmette says was sending out email spam using the very same internet routing identifier. It shut down more than a decade ago. All that differs is the type of company. This one’s a limited liability corporation. The other was a corporation. Both used the same street address in Plantation, a suburb of Fort Lauderdale.

“It’s deeply suspicious,” said Guilmette, who unsuccessfully sued the previous incarnation of Global Resource Systems in 2006 for unfair business practices. Guilmette considers such masquerading, known as slip-streaming, a ham-handed tactic in this situation. “If they wanted to be more serious about hiding this they could have not used Ray Saulino and this suspicious name.”

Guilmette and Madory were alerted to the mystery when network operators began inquiring about it on an email list in mid-March. But almost everyone involved didn’t want to talk about it. Mike Leber, who owns Hurricane Electric, the internet backbone company handling the address blocks’ traffic, didn’t return emails or phone messages.

Despite an internet address crunch, the Pentagon — which created the internet — has shown no interest in selling any of its address space, and a Defense Department spokesman, Russell Goemaere, told the AP on Saturday that none of the newly announced space has been sold.


BOSTON (AP) — By FRANK BAJAK AP Technology Writer

Associated Press writer Terry Spencer in Fort Lauderdale, Florida, contributed to this report.

Advertisement

News

NTSB: Tesla owner got into driver’s seat before deadly crash

Associated Press

Published

 on

Home security camera footage shows that the owner of a Tesla got into the driver’s seat of the car shortly before a deadly crash in suburban Houston, according to a government report Monday.

But the preliminary report on the crash that killed two men doesn’t explain the mystery of why authorities found no one behind the wheel of the car, which burst into flames after crashing about 550 feet (170 meters) from the owner’s home. Nor does it conclusively say whether Tesla’s “Autopilot” partially automated driver-assist system was operating at the time of the crash, although it appears unlikely.

The National Transportation Safety Board said it’s still investigating all aspects of the crash. An onboard data storage device in the console, however, was destroyed by fire. A computer that records air bag and seat belt status as well as speed and acceleration was damaged and is being examined at an NTSB lab.

The NTSB said it tested a different Tesla vehicle on the same road, and the Autopilot driver-assist system could not be fully used. Investigators could not get the system’s automated steering system to work, but were able to use Traffic Aware Cruise Control.

Autopilot needs both the cruise control and the automatic steering to function. Traffic Aware Cruise Control can keep the car a safe distance from vehicles in front of it, while autosteer keeps it in its own lane. The report said the road also did not have lane lines. That could have have been why the automatic steering wouldn’t work.

“The NTSB continues to collect data to analyze the crash dynamics, postmortem toxicology test results, seat belt use, occupant egress and electric vehicle fires,” the agency said in its report. “All aspects of the crash remain under investigation as the NTSB determines the probable cause.”

The agency says it intends to issue safety recommendations to prevent similar crashes.

The April 17 crash happened at 9:07 p.m. on Hammock Dunes Place, a two-lane residential road in Spring, Texas. Both the 59-year-old owner and the 69-year-old passenger were killed.

The NTSB report said the 2019 Model S went off the road on a curve, drove over a curb, hit a drainage culvert, a raised manhole and a tree.

The crash damaged the high-voltage lithium-ion battery, where the fire began.

Local authorities said one man was found in the front passenger seat, while another was in the back.

The report didn’t say how fast the car was going, but Harris County Precinct Four Constable Mark Herman said it was a high speed. He would not say if there was evidence anyone tampered with Tesla’s system to monitor the driver, which detects force from hands on the steering wheel. The system will issue warnings and eventually shut the car down if it doesn’t detect hands. But critics say Tesla’s system is easy to fool and can take as long as a minute to shut down.

Consumer Reports said in April that it was able to easily trick a Tesla into driving in Autopilot mode with no one at the wheel.

The NTSB, which has no regulatory authority and can only make recommendations, said it’s working with the National Highway Traffic Safety Administration on the probe. NHTSA has the power to make vehicle safety regulations. The federal probe is running at the same time as a parallel investigation by local authorities, the NTSB said.

The Texas crash raised questions of whether Autopilot was working at the time, and whether Tesla does enough to make sure drivers are engaged. The company says in owner’s manuals and on its website that Autopilot is a driver-assist system and drivers must be ready to take action at any time.

Lars Moravy, Tesla’s vice president of vehicle engineering, said on the company’s April 26 earnings conference call that an inspection of the badly burned car found that the steering wheel was deformed, “so it was leading to a likelihood that someone was in the driver’s seat at the time of the crash.” He said all seat belts were found unbuckled.

Last month on Twitter, Tesla CEO Elon Musk wrote that data logs “recovered so far” in the crashed show Autopilot wasn’t turned on, and “Full Self-Driving” was not purchased for the vehicle in the Texas crash. He didn’t answer reporters’ questions posed on Twitter.

In the past, NHTSA, has taken a hands-off approach to regulating partial and fully automated systems for fear of hindering development of promising new features.

