Just three minutes before Donald Trump left office on inauguration day, a “shadowy” company1 called Global Resource Systems LLC received control of tens of millions of Pentagon-owned IP addresses that were previously dormant.2
The U.S. Department of Defense (DOD) made the mysterious transfer, and the number of DOD-owned IP addresses announced by Global Resource Systems increased from 56 million in late January to 175 million in April 2021.3
“It is massive. That is the biggest thing in the history of the internet,” Doug Madory, director of internet analysis at network operating company Kentik, told The Associated Press, which conducted an investigation into the strange occurrence.4 For reference, this swath of internet real estate amounts to one twenty-fifth of the current internet, and more than twice the size of internet being actively used by the Pentagon.5
Theories quickly emerged from the networking community about why an obscure company was handed so much of the Pentagon’s internet.
A Washington Post article suggested, "Did someone at the Defense Department sell off part of the military's vast collection of sought-after IP addresses as Trump left office? Had the Pentagon finally acted on demands to unload the billions of dollars’ worth of IP address space the military has been sitting on, largely unused, for decades?"6,7
Weeks went by before any explanations were provided, but the Pentagon’s response left more questions than answers.
Pentagon: ‘Pilot Effort’ to ‘Prevent Unauthorized Use’
The project is reportedly being run by the Pentagon’s Defense Digital Service (DDS), which was launched in 2015 to help the DOD “solve high-impact challenges” via “private-sector tools, approaches and talent.” Brett Goldstein, DDS director, stated:8
DDS was created to bring in the best and brightest, to help advance the mission to solve some of our hardest technical problems, and to make sure technology doesn't get in the way of our mission: national defense. I think one of the things we've learned in government is that technology needs to enable the mission.
In regard to the internet mystery, Goldstein said the “pilot project” intends to “assess, evaluate and prevent unauthorized use of DOD IP address space,” and, according to the AP, “‘identify potential vulnerabilities’ as part of efforts to defend against cyber-intrusions by global adversaries, who are consistently infiltrating U.S. networks, sometimes operating from unused internet address blocks.”9
Cybersecurity experts have suggested the IP addresses may be part of so-called “honeypots,” which are intentionally vulnerable to attract hackers, or an effort to set up software and servers to monitor for suspicious activities.10 According to Madory:11
I interpret this to mean that the objectives of this effort are twofold. First, to announce this address space to scare off any would-be squatters, and secondly, to collect a massive amount of background internet traffic for threat intelligence.
To get an idea of the scope of this pilot project and the many mysteries still behind it, Madory explained:12
Following the increase, AS8003 [the entity announcing the DOD’s internet space] became, far and away, the largest AS in the history of the internet as measured by originated IPv4 space. By comparison, AS8003 now announces 61 million more IP addresses than the now-second biggest AS in the world, China Telecom, and over 100 million more addresses than Comcast, the largest residential internet provider in the U.S.
… While yesterday’s statement from the DoD answers some questions, much remains a mystery. Why did the DoD not just announce this address space themselves instead of directing an outside entity to use the AS of a long dormant email marketing firm? Why did it come to life in the final moments of the previous administration?
The Company Has DARPA, Internet Surveillance Ties
Not much is known about Global Resource Systems, the company the Pentagon called upon to manage its address space, even though it has no record of government contracts. The AP revealed it has an address in Plantation, Florida, and was incorporated in Delaware and registered by a Beverly Hills lawyer.
Raymond Saulino is the only name associated with the company, however, and he is also linked to Packet Forensics, a cybersecurity/internet surveillance equipment company. According to the AP:13
The company had nearly $40 million in publicly disclosed federal contracts over the past decade, with the FBI and the Pentagon’s Defense Advanced Research Projects Agency [DARPA] among its customers …
In 2011, Packet Forensics and Saulino, its spokesman, were featured in a Wired14 story because the company was selling an appliance to government agencies and law enforcement that let them spy on people’s web browsing using forged security certificates.
The company continues to sell ‘lawful intercept’ equipment, according to its website. One of its current contracts with the Defense Advanced Research Projects Agency is for ‘harnessing autonomy for countering cyber-adversary systems.’ A contract description says it is investigating ‘technologies for conducting safe, nondisruptive, and effective active defense operations in cyberspace.’
Contract language from 2019 says the program would ‘investigate the feasibility of creating safe and reliable autonomous software agencies that can effectively counter malicious botnet implants and similar large-scale malware.’
Adding even more confusion, a company by the same name — Global Resource Systems — and address was accused of sending email spam before it shut down more than 10 years ago.
Internet fraud researcher Ron Guilmette, who sued Global Resource Systems in 2006 for unfair business practices, told the AP, “It’s deeply suspicious … If they wanted to be more serious about hiding this they could have not used Ray Saulino and this suspicious name.”15