This is just a really odd story that’s been bouncing around for a little while now, but the Associated Press is reporting that at least some details have emerged pointing to a possible explanation. On January 20th (the day Joe Biden was inaugurated as president), a shadowy company in Florida announced that it was now managing a massive chunk of all the available internet addresses in the world and they were doing so on behalf of the United States Department of Defense. The term “massive” isn’t hyperbole in this case. We’re talking about more than 175 million addresses or roughly 4% of the total available domains. Virtually all of this internet space was unused, too. The problem was that the Pentagon didn’t seem to have anything to say about it and the company making the claim barely existed except on paper, having only been incorporated last September. Some additional probing by journalists has now produced a few answers, but many questions still remain.
After weeks of wonder by the networking community, the Pentagon has now provided a very terse explanation for what it’s doing. But it has not answered many basic questions, beginning with why it chose to entrust management of the address space to a company that seems not to have existed until September.
The military hopes to “assess, evaluate and prevent unauthorized use of DoD IP address space,” said a statement issued Friday by Brett Goldstein, chief of the Pentagon’s Defense Digital Service, which is running the project. It also hopes to “identify potential vulnerabilities” as part of efforts to defend against cyber-intrusions by global adversaries, who are consistently infiltrating U.S. networks, sometimes operating from unused internet address blocks.
The statement did not specify whether the “pilot project” would involve outside contractors.
Okay, so the Pentagon is at least admitting that they do control all of these addresses (primarily through DARPA) and they are doing something related to the prevention of hacking and cyberspying by our adversaries. Fair enough. But what about the contractor that is supposedly managing all of this virtual real estate?
That’s where the story gets even stranger. The firm making the announcement is called Global Resource Systems LLC. A thorough search of related records traces GRS to a rental space above a bank in Plantation, Florida. The company’s name doesn’t appear on the building’s directory and it has no website or email address of record. When the AP asked a receptionist at the building about GRS she had no idea what they were talking about.
The only name associated with the company (aside from a California lawyer who apparently handled getting it incorporated in Delaware) is that of Raymond Saulino. He was the CEO of a company named Packet Forensics which has held millions of dollars in government contracts with DARPA for cybersecurity/internet surveillance work, so at least that kind of makes sense. But nobody seems to be able to reach the guy for comment and a former partner of his told the AP that he thought Saulino was retired.
Making things even murkier is the fact that the name of the company – Global Resource Systems – is the same as another company that used the same Florida address but shut down ten years ago after allegations of computer fraud. And this new version of GRS now controls more internet space than China Telecom, AT&T or Comcast, according to the AP report. The only other question the Pentagon answered on the subject was to say that none of the 175 million addresses have been sold off. So what’s actually going on? If the military is just engaging in some massive counterterrorism work in cyberspace and doesn’t want to reveal the details, that’s certainly understandable. But the key players involved and the way this is all being handled certainly makes it look fishy.