Snowden: NSA working on ‘MonsterMind’ cyberwar bot

Snowden: NSA working on 'MonsterMind' cyberwar bot

Image of brain courtesy of ShutterstockEdward Snowden has described to Wired the final straw that broke the camel’s back and turned him into a whistleblower: an NSA project called MonsterMind that would give the agency control of all internet traffic entering the US, the ability to detect and block attacks in progress, and potentially, some day, the power to autonomously launch retaliatory strikes without human intervention.

Snowden says that the program is currently in development, but he gave no information on when or even if it might be deployed.

If MonsterMind does become reality, it would encompass even greater US control over the internet than that which now exists, as well as ever more trampling on Fourth Amendment rights against unreasonable search, he said:

The argument is that the only way we can identify these malicious traffic flows and respond to them is if we’re analyzing all traffic flows. And if we’re analyzing all traffic flows, that means we have to be intercepting all traffic flows. That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.

Details are scant, but Snowden told Wired that the ability to automatically retaliate sets MonsterMind apart from similar programs, which have existed for decades.

Wired points to the recent Einstein 2 and Einstein 3 programs: intrusion detection and prevention systems that use network sensors to identify malicious attacks aimed at US government systems.

MonsterMind would similarly detect and kill malware at the point of entry, but it would then potentially fire back without humans’ authorization.

Snowden said that’s a problem, given the innocent parties whose systems are often used as proxies in attacks:

These attacks can be spoofed. You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital. What happens next?

What exactly would a counterstrike entail?

Snowden doesn’t say whether it might be malicious code thrown back at the attacking system to disable it or whether a counterattack might target malicious tools on the attacker’s system.

But he did bring up the potential of the US accidentally triggering a war were it to retaliate against a country that’s harboring innocent, compromised computers ensnared in a botnet – i.e., a network of hacked computers that attackers remotely control to carry out their dirty work.

Wired’s Kim Zetter brings up another potential concern: that of unanticipated collateral damage, such as disabling critical civilian infrastructure.

Microsoft’s recent move to take down two botnets is one example.

In July, Microsoft took control of 23 domains from domain provider, and in the process knocked out 1.8 million customer sites and over 5 million hostnames, disabling thousands of domains that had nothing to do with the malware Microsoft was targeting.

Another piece of malware that famously spun out of control was Stuxnet, which not only escaped its original cage – i.e., targeting an Iranian nuclear facility – to bite a whole bunch of countries not originally on the hit list, but also spawned its nasty son, Duqu.

At Naked Security we are wary of the hype that surrounds the idea of cyberwar (and particularly the tasteless and overused idea of a Digital Pearl Harbour). Snowden is the only source of information we have about MonsterMind and both the details he’s provided and Wired’s reporting are scant and full of “some days” and “what ifs”.

The truth is that we just don’t know very much about this program but it is, at least according to what Snowden himself said, what convinced him that enough was enough.

Image of brain explosion courtesy of Shutterstock.