[nexa] Cry havoc! — and let slip the IP addresses of war

Giovanni Biscuolo giovanni at biscuolo.net
Mon Apr 26 12:33:37 CEST 2021


ho trovato un lunghissimo articolo scritto su "Liberty Unyielding", un
sito che "Media Bias / Fact Check" [1] identifica come tendente
all'estrema faziosità di destra, però con un punteggio "Factual

L'articolo è scritto da J.E. Dyer, un agente in pensione
dell'intelligence navale USA.

Lo includo inline in forma integrale in fondo al messaggio, il testo
l'ho adattato in forma solo testo dal HTML; spero di non fare cosa
sgradita, considerato che è un testo piuttosto lungo.

L'articolo ovviamente è da prendere cum granu salis.

Comunque la si pensi, che le esternazioni di Dyer siano complottistiche
o meno, la sua conclusione è di buon senso direi:

--8<---------------cut here---------------start------------->8---

It doesn’t look like millions of precious IPv4 IP addresses are being
unleashed, tantalizingly out of reach, just to excite a response from
the Web’s malicious-exploits marauders.

It looks like someone wants to do something with those IP addresses.
What it is, people with other expert backgrounds will probably have to

--8<---------------cut here---------------end--------------->8---

Questa la versione web:

«Cry havoc! — and let slip the IP addresses of war»
By J.E. Dyer  April 25, 2021

Saluti, Giovanni

[1] https://mediabiasfactcheck.com/liberty-unyielding/

P.S.. ho cercato di fare in modo che tutti i riferimenti siano
disponibili nella Wayback Machine ma non sono sicurissimo.

Ecco li testo:

-------------- next part --------------
Giovanni Biscuolo

Table of Contents

Cry havoc! — and let slip the IP addresses of war

By [J.E. Dyer]

Saturday 24 April brought a little [information cluster bomb] in the
Washington Post with the promising headline “Minutes before Trump left
office, millions of the Pentagon’s dormant IP addresses sprang to life.”

It turned out, [on investigation], that the “minutes” were a literal
reference.  The statutory end of Trump’s term was 12 noon EST on 20
January 2021, and according to computer records, the floodgate on the
“dormant IP addresses” opened at 11:57:35 AM EST.

This appears to be the only thing any of this had to do with Trump.

We’ll look at that below.  The long-story background is at the Post
story [and AP follow-on], which added a few more useful specifics.
Using the information from those stories, with some LU research mixed
in, we can tell the short-version as follows: In the 1990s, the Pentagon
[reserved for itself] millions of IP addresses out of the universe of
possible addresses that use Internet Protocol version 4, or IPv4, to
manage Internet connections.

IPv4 addresses are a precious commodity at this point, because the
potential universe of them [maxed out several years ago].  Web
infrastructure managers are being encouraged now to migrate to IPv6, to
relieve competition for a finite and scarce resource.

The Pentagon’s millions of those older-version IP addresses had lain
dormant until 20 January 2021 at 11:57:35 AM, Eastern Standard Time.

At that second, they announced their presence with authority.  That’s a
thing: an IP address is “announced” to the Net universe, and that’s when
you know it’s live and open for business.  Read about it at the links.

The weird thing is that a mysterious, no-footprint company incorporated
in Delaware and registered in Plantation, Florida is their Net daddy.
Its name is Global Resource Systems LLC.  Its address is a building in
Plantation, Florida where a lot of other businesses have their
addresses, and only one traceable name is connected with it: Raymond
Saulino.  More on that below.

Net watchers were puzzled by this, and tracked the action as the
millions of Pentagon-held IP addresses rolled out – being announced by
Global Resource Systems – in February and March.  Eventually the
Pentagon’s Defense Digital Service (DDS) provided a brief explanation.
The DDS was running a “pilot program” to, in essence, test the reaction
of the infosphere to the announcement of all these Pentagon proprietary
IP addresses.  (Again, read the linked stories for what that entails:
basically, looking for attempts at malicious activity once a whole lot
of IP addresses are exposed to it.  It has a whiff about it of Robert
S. McNamara and his Vietnam-era “exciter” patrols by U.S. warships and
aircraft, basically trying to get American military craft shot at.)

The DDS likes to refer to itself in the swashbuckling terms of its first
director, Chris Lynch: as “a SWAT team of Nerds.”  So we’re to
understand that it’s precisely the kind of rat squad that would do a
crazy thing like unleash millions of dormant IP addresses on the world,
just to see what happens.

And, sure, it would kick this public-spirited enterprise off two minutes
and 25 seconds before the new president, Joe Biden, officially took the
helm of the USS United States.  That’s what you do when you’re the
grappling-hooks and cutlasses brigade of the U.S. Digital Service, whose
prosaic civilian headquarters is in the Office of Management and Budget.

