NSA works to automatically detect attacks, return strikes from foreign adversaries
The MonsterMind program was being developed as recently as last year, reports reveal.
A developing NSA program called “MonsterMind” would allow the intelligence agency to automatically detect attacks from foreign adversaries, and even retaliate with cyber strikes as a means of defusing future attacks, new reports reveal.
On Wednesday, Wired published a profile of former NSA contractor Edward Snowden, who disclosed details on the MonsterMind operation. That day, the outlet also highlighted the program in a separate article by Kim Zetter.
Snowden told Wired that NSA aimed to make use of mass collections of metadata, by using algorithms that could help the government isolate malicious traffic from normal cyber activities and, in doing so, erect a defense system with immediate detection and response capabilities.
Furthermore, Zetter's article detailed how foreign cyber attacks could be deterred quickly through reprisal, under the program.
"Snowden suggests MonsterMind could one day be designed to return fire – automatically, without human intervention – against the attacker,” Zetter wrote. “Because an attacker could tweak malicious code to avoid detection, a counterstrike would be more effective in neutralizing future attacks.”
The program, which was being crafted by the NSA as recently as last year, would fall well within the category of “active defense” strategies taken to thwart cyber attack. Such measures range from using deception to trick hackers to legal efforts (like shutting down botnets) or more extreme tactics – like striking back against an adversary's infrastructure – which many in the security community have argued against.
Last week, Jarno Limnell, director of cyber security at McAfee, wrote at length on the dangers of “fighting fire with fire,” as a means of stopping attackers.
In addition to the legal and ethical concerns that are raised, he said that offensive actions can quickly escalate in undesired ways to those hoping to actively protect their assets from adversaries.
“As has been the case on many occasions in the history of the physical world, offensive actions can easily lead to greater problems, and the danger of escalation is always present,” Limnell wrote. “In today's digitally interconnected world there is also a huge potential for unpredictable side effects and collateral damage from aggressive actions.”
The practice also gives way to questions of proper conduct in cyber space, which has become a "Wild West" in its on right, he added.