Former National Security Agency contractor and surveillance whistleblower Edward Snowden revealed in an interview with WIRED details about the MonsterMind program, a cyber defense system.
Snowden has revealed that the United States government has implemented multitudes of surveillance programs all over the world. His latest revelation shows that the cyber defense of the government may hinge on these surveillance programs, once again raising concerns about online privacy.
The MonsterMind program will be able to neutralize cyber attacks against the United States autonomously and instantly, and will also be able to launch counterattacks. The program will use algorithms to search through massive amounts of metadata, identifying safe network traffic and malicious or threatening traffic. Once a threat is identified, the NSA can then choose to block or eliminate it.
Matt Blaze, a cryptographer and a University of Pennsylvania computer science associate professor, states that the NSA can spot patterns of metadata if it knows the procedure with which a malicious algorithm is able to generate attacks.
"If you have hundreds or thousands of flows starting up from a particular place and targeted to a particular machine, this might indicate you're under attack. That's how intrusion detection and anomaly-detection systems generally work. If you have intelligence about the attack tools of your adversary, you may be able to match specific patterns to specific tools that are being used to attack," Blaze said.
MonsterMind may be developed to launch counterattacks, though Snowden did not specify if these counterattacks will involve malicious code to shut down the attacker's entire system or just the malicious tools used. Snowden, however, raised two glaring concerns.
The first concern stemming from MonsterMind is that counterattacks could cause collateral damage to non-threat parties, such as machines of other governments that were hacked into by the attacker. This would be similar to what Microsoft recently did in eliminating two botnets to stop specific malicious activity, but in the process also disabling thousands of innocent domains.
The second concern is that, for MonsterMind to do its job, the NSA would have to be able to collect and study all the network traffic flows to be able to design the program's algorithm. The agency would then have to intercept all the traffic flows from all the people, at all times, which is an online privacy concern that violates the constitution's Fourth Amendment.
Snowden added that MonsterMind was already under development when he left the agency last year.