Editorials & Other Articles

http://www.wired.com/2014/08/nsa-monstermind-cyberwarfare/

Although details of the program are scant, Snowden tells WIRED in an extensive interview with James Bamford that algorithms would scour massive repositories of metadata and analyze it to differentiate normal network traffic from anomalous or malicious traffic. Armed with this knowledge, the NSA could instantly and autonomously identify, and block, a foreign threat.

Cryptographer Matt Blaze, an associate professor of computer science at the University of Pennsylvania, says if the NSA knows how a malicious algorithm generates certain attacks, this activity may produce patterns of metadata that can be spotted.

“An individual record of an individual flow only tells you so much, but more revealing might be patterns of flows that are indicative of an attack,” he says. “If you have hundreds or thousand of flows starting up from a particular place and targeted to a particular machine, this might indicate you’re under attack. That’s how intrusion detection and anomaly-detection systems generally work. If you have intelligence about the attack tools of your adversary, you may be able to match specific patterns to specific tools that are being used to attack.”

Think of it as a digital version of the Star Wars initiative President Reagan proposed in the 1980s, which in theory would have shot down any incoming nuclear missiles. In the same way, MonsterMind could identify a distributed denial of service attack lobbed against US banking systems or a malicious worm sent to cripple airline and railway systems and stop—that is, defuse or kill— it before it did any harm.
(more)