Snowden: NSA working on 'MonsterMind' cyberwar bot

Filed Under: Botnet, Featured, Malware, Privacy

Image of brain courtesy of ShutterstockEdward Snowden has described to Wired the final straw that broke the camel's back and turned him into a whistleblower: an NSA project called MonsterMind that would give the agency control of all internet traffic entering the US, the ability to detect and block attacks in progress, and potentially, some day, the power to autonomously launch retaliatory strikes without human intervention.

Snowden says that the program is currently in development, but he gave no information on when or even if it might be deployed.

If MonsterMind does become reality, it would encompass even greater US control over the internet than that which now exists, as well as ever more trampling on Fourth Amendment rights against unreasonable search, he said:

The argument is that the only way we can identify these malicious traffic flows and respond to them is if we’re analyzing all traffic flows. And if we’re analyzing all traffic flows, that means we have to be intercepting all traffic flows. That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.

Details are scant, but Snowden told Wired that the ability to automatically retaliate sets MonsterMind apart from similar programs, which have existed for decades.

Wired points to the recent Einstein 2 and Einstein 3 programs: intrusion detection and prevention systems that use network sensors to identify malicious attacks aimed at US government systems.

MonsterMind would similarly detect and kill malware at the point of entry, but it would then potentially fire back without humans' authorization.

Snowden said that's a problem, given the innocent parties whose systems are often used as proxies in attacks:

These attacks can be spoofed. You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital. What happens next?

What exactly would a counterstrike entail?

Snowden doesn't say whether it might be malicious code thrown back at the attacking system to disable it or whether a counterattack might target malicious tools on the attacker's system.

But he did bring up the potential of the US accidentally triggering a war were it to retaliate against a country that's harboring innocent, compromised computers ensnared in a botnet - i.e., a network of hacked computers that attackers remotely control to carry out their dirty work.

Wired's Kim Zetter brings up another potential concern: that of unanticipated collateral damage, such as disabling critical civilian infrastructure.

Microsoft's recent move to take down two botnets is one example.

In July, Microsoft took control of 23 domains from domain provider No-IP.com, and in the process knocked out 1.8 million customer sites and over 5 million hostnames, disabling thousands of domains that had nothing to do with the malware Microsoft was targeting.

Another piece of malware that famously spun out of control was Stuxnet, which not only escaped its original cage - i.e., targeting an Iranian nuclear facility - to bite a whole bunch of countries not originally on the hit list, but also spawned its nasty son, Duqu.

At Naked Security we are wary of the hype that surrounds the idea of cyberwar (and particularly the tasteless and overused idea of a Digital Pearl Harbour). Snowden is the only source of information we have about MonsterMind and both the details he's provided and Wired's reporting are scant and full of "some days" and "what ifs".

The truth is that we just don't know very much about this program but it is, at least according to what Snowden himself said, what convinced him that enough was enough.


Image of brain explosion courtesy of Shutterstock.

, , , , , , ,

You might like

10 Responses to Snowden: NSA working on 'MonsterMind' cyberwar bot

  1. Robert Scroggins · 68 days ago

    Don't you think that the US has considered the possibility of such a tool causing a war? Perhaps that's why we have never heard of it--perhaps it was dropped after considering this.

    If this was the final kicker for Snowden, then he must have thought it was very important. So why is he telling us about this now at such a late stage? Do you suppose tlhis is just something that he has concocted to keep his image alive?

    • "Do you suppose tlhis is just something that he has concocted to keep his image alive?"

      That surely is one thought, but what if he's just being outright vengeful? What if it is true and he's "whistle blowing" because he feels like he's been wronged for telling us all of this other stuff? Personally, I don't care what he has to say, confirmed or otherwise because if he really feels that he's done no wrong then he should be the man, or "Patriot" that some claim him to be and come back and confront what he started. It's all out in the open now and it can't be swept under the rug as he and others have claimed has happened in the past.

      I know there are many people who really think this man is a hero, I do not, but I do respect peoples opinions, but I think Edward Snowden is a coward and hypocrite of biblical proportions, he criticizes his own country for all the it's done but cowers in Russia, of all places and has yet to mumble a word about their practices that aren't actually state secrets.

  2. Andrew · 68 days ago

    Did you really expect anything else from the NSA. total world domination. If America thinks the NSA can get away with it it will be deployed but I suspect Allies to the USA may have a lot to say, So not only will the fourth amendment be passed by but allies may turn against the USA.
    Does the USA really want to loose her allies? Standing alone is a real sad state of affairs. Decide to control the NSA for your own good USA.
    The trouble you have created has gone far enough....

    • Please stop being naive... do you really believe the NSA (US) is the only country doing or trying to do this... get real, spying and the hopes and dreams of "total world domination" have been the dreams of men since there have been men and dreams and not just in the movies.

  3. Paul Williams · 68 days ago

    It really is time we took the internet away form American. Circumvent mae west and mae east: create hubs in the other continents and if US won't play ball block their traffic.

  4. Radovan · 68 days ago

    Short of an electrical power black swan moment...there are deep govt., deep web, and deep establishment forces that understand intrinsically the ultimate weapon of the future is information. Period. Manipulating it has nothing to do with fairness, or what's right, or what's good. It's purely power and control and everyone, they especially, want that weapon.

    If you think they're doing this for benign reasons, or "best intentions", or for something base like wealth accrual you're deluding yourself.

    This is only what we know about, what Snowden has told us. I'm certain there's worse or in place already.

    Remember the San Jose sub-station attack? Sometimes I wonder if that or a solar flare, chaotic and destructive as they'd be, wouldn't be welcome.

  5. Stephen · 68 days ago

    Actually, depending on a country's infrastructure design, most countries can block whomever they want. Unless of course your plan is to simply use this tactic as a means to beat down the US alone. If you stop to consider most every country in the world is probably working on similar programs, how far along they are depends on their espionage and scientific abilities.

    Last but not least, considering the source, how much of this is only partial information designed to anger people? It is like the reports about the US Pentagon military having plans to attack every country in the world, they are military training scenarios. It is probably why they started making plans for zombie apocalypses and other improbable scenarios to prevent people from accidentally assuming they are real or imminent plans.

    Sure a program like this is very likely a project somewhere in the R&D projects since it is an extension of existing systems and is useful if it works. The downside is, people in charge of the projects would probably veto or turn off the automatic retaliation since people like that would not want to give up the control. I could only see them turning on such a feature for a specific type of attack or event. Kind of like the use of biological warfare is rarely used any more because of lack of control over the damage. It was used at one point but evidence proved it was too unreliable.

  6. MonsterMind · 68 days ago

    Of course the NSA is "working" on this sort of technology.

    Just as pre-WW2, British Scientists were working on "death rays". (They concluded they were impractical, but some of the technology was rather useful for identifying incoming bombers - Range And Direction Finding - aka RADAR.)

    If NSA can get it to work they will think "great" and amorally use it; if they can't the technology will probably still be useful.

  7. Snowden is dripfeeding us.

  8. Anonymous · 58 days ago

    DARPA Grand Cyber Challenge. Nuff said.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.