April 26, 2021 – In the minutes before Joe Biden was inaugurated the Pentagon was quietly transferring millions of IP addresses to a little Plantation, Florida private company that appears to have little if any history. The company, Global Resource Systems, LLC is a shadowy firm that shares an office space above a bank and has never executed government contracts before. Interestingly Florida is also the home of Special Operations which have taken a new leading role within the Military establishment in recent years which began under Trump’s tenure.
The Tampa Bay Times reports “Pentagon mystery with a Florida connection is solved. Sort of.“:
A very strange thing happened on the internet the day President Joe Biden was sworn in. A shadowy company residing at a shared workspace above a Florida bank announced to the world’s computer networks that it was now managing a colossal, previously idle chunk of the internet owned by the U.S. Department of Defense.
That real estate has since more than quadrupled to 175 million addresses — about 1/25th the size of the current internet.
‘It is massive. That is the biggest thing in the history of the internet,’ said Doug Madory, director of internet analysis at Kentik, a network operating company. It’s also more than twice the size of the internet space actually used by the Pentagon.
After weeks of wonder by the networking community, the Pentagon has now provided a very terse explanation for what it’s doing. But it has not answered many basic questions, beginning with why it chose to entrust management of the address space to a company that seems not to have existed until September.
The military hopes to ‘assess, evaluate and prevent unauthorized use of DoD IP address space,’ said a statement issued Friday by Brett Goldstein, chief of the Pentagon’s Defense Digital Service, which is running the project. It also hopes to ‘identify potential vulnerabilities’ as part of efforts to defend against cyber-intrusions by global adversaries, who are consistently infiltrating U.S. networks, sometimes operating from unused internet address blocks.
The statement did not specify whether the ‘pilot project’ would involve outside contractors.
The Pentagon periodically contends with unauthorized squatting on its space, in part because there has been a shortage of first-generation internet addresses since 2011; they now sell at auction for upwards of $25 each.
Madory said advertising the address space will make it easier to chase off squatters and allow the U.S. military to ‘collect a massive amount of background internet traffic for threat intelligence.’
Some cybersecurity experts have speculated that the Pentagon may be using the newly advertised space to create ‘honeypots,’ machines set up with vulnerabilities to draw hackers. Or it could be looking to set up dedicated infrastructure — software and servers — to scour traffic for suspect activity.
‘This greatly increases the space they could monitor,’ said Madory, who published a blog post on the matter Saturday.
What a Pentagon spokesman could not explain Saturday is why the Defense Department chose Global Resource Systems LLC, a company with no record of government contracts, to manage the address space.
‘As to why the DoD would have done that I’m a little mystified, same as you,’ said Paul Vixie, an internet pioneer credited with designing its naming system and the CEO of Farsight Security.
The company did not return phone calls or emails from The Associated Press. It has no web presence, though it has the domain grscorp.com. Its name doesn’t appear on the directory of its Plantation, Florida, domicile, and a receptionist drew a blank when an AP reporter asked for a company representative at the office earlier this month. She found its name on a tenant list and suggested trying email. Records show the company has not obtained a business license in Plantation.
Incorporated in Delaware and registered by a Beverly Hills lawyer, Global Resource Systems LLC now manages more internet space than China Telecom, AT&T or Comcast.
The only name associated with it on the Florida business registry coincides with that of a man listed as recently as 2018 in Nevada corporate records as a managing member of a cybersecurity/internet surveillance equipment company called Packet Forensics. The company had nearly $40 million in publicly disclosed federal contracts over the past decade, with the FBI and the Pentagon’s Defense Advanced Research Projects Agency among its customers.
That man, Raymond Saulino, is also listed as a principal in a company called Tidewater Laskin Associates, which was incorporated in 2018 and obtained an FCC license in April 2020. It shares the same Virginia Beach, Virginia, address — a UPS store — in corporate records as Packet Forensics. The two have different mailbox numbers. Calls to the number listed on the Tidewater Laskin FCC filing are answered by an automated service that offers four different options but doesn’t connect callers with a single one, recycling all calls to the initial voice recording.
Saulino did not return phone calls seeking comment, and a longtime colleague at Packet Forensics, Rodney Joffe, said he believed Saulino was retired. Joffe, a cybersecurity luminary, declined further comment. Joffe is chief technical officer at Neustar Inc., which provides internet intelligence and services for major industries, including telecommunications and defense.