AP learned a bit more, discovering that the IP transit backbone for
Global Resource Systems is a long-established, extensively connected
Silicon Valley company, Hurricane Electric.  In the last decade
Hurricane Electric has been named [the largest company] of its kind by
the number of nodes it operates throughout the world, but I’m not sure
if that’s currently the case.

That said, an [informative interview] with Hurricane Electric’s founder,
Mike Leber, sheds some light on why the company may be a good fit for
the use it’s being put to with GRS and the Pentagon IP addresses.  Leber
has stuck to the basics of expanding capacity to do one thing well:
provide IP transit throughput.  He’s not interested in doing that
through partnerships that result in others holding equity in his company
and seeking to diversify its service offerings. This makes Hurricane
Electric ideal for customers – like DDS – that already know what they’re
doing, and just want to buy a whole lot of IP transit from a
well-entrenched, global provider.

In a situation like that, neither customer nor seller has to ask the
other a lot of questions.

It’s considered unusual that the Department of Defense would announce
its massive swarm of IP addresses using a no-footprint front company in
Florida (GRS), instead of just announcing the addresses itself.
Everyone who understands the IP universe knows the addresses belong to
the Pentagon.  The Pentagon’s block of them has been known for more than
25 years.

The people piece

That’s our starting point.  I suspect the main problem with clearing up
this mystery lies in going the wrong direction to solve it.  It’s not
the technical aspects of this event that are illuminating.  It’s who’s

And it took only a few keystrokes to turn up the usual links for most of
the main characters.

Brett Goldstein, the current director of the DDS (he succeeded Chris
Lynch), was appointed to his position in April of 2019 by then-Acting
Secretary of Defense Patrick Shanahan.  One media announcement
[described him] as being “recruited” by Shanahan, but the resumes of the
two men don’t make a good recruiting story.  Shanahan was Acting after
James Mattis left; he had no prior Washington or government experience,
but had come from a long industry career at Boeing, in which there is no
indication he specialized in information systems or infotech.  (He was
involved with the jetliner programs and missile defense.)

Shanahan probably acted on the recommendations of people with more
specialized expertise, in bringing Goldstein onboard.  Goldstein is the
co-founder of a venture capital firm where he was working at the time,
Chicago-based Ekistic Ventures.  He and co-founder David Spielfogel
[started it] in September of 2016.

But prior to that, Goldstein was the chief data officer, and then the
chief information officer, for the city of Chicago.  He held these
positions under Rahm Emanuel from 2011 to 2013.  Prior to becoming the
nation’s first city-government CDO, Goldstein’s big portfolio was as a
Chicago Police employee, working a [predictive analytics project for
policing applications].  That’s the one where programs survey and
analyze people’s online profiles, including social media activity, to
predict things like whether they’ll commit crimes, riot, or be
uncooperative with law enforcement.

Goldstein can be described as an activist and leading light of advocacy
for “civic tech”; i.e., information tech deployed for the purpose of
embedding government as seamlessly and comfortably as possible in the
daily lives of the people.

Spielfogel’s career [has been in politics].  He was Mayor Rahm Emanuel’s
chief of policy and strategic planning; before that, he worked in the
Clinton White House, for Howard Dean, and for the Senate campaigns of
Barack Obama and Alexi Giannoulias.  Since Goldstein moved to the DDS
job in 2019, Spielfogel has become the [chief policy officer] at the
smart-cities company Lime, with a focus on the “last mile of
transportation” for urban residents.

Using tech to bring ideas for urban policy and urban government to
fruition is thus the environment both partners came from and have been
passionate about.

Ekistic Ventures, notably, shares key board members with another of
Goldstein’s gigs, the 501(c)(3) group [Code for America].  Code for
America, or CfA, was founded in 2009, and the similarity of its name to
the Obama campaign organization, Obama for America, is presumably not
accidental.  Certainly CfA’s profile, which includes local “brigades” in
cities across the country, is very much on the community-organizing
model.  The vision of CfA is – my wording – to use tech to embed the
spirit of government in people’s daily lives.

In concrete terms, that means things like automating and easing people’s
access to EBT cards and other government services.  One way to think of
it — again, me speaking — is as “what ACORN would have done,” if the
current, highly-agile generation of tech had been available during
ACORN’s heyday.

For a flavor of the company CfA runs in, consider one of its signal
successes: partnering with the former D.A. of San Francisco, George
Gascón (who is now the notoriously Soros-backed D.A. of Los Angeles,
embarking on a career of [gutting the criminal justice system]).  The
joint CfA- Gascón [effort in San Francisco] involved automating the
search for marijuana possession records to expunge for thousands of

Goldstein is on CfA’s board along with the former mayor of Philadelphia,
Michael Nutter, and tech advocate Tim O’Reilly, who are also both on the
board of Ekistic Ventures.  Nutter, a long-time supporter of Hillary
Clinton, was a natural fit for making joint appearances with Obama
during the latter’s presidency.

