On Jan. 20, in the final few minutes of President Donald Trump’s presidential term, an obscure internet service company announced it was now managing a huge swath of previously unused Pentagon internet protocol (IP) addresses.
The shift in millions of Pentagon IP addresses set off speculation. Following an investigation by the Washington Post revealed on Saturday, a top Department of Defense cybersecurity unit said the effort was meant to determine how malicious internet actors may try to gain control of the Pentagon’s IP addresses.
On Saturday, the Washington Post reported that shortly after the Pentagon IP addresses went live, the internet company Global Resource Systems LLC had soon claimed it was managing approximately 56 million of those IP addresses. In the ensuing three months, the Florida-based internet company said the number of Pentagon addresses it manages has risen to nearly 175 million.
Those approximately 175 million IP addresses comprise about six percent of a traditional section of Internet real estate called IPv4. According to the Washington Post, that many IP addresses could sell for billions of dollars on the open market.
Control of large portions of the internet are typically handled by well-known companies like AT&T, China Telecom and Verizon. The major acquisition by the comparatively obscure Global Resource Systems LLC set off speculation within the Internet industry about how they gained control of the previously dormant IP addresses. The Washington Post reported theories ranged from a Pentagon official selling off part of the military’s vast collection of sought-after IP addresses while people were distracted with Trump’s departure, to the Pentagon finally acting on demands to finally allow traffic through the millions of billions of IP address space the military has been sitting on, mostly unused, for decades.
The Washington Post attempted to reach out to Global Resource Systems LLC and tracked the company down to a shared office space near Fort Lauderdale, Fla. The company’s name was not listed on the shared office space’s lobby directory and a receptionist said she could provide no information about the company and asked a reporter to leave.
Russell Goemaere, a spokesman for the Defense Department told the Washington Post that the department still owns the IP addresses. The Washington Post further reported the change was the result of a move by the Defense Digital Service (DDS), a Pentagon cybersecurity team.
Brett Goldstein, the DDS’ director, said in a statement that the cybersecurity team authorized the Pentagon IP address acquisitions as part of a “pilot effort” to “assess, evaluate and prevent unauthorized use of DoD IP address space.”
The Washington Post reported dormant IP addresses can be hijacked by malicious actors and used for malicious purposes ranging from disseminating spam to intercepting large amounts of data intended to go somewhere else. The DDS’ pilot program could help the Defense Department determine if malicious actors are using those tactics against its IP addresses
Doug Madory, director of Internet analysis for Kentik, a network monitoring company told the Washington Post the program being run by DDS could reveal new information about how malicious actors operate online and how they exploit weaknesses in computer systems.
Madory also said the newly activated addresses are also bringing in large amounts of Internet traffic that the Pentagon could collect and analyze for intelligence purposes. For example, Madory said Chinese companies use network numbering systems that resemble the U.S. military’s IP addresses in their internal systems and that by giving Global Resource Systems control of the IP addresses, information from some of those Chinese firms could be routed to systems controlled by the U.S. military. Madory said the data could include accidental misconfigurations that could be exploited or fixed.
“If you have a very large amount of traffic, and someone knows how to go through it, you’ll find stuff,” Madory said.
The Washington Post reported the full intent of the Pentagon’s IP address move remains unclear and the DoD declined to answer a number of questions about the decision, such as why it was using an obscure Florida-internet company to assume control of the IP addresses.