In 2011, Packet Forensics and Saulino, its spokesman, were featured in a Wired story because the company was selling an appliance to government agencies and law enforcement that let them spy on people’s web browsing using forged security certificates.
The company continues to sell ‘lawful intercept’ equipment, according to its website. One of its current contracts with the Defense Advanced Research Projects Agency is for ‘harnessing autonomy for countering cyber-adversary systems.’ A contract description says it is investigating ‘technologies for conducting safe, nondisruptive, and effective active defense operations in cyberspace.’ Contract language from 2019 says the program would ‘investigate the feasibility of creating safe and reliable autonomous software agencies that can effectively counter malicious botnet implants and similar large-scale malware.’
Deepening the mystery is Global Resource Systems’ name. It is identical to that of a firm that independent internet fraud researcher Ron Guilmette says was sending out email spam using the very same internet routing identifier. It shut down more than a decade ago. All that differs is the type of company. This one’s a limited liability corporation. The other was a corporation. Both used the same street address in Plantation, a suburb of Fort Lauderdale.
‘It’s deeply suspicious,’ said Guilmette, who unsuccessfully sued the previous incarnation of Global Resource Systems in 2006 for unfair business practices. Guilmette considers such masquerading, known as slip-streaming, a ham-handed tactic in this situation. ‘If they wanted to be more serious about hiding this they could have not used Ray Saulino and this suspicious name.’
Guilmette and Madory were alerted to the mystery when network operators began inquiring about it on an email list in mid-March. But almost everyone involved didn’t want to talk about it. Mike Leber, who owns Hurricane Electric, the internet backbone company handing the address blocks’ traffic, didn’t return emails or phone messages.
Despite an internet address crunch, the Pentagon — which created the internet — has shown no interest in selling any of its address space, and a Defense Department spokesman, Russell Goemaere, told the AP on Saturday that none of the newly announced space has been sold. – Tampa Bay Times
Indeed something very interesting is going on here, and I do not think we are going to get a real answer anytime soon, especially if National Security is involved. There have been rumblings for a long time within the technology and national security arena that the Military was working on a next generation version of the internet.
The Washington Post addressed this in a different way, unsurprisingly given its owner Jeff Bezos connections to the U.S. Intelligence Community, namely the CIA:
While the world was distracted with President Donald Trump leaving office on Jan. 20, an obscure Florida company discreetly announced to the world’s computer networks a startling development: It now was managing a huge unused swath of the internet that, for several decades, had been owned by the U.S. military.
What happened next was stranger still.
The company, Global Resource Systems LLC, kept adding to its zone of control. Soon it had claimed 56 million IP addresses owned by the Pentagon. Three months later, the total was nearly 175 million. That’s almost 6% of a coveted traditional section of internet real estate — called IPv4 — where such large chunks are worth billions of dollars on the open market.
The entities controlling the largest swaths of the internet generally are telecommunications giants whose names are familiar: AT&T, China Telecom, Verizon. But now at the top of the list was Global Resource Systems — a company founded only in September that has no publicly reported federal contracts and no obvious public-facing website.
As listed in records, the company’s address in Plantation, Fla., outside Fort Lauderdale, is a shared workspace in an office building that doesn’t show Global Resource Systems on its lobby directory. A receptionist at the shared workspace said Friday that she could provide no information about the company and asked a reporter to leave. The company did not respond to requests for comment.
The only announcement of Global Resources Systems’ management of Pentagon addresses happened in the obscure world of Border Gateway Protocol (BGP) — the messaging system that tells internet companies how to route traffic across the world. There, messages began to arrive telling network administrators that IP addresses assigned to the Pentagon but long dormant could now accept traffic — but it should be routed to Global Resource Systems.
Network administrators began speculating about perhaps the most dramatic shift in IP address space allotment since BGP was introduced in the 1980s.
‘They are now announcing more address space than anything ever in the history of the internet,’ said Doug Madory, director of internet analysis for Kentik, a network monitoring company, who was among those trying to figure out what was happening. He published a blog post on the mystery Saturday morning.
The theories were many. Did someone at the Defense Department sell off part of the military’s vast collection of sought-after IP addresses as Trump left office? Had the Pentagon finally acted on demands to unload the billions of dollars worth of IP address space the military has been sitting on, largely unused, for decades?
