WASHINGTON – The National Security Agency is developing a tool that can detect cyberattacks from an adversary by analyzing Internet traffic and respond automatically, a leaked document showed.
Wired magazine revealed the existence of the program called MonsterMind in an article following a series of interviews with former NSA contractor Edward Snowden.
The magazine reviewed some of the leaked documents and said MonsterMind, disclosed for the first time, would automate the process of hunting for the early stages of a foreign cyberattack.
Snowden told the magazine he was troubled by this effort because attacks are often routed through computers in innocent third countries and the source can be “spoofed.”
“You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia,” he said. “And then we end up shooting back at a Russian hospital. What happens next?”
Snowden also said he sees the program as a threat to privacy because it would require access to virtually all private communications coming in from overseas to people in the United States.
“The argument is that the only way we can identify these malicious traffic flows and respond to them is if we’re analyzing all traffic flows,” he told Wired.
“And if we’re analyzing all traffic flows, that means we have to be intercepting all traffic flows.”
This means “seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.”
The NSA declined to comment on the report.