But since March, the agency has stepped up inquiries into Teslas, dispatching teams to three crashes. It has investigated 28 Tesla crashes in the past few years, but thus far has relied on voluntary safety compliance from auto and tech companies. At least three people have been killed in U.S. crashes in which Autopilot was operating but neither the system nor the driver took action to avoid obstacles.


DETROIT (AP) — By TOM KRISHER AP Auto Writer.

Continue Reading

News

2 on trial as China enforces online control amid pandemic

Associated Press

Published

 on

Virus Outbreak China

Two amateur computer coders taken by police from their Beijing homes last year were standing trial Tuesday in a case that illustrates the Chinese government’s growing online censorship and heightened sensitivity to any deviation from the official narrative on its COVID-19 response.

Authorities have not said specifically why Chen Mei, 28, and Cai Wei, 27, were arrested, so friends and relatives can only guess. They believe it was because the two men had set up an online archive to store articles deleted by censors and a related forum where users could skirt real-name registration requirements to chat anonymously.

The case is being tried at Wenyuhe People’s Court in the northeastern outskirts of Beijing. Chen’s mother and Cai’s father were allowed in shortly before the trial was due to begin at 9 a.m. The families were previously told that only one family member could attend.

Started in 2018, the archive kept hundreds of censored articles and the forum saw discussions on sensitive issues including the anti-government protests in Hong Kong and complaints about the ruling Communist Party. But what got them in trouble with authorities appears to be archiving articles showing an alternative to China’s official narrative about its pandemic response just as the country started facing questions over its handling of the initial outbreak.

In keeping the censored articles and providing a place for them to be discussed, the two run afoul of increasingly strict regulations in an already stifling online environment under President Xi Jinping. Just last year hundreds were prosecuted for online speech.

Chen and Cai are being prosecuted under a catch-all charge of “stirring up trouble and picking quarrels.”

In January 2020, the two began archiving articles about a mysterious new illness circulating in Wuhan. For Cai, who is from the area and could not go home to see his family for the Lunar New Year holiday, the news was particularly upsetting.

“A lot of things happened in China then that made us very upset, and he may have been affected by that,” said his girlfriend, Tang Hongbo. She was also detained but released after 23 days when it became clear she didn’t know much about the project. “Every day we were looking at the internet, and we were all in this tragic mindset.”

Xi has made cyberspace governance a priority, and under his direction, the government created its own model to manage the challenges and opportunities of the internet. China eliminated online anonymity by requiring people to register under what is known as the real name system starting in 2016. Social media accounts are linked to a mobile phone number, which is tied to an individual’s national ID number.

A Chinese activist, using court and government records and media reports, tallied more than 750 prosecutions for web speech in 2020 in an online database and posted on a Twitter account named SpeechFreedomCN. He said he runs the database anonymously out of fear of retribution.

A friend of Cai, who declined to be named out of fear of retribution, said Cai had grown frustrated with the censorship regime. In response, he and Chen launched the Terminus2049 archive and 2049bbs forum in 2018 as a “public platform of free exchange,” Cai wrote in a welcome post.

“It’s not just the ‘real name’ system — the deletions of posts, the bans, have reached a point that’s really shocking domestically,” Cai wrote in another 2018 post. “When you have to worry about whether you have touched a sensitive keyword in any post you write, how can you really have the brave desire to express yourself?”

On the forum, Cai wrote about movies, music and books he liked. Others discussed mores sensitive topics. It was a place to speak without worrying about having posts deleted or getting one’s account banned. It didn’t require a phone number to register, or even an email address.

Chen was more low-key but similarly chafed against the censorship system.

“He wants information to flow. He wants quality information to flow freely,” said Chen Kun, his older brother. “We have this type of value deep in our bones, the independence of discourse on the internet and the free transmission of information.”

Cai and Chen met in 2011 at a summer camp hosted by Liren College, a socially conscious educational program. Both self-taught coders, they first started cooperating on a project to archive all the lectures and information from the summer camps, said a friend of both, who spoke on condition of anonymity out of fear of retribution. Authorities shut down Liren in 2014.

Terminus2049 primarily housed articles that had been deleted from WeChat and Weibo, popular social media platforms that are subject to regular algorithmic and human censorship. While similar databases existed, most were blocked in China. Terminus2049 was available on Github, a code sharing platform that is not blocked.

The topics the archived articles touched on were broad, but they shared a focus on social issues. One was concerned about the expulsion of migrant workers from Beijing after a fire, while another shared questions about a company that falsified data on rabies vaccines.

It was only after Cai and Chen got arrested in April last year that their families found out from friends and peers what the two had been working on. They suspect that pandemic-related content triggered the arrests, in part because in the weeks before and after their detention, police questioned acquaintances about what the two had done during the outbreak.

“They were told that Chen Mei has family members abroad, has provided foreign organizations with information about the pandemic and is basically handing a knife over to the enemy,” said Chen Kun, who now lives in France.

Police in Beijing did not respond to a faxed request for comment and court-appointed lawyers did not respond to phone calls.