An answer, of sorts, came Friday.
The change is the handiwork of an elite Pentagon unit known as the Defense Digital Service, which reports directly to the secretary of defense. The DDS bills itself as a ‘SWAT team of nerds’ tasked with solving emergency problems for the department and conducting experimental work to make big technological leaps for the military.
Created in 2015, the DDS operates a Silicon Valley-like office within the Pentagon. It has carried out a range of special projects in recent years, from developing a biometric app to help service members identify friendly and enemy forces on the battlefield to ensuring the encryption of emails Pentagon staff were exchanging about coronavirus vaccines with external parties.
Brett Goldstein, the DDS’s director, said in a statement that his unit had authorized a ‘pilot effort’ publicizing the IP space owned by the Pentagon.
‘This pilot will assess, evaluate and prevent unauthorized use of DoD IP address space,’ Goldstein said. ‘Additionally, this pilot may identify potential vulnerabilities.’
Goldstein described the project as one of the Defense Department’s ‘many efforts focused on continually improving our cyber posture and defense in response to advanced persistent threats. We are partnering throughout DoD to ensure potential vulnerabilities are mitigated.’
The specifics of what the effort is trying to achieve remain unclear. The Defense Department declined to answer a number of questions about the project, and Pentagon officials declined to say why Goldstein’s unit had used a little-known Florida company to carry out the pilot effort rather than have the Defense Department itself ‘announce’ the addresses through BGP messages — a far more routine approach.
What is clear, however, is the Global Resource Systems announcements directed a fire hose of internet traffic toward the Defense Department addresses. Madory said his monitoring showed the broad movements of internet traffic began immediately after the IP addresses were announced Jan. 20. – The Washington Post
The Washington Post appears to be mainly taking the Defense Department “SWAT team of nerds” description of the “program” at face value. They give the impression that this is about network security and identifying potential vulnerabilities, eluding to the tensions with Russia and China and recent data breaches that have occurred.
Remember that DARPA is responsible for the development of emerging technologies for use by the US Military and have been responsible for creating massive surveillance programs like Total Information Awareness and LifeLog. With DARPA being tied to the company managing the IP addresses, it seems something far more complex is going on with this situation. Recall as well the recent Nashville bomber who appeared to be targeting an AT&T/NSA VoIP Router Complex using a bomb that is designed to penetrate underground and has never been used before. SGT Report explains:
We now have video evidence that an incoming missile initiated the explosion in Nashville. The following skyline video, embedded below, shows quite clearly an incoming missile trail immediately before the explosion.
We also now know that the location, which was blurred out by Google street maps, housed the AT&T / NSA VoIP Router Complex, which allows the NSA to spy on all phone conversations and phone texts of anyone using the AT&T network. The Intercept article, ‘The Wiretap Rooms,’ explains the existence of ‘hidden NSA spy hubs’ all across America.
The former owner of the building is reportedly Cerebus Capital, which is tied to Yagoobzadeh, which acquired some ownership of Dominion Voting Systems.
Various internet analysts say the blast appears to have been intended to halt a Dominion voting machines audit that was about to take place in the building as well, although that has not yet been confirmed.
No matter what the motive, you can rest assured the media will find some White conservative gun owner to blame for everything, as that’s always their propaganda narrative.
The following screen shots from the video (below) show the incoming missile trail, meaning this was a military operation, and the missile was fired from an aircraft:
Here’s the Google street view at the address, showing the AT&T ‘spy hub’ storefront blurred out by Google. Wonder why? – SGT Report
If what happened in Nashville was a covert military operation it would explain the alarm that warned citizens to flee the area, as well as the quickly scuttled media reporting. Despite the alleged perpetrator being a “white male” and a “conspiracy theorist,” the media did not harp on the story as they typically do. This would make sense if this was in fact an operation and the media didn’t want to call too much attention to it.
Whether these things are related is yet to be seen, but it is interesting. There was also the Solar Winds data breach, as well as the WEF warning of the next major disruptive event being a so-called “cyber pandemic.”
In any case, we at Patriots’ Soapbox have filed a FOIA request with the Department of Defense for information regarding this recent contract with one Global Resource Systems, LLC. Whether anything comes from that remains to be seen.
This story is still developing. We will update as more information becomes available.