NSA works to automatically detect attacks, return strikes from foreign adversaries

Share this article:
cyber attack
The MonsterMind program was being developed as recently as last year, reports reveal.

A developing NSA program called “MonsterMind” would allow the intelligence agency to automatically detect attacks from foreign adversaries, and even retaliate with cyber strikes as a means of defusing future attacks, new reports reveal.

On Wednesday, Wired published a profile of former NSA contractor Edward Snowden, who disclosed details on the MonsterMind operation. That day, the outlet also highlighted the program in a separate article by Kim Zetter.

Snowden told Wired that NSA aimed to make use of mass collections of metadata, by using algorithms that could help the government isolate malicious traffic from normal cyber activities and, in doing so, erect a defense system with immediate detection and response capabilities.

Furthermore, Zetter's article detailed how foreign cyber attacks could be deterred quickly through reprisal, under the program.

"Snowden suggests MonsterMind could one day be designed to return fire – automatically, without human intervention – against the attacker,” Zetter wrote. “Because an attacker could tweak malicious code to avoid detection, a counterstrike would be more effective in neutralizing future attacks.”

The program, which was being crafted by the NSA as recently as last year, would fall well within the category of “active defense” strategies taken to thwart cyber attack. Such measures range from using deception to trick hackers to legal efforts (like shutting down botnets) or more extreme tactics – like striking back against an adversary's infrastructure – which many in the security community have argued against.

Last week, Jarno Limnell, director of cyber security at McAfee, wrote at length on the dangers of “fighting fire with fire,” as a means of stopping attackers.

In addition to the legal and ethical concerns that are raised, he said that offensive actions can quickly escalate in undesired ways to those hoping to actively protect their assets from adversaries.

“As has been the case on many occasions in the history of the physical world, offensive actions can easily lead to greater problems, and the danger of escalation is always present,” Limnell wrote. “In today's digitally interconnected world there is also a huge potential for unpredictable side effects and collateral damage from aggressive actions.”

The practice also gives way to questions of proper conduct in cyber space, which has become a "Wild West" in its on right, he added.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.