Edward Snowden Reveals NSA’s MonsterMind Program

It's a cyberwar robot that always hits back.

A view of Monstermind's physical lair, photographed from an Electronic Frontier Foundation airship Parker Higgins, Electronic Frontier Foundation

In the high desert near Bluffdale, Utah, there lurks a creature made entirely of zeroes and ones. Called “MonsterMind”, the project is an automated cyber weapon, perched atop the data flows into the National Security Agency’s Mission Data Repository. According to recent revelations from former government contractor and NSA leaker Edward Snowden, Monstermind is both tremendously powerful and easily fooled. Here’s the skinny on the biggest revelation from Wired‘s recent profile of Snowden. Author James Bamford writes:

As described, MonsterMind is a brute force approach to covert cyber war embodied in one program. In order to function, it scans a huge amount of electronic communication, all passing through the 247 acre facility, and looks for attacks. That’s the scary part. The dumb part is how it automatically decides where to strike back. Spoofing, as Snowden mentioned, is a relatively simple technique for hiding where an attack comes from. It’s the online equivalent of throwing a pebble to distract the prison guard while the plucky protagonist runs away.

Bamford describes this attack as Strangelovian, in reference to the Stanley Kubrick film about nuclear war. In the film, the Soviets develop a nuclear deterrent system that automatically attacks America if Russia gets hit first. The deterrent fails in part because the Americans didn’t know about it, and the film ends with a montage of nuclear explosions, as an accidental American first strike triggers the apocalypse. The automatic strike-back mechanism and obscurity of Monstermind resemble this device, but the stakes are at least an order of magnitude less severe than all-out nuclear war.

Cyber attacks at present are mostly the theft of private data or bank information, with the occasional rare instance of actual industrial sabotage breaking a machine. None of this makes an automated strike-back system great, but it’s still a far cry from the world-ending threat of thermonuclear war.

Read this and other revelations, including one about a contractor router that broke Syria’s internet, at Wired.