NSA works to automatically detect attacks, return strikes from foreign adversaries

Share this article:
cyber attack
The MonsterMind program was being developed as recently as last year, reports reveal.

A developing NSA program called “MonsterMind” would allow the intelligence agency to automatically detect attacks from foreign adversaries, and even retaliate with cyber strikes as a means of defusing future attacks, new reports reveal.

On Wednesday, Wired published a profile of former NSA contractor Edward Snowden, who disclosed details on the MonsterMind operation. That day, the outlet also highlighted the program in a separate article by Kim Zetter.

Snowden told Wired that NSA aimed to make use of mass collections of metadata, by using algorithms that could help the government isolate malicious traffic from normal cyber activities and, in doing so, erect a defense system with immediate detection and response capabilities.

Furthermore, Zetter's article detailed how foreign cyber attacks could be deterred quickly through reprisal, under the program.

"Snowden suggests MonsterMind could one day be designed to return fire – automatically, without human intervention – against the attacker,” Zetter wrote. “Because an attacker could tweak malicious code to avoid detection, a counterstrike would be more effective in neutralizing future attacks.”

The program, which was being crafted by the NSA as recently as last year, would fall well within the category of “active defense” strategies taken to thwart cyber attack. Such measures range from using deception to trick hackers to legal efforts (like shutting down botnets) or more extreme tactics – like striking back against an adversary's infrastructure – which many in the security community have argued against.

Last week, Jarno Limnell, director of cyber security at McAfee, wrote at length on the dangers of “fighting fire with fire,” as a means of stopping attackers.

In addition to the legal and ethical concerns that are raised, he said that offensive actions can quickly escalate in undesired ways to those hoping to actively protect their assets from adversaries.

“As has been the case on many occasions in the history of the physical world, offensive actions can easily lead to greater problems, and the danger of escalation is always present,” Limnell wrote. “In today's digitally interconnected world there is also a huge potential for unpredictable side effects and collateral damage from aggressive actions.”

The practice also gives way to questions of proper conduct in cyber space, which has become a "Wild West" in its on right, he added.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.