Edward Snowden has recently unveiled more security measures from the NSA. “MonsterMind” is a “cyber defense system” used to detect and counteract potential threats hidden in internet traffic. According to an interview with Wired, Snowden explains that these algorithms would be used to search out large amounts of metadata to make determinations between what would be considered typical traffic from abnormal or dangerous use. Using this information, the NSA would be able to immediately target, and prevent threats from foreign sources.
MonsterMind would identify foreign attacks and in some cases, launch its own in response. Wired compares it to the Star Wars initiative of the 1980s which would have been used to shoot down any nuclear missiles fired at the United States. MonsterMind could shoot down any cyberattack launched at us by detecting it early and stopping it before it did any damage. It would also be able to trace the attack back to the original server allowing it to respond in kind.
With the increase in cyberwarfare the possibility of the NSA creating and using this kind of program is not surprising, however, it continues the disturbing trend of the NSA’s intrusion into the lives and communications of American citizens. Snowden considers the extent of the information gathering used by MonsterMind to be a violation of the Fourth Amendment.
According to Hudson Kingston of the Center for Digital Democracy, MonsterMind is lacking what are called “fig leaf” controls. These controls are used to filter the content that the program obtains through its broad sweeps of internet traffic limiting the number of personal communications included.
“‘Mass collection of personal information is a violation of privacy rights even if it might be used to stop cyberattacks, and the NSA does not seem to be balancing constitutional protections in its efforts to intercept all traffic on the Internet,'” Hudson told TechNewsWorld.”
The other problem Snowden points out with the use of this program is that it can be easily fooled. Many attacks can be bounced off of the servers of unsuspecting third parties who have nothing to do with the original attacker. These third-party servers also may be responsible for controlling specific systems the disruption of which could cause significant damage to the hosting countries infrastructure. He points out that this could cause unintended consequences for unconnected parties, and create unwarranted conflicts with these nations.
According to Wired’s sources a program like MonsterMind would be unlikely to operate without taking that problem into consideration. The very nature of these attacks makes this almost a standard practice on these sort of activities.
Other sources argue that the solution to this problem would simply be to use passive counterattacks like disabling the connection to the IP address or using cyberworms instead that would only stop the attack and track it to its source without damaging it automatically.
As of right now it is unclear whether MonsterMind is being put into action and according to Wired, the NSA did not respond to any questions regarding the program.
By Clara Goode