Pentagon wants to search 80% of world’s IP addresses for viruses – DARPA docs
The goal of DARPA’s new program is to identify and neutralize botnets and other large-scale malware through generating and installing “autonomous software agents” that would go after an adversary’s viruses, the agency posted on the Federal Business Opportunities website.
DARPA, which is part of the Pentagon, wants proposers to be able to look at 80% of the global IP-address space in order to “fingerprint” networks and detect botnets.
The software agents they develop should be able to use known vulnerabilities in worldwide computer networks to establish “presence in each botnet-conscripted network without affecting legitimate system functionality,” the document says.
“DARPA will facilitate access to relevant data sources by leveraging both commercial and USG relationships and data exchange agreements,” the proposal reads, without elaborating on what kind of commercial relationships DARPA is prepared to leverage.
“To achieve the necessary scale and timeliness, such a capability must be effective even if the owners of botnetconscripted networks are unaware of the infection and are not actively participating in the neutralization process,” the agency wrote.
A botnet is a network of private computers infected with malicious software and controlled as a group without the owners’ knowledge.
DARPA referenced WannaCry, and Petya/NotPetya as recent examples of botnets and malicious codes, the likes of which the US government wants to be able to neutralize.
“The May 11, 2017, Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure specifically identifies botnets as a high priority national security issue,” the agency noted.
DARPA’s previous programs included the real-time cyberdefense of the Pentagon’s internal computer network.
“Improving the security posture of Department of Defense (DoD) networks alone is insufficient to counter such threats to national security, as the majority of botnet nodes reside in neutral networks (“gray space”),” DARPA wrote. “Current incident response methods are too resource and time consuming to address the problem at scale.”
The program could have privacy implications, Jeffrey Carr, Founder of Suits and Spooks cybersecurity forum and author of “Inside Cyber Warfare,” told RT.
“The parameters of the program specifically called for privacy protection so yes, there’s a possibility that privacy could be exploited if the system itself is compromised,” Carr said.
DARPA did not immediately respond to RT’s request for comment.
It was not clear how the new program is different from what the Pentagon’s Cyber Command is doing, or whether the program would allow DARPA to receive access to private information on the millions of computers worldwide.
In June, the Petya virus attacked corporate computers worldwide, with targets including Russian energy giant, Rosneft, a French construction materials company, a British advertising agency and Ukrainian banks and ministries among many others. The ransomeware blocked and, in some cases, erased information on the infected computers and demanded $300 dollars in BitCoins to unblock the data.
A month earlier, another virus, WannaCry, infected 300,000 computers around the world, also blocking data and demanding ransom.