Also on Ekistic Venture’s board is Anne Milgram, formerly the
(Democratic) attorney general of New Jersey and now Joe Biden’s [nominee
to head the Drug Enforcement Agency].  Milgram is prominent, among other
things, for her involvement in advocating “[policy equity].”

Investment firm head Michael Sacks, another [Chicago-based player], is a
board member of Ekistic Ventures.  He has [donated millions over the
years] to Democratic candidates and PACs, including Obama’s and Hillary

CfA, meanwhile, is [funded by] the usual sources, including the Open
Society Foundation and the Omidyar Network.  Google has been another
major funder.

CfA’s current CEO is, believe it or not, [Amanda Renteria].  She was
Hillary’s national campaign director in 2016, and figured as well [in
the Spygate drama] (as the person Loretta Lynch allegedly wanted to
reassure that the DOJ probe of Hillary’s email “matter” wouldn’t “go too
far”), and the Democrats’ [anti-Kavanaugh assault] in 2018.

But CfA’s original founder circles us back, as the saying goes, to a few
years earlier, and not only to the founder herself, Jennifer Pahlka, but
to the first director of the Defense Digital Service, Chris Lynch.

That’s because Pahlka and Lynch were both among the early recruits for
Obama’s U.S. Digital Service, formed in 2014.  The USDS’s [best-known
exploit] was its emergency surgery on the cataclysmically non-performing
Healthcare.gov website, which nearly stalled Obamacare out of the
starting gate.

But we’ve met the USDS at LU before, in [a treatment] of Obama’s project
to upgrade the entire White House information systems structure, an
enterprise that began in 2014.  The Obama vision for the USDS was as a
raiding party that would jumpstart IT redesign and the implementation of
fixes, coming in from outside the stovepiped, formally-funded and
chartered entities provided by the plodding budgets written in Congress.

Thus, the USDS [ended up] being headquartered just under the radar at
OMB, in the Executive Office of the President, but having a presence as
well in the General Services Administration and a handful of others,
including the DDS at the Pentagon.

Jennifer Pahlka, who had [founded Code for America] in 2009, came in as
a short-tour “fellow” with the Obama EOP and [ended up driving the
architecture and concept of the USDS].  Chris Lynch, meanwhile, also
came in (a bit later) on a “tour” from the commercial tech world (as
part of the effort to fix Healthcare.gov), and was moved from the USDS
niche in the EOP to [become the first director of the Defense Digital
Service], in – think about this – November 2015.

The timing of the DDS stand-up can’t help being interesting.  Besides
its proximity to the early moves of Spygate and Russiagate, the whole
USDS enterprise, especially in light of its expeditionary fix-and-dash
profile, has a curious feel, for the latter half of a final presidential

And anything that has a curious feel has it doubly so when it involves
causing jerky motions at the Pentagon.

These aren’t random tech folks at work.  They come from the Obama
network legacy.  And the one who’s the DDS director today has been
overseeing the announcement of Pentagon-held IP addresses, in their
fabled 1990s-era millions, since 11:57:35 AM EST on 20 January 2021.

Interesting side plots

There are other arresting features of the baseline story.  Let’s look at
a couple.

Two relate to the minor saga of the provenance of Global Resource
Systems LLC.  The first is about a predecessor company, in the sense of
the company having the exact same name.

The current GRS was [registered in Florida] in October 2020.  AP reports
that it was created (i.e., by incorporation in Delaware) in September
2020.  So it has only existed for six or seven months.  Note: there’s
nothing to be read into the incorporation in Delaware.  Incorporating in
Delaware is a popular practice due to the friendly legal structure
there, so that mere fact almost certainly has nothing to do with Joe

But there was [previously a Global Resource Systems LLC] doing business
at the same street address in Plantation, Florida (which is near Fort
Lauderdale), but headquartered at the address of investment firm [Lake
Capital Ventures] in Chicago.  Two founders of that previous GRS were
listed in the Florida registry: Terrance Graunke (misspelled Granke in
the Florida documents) and Paul Yovovich.  They are the co-founders of
Lake Capital Management.

It’s not clear from this remove in time why they registered their GRS in
Florida in 2006.  Its registration lapsed sometime before 2009, when
they reinstated it with Florida.  But the GRS company merged in 2006
with an email marketing company called MediaWhiz (which was
headquartered in New York, according to Lake Capital’s [historical
account]).  In January 2013, GRS-MediaWhiz was [bought out by an Israeli
company], Matomy, and the GRS entity was dissolved in Florida.

