Mystery web traffic from DoD contractors identified?

A few years ago I noted very strange web requests coming from military bases and large defense contractors. Several of these sites were requesting a specific URL in my collection of over a decade of posts. That struck me as something highly unlikely for a casual web visitor to do, so I became alarmed at the possibility that these defense contractors and military units were compromised by a malware agent, perhaps planted by a foreign government. I emailed one of these groups, doing my patriotic duty by alerting them to this possiblity. Ususally when I point out potential hacking to a fellow sysadmin I receive some sort of thank you email in return. In this case I received no response (I’ll dig up my email and post it here if I can find it). I found the lack of reply unusual (and, well … rude), but kept open the possibility that I’d reached the wrong person.

Today, Techdirt had a story describing how a simple search through LinkedIn turns up a vast trove of resumes containing secret codeword programs. There’s obviously money to be made in surveillance – Edward Snowden made upwards of $200k per year – so analysts advertise the programs for which they have training. The corollary to this is that there are companies willing to pay for this experience – perhaps companies on the list I noticed knocking on my website door.

I can’t help but wonder if the unusual web traffic I noted might be part of one of these secret programs. Whatever it is (or was), it was obviously coordinated, so the only question is whether it was the bad guys or the good guys (i.e. Americans). Viewed through Occam’s razor, it’s more likely that these highly-secure defense contractors aren’t compromised (or at least they have some clue about network security), which leaves the possibility that the traffic came from some as-yet-unknown system. At least I hope our side’s responsible for it – we’re in a world of hurt if it’s not.

So, do I breathe easier knowing these massive defense contractors are not likely compromised as I once thought, or do I lie awake at night scared shitless that they appear to be spying on anyone and everyone?

One Response to “Mystery web traffic from DoD contractors identified?”

  1. B. They’re spying on everyone.