Edward Snowden in Moscow in October, 2013. In a new report, Snowden leaks information about an alleged NSA cyber warfare program, dubbed MonsterMind. (Photo by TheWikiLeaksChannel, CC BY 3.0)

The latest chapter in the Orwellian saga that is the NSA’s impingement on Fourth Amendment rights broke today in WIRED Magazine’s extensive interview with Edward Snowden.

Snowden, who met and spoke with James Bamford for WIRED in Moscow, reportedly offered information on a new program the NSA may be developing; one that could, if unleashed, reimagine the way we envision hacking and breaches of privacy, not to mention ignite cyber warfare. While the specifics of the program are vague – it may not even exist yet – the damage this alleged new program, dubbed MonsterMind, could cause is catastrophic.

Shutterstock image

The goal of MonsterMind, according to Snowden, is to identify and automatically disable, or “kill,” malicious hacking or the seeds of a foreign cyberattack. MonsterMind software would constantly search for digital traffic patterns that indicate an attack and, when those patterns are found, block them.

Basically, “algorithms would scour massive repositories of metadata and analyze it to differentiate normal network traffic from anomalous or malicious traffic. Armed with this knowledge, the NSA could instantly and autonomously identify, and block, a foreign threat,” Snowden told Bamford. The NSA declined to comment, according to WIRED.

There are two major issues with this approach to cyber security.

First is that, to track and monitor a potential hacking attack, the NSA would have to have access to and constantly monitor practically all private communications between the U.S. and overseas.

“The argument is that the only way we can identify these malicious traffic flows and respond to them is if we’re analyzing all traffic flows; and if we’re analyzing all traffic flows, that means we have to be intercepting all traffic flows. That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time,” Snowden told Bramford.

The second largest concern over MonsterMind is that the program could one day be engineered to return fire — automatically and without human intervention or interaction.

“The biggest problem for governments waging fights on the Internet is the one of attribution — determining who’s to blame for an attack,” Brian Fung wrote for The Washington Post. In cyber warfare there is no guarantee that the enemy is where they seem to be.

“These attacks can be spoofed,” Snowden told Bamford. “You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital.”

“MonsterMind” could one day be engineered to return fire, automatically and without human intervention.

“A counterstrike could…run the risk of embroiling the US in a conflict with the nation where the systems are located. What’s more, a retaliatory strike could cause unanticipated collateral damage,” Kim Zetter wrote for WIRED. “Before returning fire, the US would need to know what it is attacking, and what services or systems rely upon it. Otherwise, it could risk taking out critical civilian infrastructure.”

International law requires that any retaliation, on the ground or over the wires, be “proportional” to the affect of the original attack and “discriminate” when choosing its targets. The targeting of civilians, for example, is and has always been off limits.

But, as General Keith Alexander, former director of the NSA, said during his confirmation hearing before the Senate’s Committee on Armed Services in 2010, “neither proportionality nor discrimination requires that we know who is responsible before we take defensive action.”

So, aside from the beginnings of World War III, what’s the worst that could happen?

For Snowden, who has risked his life and freedom to leak information about the NSA with the American public, the next worst thing that can happen is that no one cares.

“Another concern for Snowden is what he calls NSA fatigue—the public becoming numb to disclosures of mass surveillance, just as it becomes inured to news of battle deaths during a war,” Bramford wrote.

While there is no guarantee against widespread public apathy, there are concrete steps to be taken to foil national surveillance at the hands of the NSA: “We have the means and we have the technology to end mass surveillance without any legislative action at all, without any policy changes,” Snowden said.

“By basically adopting changes like making encryption a universal standard—where all communications are encrypted by default—we can end mass surveillance not just in the United States but around the world,” Snowden said.

 

 

 

 

 

This alleged NSA program could automatically launch counterattacks at hackers, without knowing who or where they are
You can read more stories on Boston startups, technology and innovation at https://www.bizjournals.com/boston/inno