Resurrecting a company in 2020 with the exact same name, at the same
address (although a different suite number), looks odd.  It looks like
trying to throw up a baffle, create ambiguity – something along those
lines.  There is no indication I’ve discovered that the 2020 GRS has
anything to do with Lake Capital Partners, although it’s conceivable for
that to come out at some point, given the extensive links to Chicago
through Brett Goldstein, who’s running this IP-address show from the

As mentioned above, meanwhile, the one name that is on the 2020 version
of Global Resource Systems is that of Raymond Saulino.  AP’s [reporting]
about him suggests that what I turned up separately is related to the
same Raymond Saulino.  AP’s summary speaks of defense contracts within
the last decade; a company called Tidewater Laskin in Virginia Beach,
from which a one-time co-worker believes Saulino is now retired; and an
earlier connection with the firm Packet Forensics (at the same Virginia
Beach address as the Tidewater Laskin company), which reportedly sold a
capability to “government agencies and law enforcement that let them spy
on people’s web browsing using forged security certificates.”  (This
capability was explained at the time to be a legitimate exploitation of
application operations.)

My research led me to a Raymond Saulino of retirement age who is the
proprietor of a consulting firm named RAS Associates LLC in Sterling,
Virginia, just outside Washington. D.C.  Mr. Saulino and the business
have the same address; we don’t dox here at LU, so I will only say that
it is a residential address, suggesting contract work that could well
include setting up a structure for a single-focus IT front company, such
as one like GRS that exists only to announce and receive IP-address
traffic for a designated group of addresses.

Saulino’s involvement is a curiosity, but there isn’t enough information
about it to draw conclusions from.

One more feature of the story merits highlighting.  The Defense Digital
Service has a “satellite” presence in another state (i.e., besides
Virginia, where the Pentagon is located).  The DDS satellite, cleverly
called Tatooine, was formally set up at the end of 2019, after
preparations began for the field location in the latter half of 2018.

“Tatooine” is [in Augusta, Georgia], the state’s capital.  It’s hosted
by the [Georgia Cyber Center], and is partnered with the Georgia Bureau
of Investigation, the DDS (its parent), and the U.S. Army Cyber Command
(at Fort Gordon, near Augusta).

It’s interesting (that word again) that Tatooine would be in Georgia.
It may come to be more so; at the moment, with less than a day’s
research completed, there isn’t enough to support responsible

But looking at the Obama-centric tale of how the Defense Digital Service
came to be, at how a current chief plugged directly into the
progressive-left Chicago network was appointed by a political-outsider
Acting SECDEF during the Trump administration, and at the usual-suspect
linkage cropping up across the surrounding landscape – plus the CfA
brigades model, with hundreds of “civic tech” activists being groomed in
readiness to minister government to the masses – the feel of this thing

It doesn’t look like millions of precious IPv4 IP addresses are being
unleashed, tantalizingly out of reach, just to excite a response from
the Web’s malicious-exploits marauders.

It looks like someone wants to do something with those IP addresses.
What it is, people with other expert backgrounds will probably have to

[J.E. Dyer] J.E. Dyer is a retired Naval Intelligence officer who lives
in Southern California, blogging as The Optimistic Conservative for
domestic tranquility and world peace. Her articles have appeared at Hot
Air, Commentary’s Contentions, Patheos, The Daily Caller, The Jewish
Press, and The Weekly Standard.

[J.E. Dyer]

[information cluster bomb]

[on investigation]

[and AP follow-on]

[reserved for itself]

[maxed out several years ago]

[the largest company]

[informative interview]

[described him]

[started it]

[predictive analytics project for policing applications]

[has been in politics]

[chief policy officer]

[Code for America]

[gutting the criminal justice system]

[effort in San Francisco]

[nominee to head the Drug Enforcement Agency]

[policy equity]

[Chicago-based player]

[donated millions over the years]

[funded by]

[Amanda Renteria]

[in the Spygate drama]

[anti-Kavanaugh assault]

[best-known exploit]

[a treatment]

[ended up]

[founded Code for America]

[ended up driving the architecture and concept of the USDS]

[become the first director of the Defense Digital Service]

[registered in Florida]

[previously a Global Resource Systems LLC]

[Lake Capital Ventures]

[historical account]

[bought out by an Israeli company]


[in Augusta, Georgia]

[Georgia Cyber Center]

[J.E. Dyer]
-------------- next part --------------

Giovanni Biscuolo

Noi, incompetenti come siamo,
non abbiamo alcun titolo per suggerire alcunché.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://server-nexa.polito.it/pipermail/nexa/attachments/20210426/812347eb/attachment-0001.sig>

More information about the nexa mailing list