- Global Resource Systems LLC began managing about Pentagon IP addresses in January.
- The company has no online presence and currently manages about 6% of usable internet space.
- Here are the biggest questions about the Pentagon's decision to activate nearly 175 million dormant IP addresses.
- See more stories on Insider's business page.
A mysterious company from Florida took over managing a large portion of the internet owned by the Pentagon mere minutes before Joe Biden was sworn into office.
The company, which was identified as Global Resource Systems LLC, now oversees nearly 175 million IP addresses – managing more cyberspace than some of the world's largest internet providers, including Comcast and AT&T.
The mysterious startup's new role spawned several questions regarding the internet space and the Pentagon's plans for it. Here are some of the biggest unanswered questions about the unknown company that is now managing nearly 6% of usable internet space.
What exactly is the Pentagon looking for?
The Pentagon made its first statement regarding its decision on Friday. Brett Goldstein, the chief of the Pentagon's defense digital service, said federal officials are working to "assess, evaluate and prevent unauthorized use of DoD IP address space" and hopes to "identify potential vulnerabilities" in its fight to curb cyberattacks of US networks.
Despite its response, the Pentagon left more questions regarding its intentions than answers.
Mike Hamilton, former chief information security officer of Seattle and CISO of cybersecurity firm CI Security, told Insider one of the biggest questions people should be asking is, "Are they looking for something specific?" He said it seems unlikely that the pentagon would initiate a contract of that size without a probable cause or inciting incident.
"If they're going to the extent of 175 million IP addresses, chances are they're not just looking for "vulnerabilities," Hamilton said. "The kind of computing power a company would need to be able to analyze 175 million IP addresses and the technology they would have to deploy, likely means this decision had to have been planned a long time ago."
The government could be motivated by any number of reasons. Cybersecurity experts told Insider the Pentagon could be working to lure hackers or build up their defense by analyzing threats online, as well as planning to launch infrastructure for surveillance or even its own targeted cyber attacks against other countries.
Why did the Pentagon choose an unknown startup?
Global Resource Systems LLC was created in September and has no prior government contracts. The company also does not have an online presence or a business license where it is registered in Plantation, Florida, though the company filed paperwork in October, for incorporation in Delaware, as shown by Florida state records.
Cybersecurity experts told Insider the company's anonymity puts an extra layer of protection over the government and makes it even easier to hide what the Pentagon is doing with the IP addresses.
"I can only speculate that 'Global Resource Systems LLC' is a DBA / Delaware Fictitious Name," Scott Schober, CEO of cybersecurity firm Berkeley Varitronics Systems, told Insider. "They can then operate under an alias company name so they can stay off the radar and avoid scrutiny. Global Resource Systems can function as an extension of the government without direct connection allowing them to monitor activities without the overwhelming presence of the Pentagon nor the scrutiny of public opinion."
Who is behind the Florida company?
The name on the company's business papers, Raymon Saulino, matches a name tied to Packet Forensics, a company that has worked with the government before, according to a report from Associated Press. Packet Forensic had nearly $40 million in federal contracts over the past 10 years. It currently sells lawful intercept equipment - a process that allows law enforcement agencies to selectively wiretap individuals via a court order.
The company received national attention in 2011 when a Wired story reported Packet Forensics was selling an application to the federal government that could spy on people's online browsers.
Global Resource Systems LLC also has the same name as a firm that shut down over 10 years ago and was sending out email spam, internet fraud researcher Ron Guilmette told Associated Press. The company had the same street address and used the same internet routing identifier. The only difference between the two companies is that this one operates as a limited liability corporation.
The company has no real history, but the people behind the company undoubtedly have government connections, Morgan Wright, the chief security officer of SentineOne, told Insider.
Wright told Insider the startup is likely a shell for a bigger company due to the computing power needed to manage nearly 175 million IP addresses.
"It would be like trying to eat an elephant," Wright said. "Not many companies can do that."
Why did the handover happen moments before Trump left office?
The shift in management of the IP addresses was revealed via an announcement in the internet-routing messaging system of Border Gateway Protocol (BGP). Messages arrived about three minutes prior to Biden's inauguration that the previously dormant IP addresses that had been assigned to the Pentagon had begun accepting internet traffic that would be routed through the new company. Overtime, the company increased its management to nearly 175 million unused ranges on the IPv4 internet space.
While the timing seems noteworthy, many cybersecurity experts told Insider that the decision was probably not politically motivated.
Wright said the deal had likely been in the works for some time. It probably made sense for the Pentagon to put it into action before it would have to go through the scrutinization process of a whole new administration.