Dormant Defence IPs revived
Authorities have given some details on the bizarre story of an unused slice of the internet.
On the day US President Joe Biden was sworn in, a mysterious company called Global Resource Systems LLC announced it had been given control of millions of IP addresses owned by the Pentagon.
The company says it holds 175 million addresses, or about 6 per cent of the world’s coveted IPv4 internet space.
AT&T, China Telecom, Verizon have been the entities that control the largest swaths of the Internet, but Global Resource Systems now tops that list. The company was only founded in September, it has no publicly reported federal contracts and no obvious public-facing website.
Global Resource Systems’ official address is a shared workspace in Florida which does not feature the company’s name on its lobby directory.
The revival of the long-dormant addresses was also announced by Border Gateway Protocol (BGP) operators, who told network administrators that IP addresses once assigned to the Pentagon can now accept traffic — but it should be routed to Global Resource Systems.
“They are now announcing more address space than anything ever in the history of the Internet,” says Doug Madory from Kentik, a network monitoring company.
The shift has now been linked to an elite Pentagon unit known as the Defense Digital Service, which has referred to itself in the past as a “SWAT team of nerds”.
DDS director Brett Goldstein said over the weekend that his unit had authorised a “pilot effort” that would publicise the IP space owned by the Pentagon.
“This pilot will assess, evaluate and prevent unauthorized use of DoD IP address space,” Mr Goldstein said.
“Additionally, this pilot may identify potential vulnerabilities.”
The specifics of the plan remain unclear, including the major question of why Mr Goldstein’s unit used a little-known Florida company to carry out the ‘pilot’ effort.
Security experts have speculated that opening up the space for use while still being monitored by the Department of Defence will given the agency information about how attackers operate online, and any possible misconfigurations that need to be repaired.
Mr Madory has published a blog post on the mystery.