Citizen journalist Zhang Zhan also fell afoul of the law after reporting from Wuhan in the early days of the outbreak. She received a four-year sentence in December.

The 2049bbs forum, which never had major reach, is now blocked in China. Yet the discussions continue and the records of the forum live on in a site called 2047, set up by a self-described “person who walks the same path” and some members of the old forum.

Cai’s father, who hasn’t seen his son in more than a year, still can’t understand how his son ran afoul of the authorities.

“He didn’t say anything bad. He didn’t try to organize some protests,” Cai Jianli said. “How did this become picking quarrels and stirring up trouble?”


TAIPEI, Taiwan (AP) — By HUIZHONG WU Associated Press

Associated Press video journalist Sam McNeil and news assistant Caroline Chen in Beijing contributed to this story.

Continue Reading

News

Online speech shield under fire as Trump Facebook ban stays

Associated Press

Published

 on

Donald Trump

Lurking beneath Facebook’s decision on whether to continue Donald Trump’s suspension from its platform is a far more complex and consequential question: Do the protections carved out for companies when the internet was in its infancy 25 years ago make sense when some of them have become global powerhouses with almost unlimited reach?

The companies have provided a powerful megaphone for Trump, other world leaders and billions of users to air their grievances, even ones that are false or damaging to someone’s reputation, knowing that the platforms themselves were shielded from liability for content posted by users.

Now that shield is getting a critical look in the current climate of hostility toward Big Tech and the social environment of political polarization, hate speech and violence against minorities.

The debate is starting to take root in Congress, and the action this week by Facebook’s quasi-independent oversight board upholding the company’s suspension of Trump’s accounts could add momentum to that legislative effort.

Under the 1996 Communications Decency Act, digital platform companies have legal protection both for content they carry and for removing postings they deem offensive. The shelter from lawsuits and prosecution applies to social media posts, uploaded videos, user reviews of restaurants or doctors, classified ads — or the underworld of thousands of websites that profit from false and defamatory information on individuals.

Section 230 of the law, which outlines the shield, was enacted when many of the most powerful social media companies didn’t even exist. It allowed companies like Facebook, Twitter and Google to grow into the behemoths they are today.

Republicans accuse the social media platforms of suppressing conservative voices and giving a stage to foreign leaders branded as dictators, while Trump is barred. Democrats and civil rights groups decry the digital presence of far-right extremists and pin blame on the platforms for disseminating hate speech and stoking extremist violence.

“For too long, social media platforms have hidden behind Section 230 protections to censor content that deviates from their beliefs,” Sen. Roger Wicker of Mississippi, the senior Republican on the Senate Commerce Committee, has said.

On this, Trump and President Joe Biden apparently agree. Trump, while president, called for the repeal of Section 230, branding it “a serious threat to our national security and election integrity.” Biden said during his campaign that it “immediately should be revoked,” though he hasn’t spoken about the issue at length as president.

Facebook, with a strong lobbying presence in Washington and a desire to have an input into any changes, has stepped out in favor of revisions to Section 230. Congress should update the 1996 law “to make sure it’s working as intended,” CEO Mark Zuckerberg has said. And he’s offered a specific suggestion: Congress could require internet platforms to gain legal protection only by proving that their systems for identifying illegal content are up to snuff.

Some critics see a clever gambit in that, a requirement that could make it more difficult for smaller tech companies and startups to comply and would ultimately advantage Facebook over smaller competitors.

Spokespeople for Twitter and Google declined to comment on the prospects for legislative action on Section 230 following the Facebook board ruling; a spokesperson for Menlo Park, California-based Facebook had no immediate comment.

The decision announced by the Facebook oversight board upheld the suspension of Trump, an extremely rare move that was based on the company’s conclusion that he incited violence leading to the deadly Jan. 6 Capitol riot. But the overseers told Facebook to specify how long the suspension would last, saying its “indefinite” ban on the former president was unreasonable. The ruling, which gives Facebook six months to comply, effectively postpones any possible Trump reinstatement and puts the onus for that decision squarely back on the company.

Trump was permanently banned after the riot from Twitter, his favored bullhorn. But it was Facebook that played an integral role in both of Trump’s campaigns, not just as a way to speak to his more than 32 million followers but also as a fundraising juggernaut driving small-dollar contributions through highly targeted ads.

Critics of Facebook generally saw the oversight board’s ruling as positive. But some view the board as a distraction by Facebook to skirt its responsibility and to stave off action by Congress or the Biden administration. What must be addressed, critics insist, are the broader problems for society from the fearsome power, market dominance and underlying business model of Facebook and the other tech giants — harvesting data from platform users and making it available to online advertisers so they can pinpoint consumers to target.

That’s where the debate over changes to Section 230 comes in, as a key area for new regulation of social media.

Gautam Hans, a technology law and free-speech expert and professor at Vanderbilt University, said he finds the board to be “a bit of a sideshow from the larger policy and social questions that we have about these companies.”


WASHINGTON (AP) — By MARCY GORDON AP Business Writer.

Associated Press writer Jill Colvin contributed to this report.

Continue Reading

Trending