Recently on Cryptome (the better leaks than wikileaks site), a paper appeared pointing out that BT (British Telecom) assigns all their modems an extra address in the 30.x.x.x address space, and then attaches SSH and SNMP to that address. This looks like what many ISPs do, assigning a second IP address for management, except for one thing: the 126.96.36.199/8 block is assigned to the United States Department of Defense. This has caused a fevered round of speculation that this is actually a secret backdoor for the NSA/GCHQ, so that they can secretly monitor and control people's home networks.
Maybe, but it's probably not the case. The better explanation is that BT simply chose this address space because it's non-routable. While it's assigned public address, it's only used inside the private DoD military network. Try tracerouting to that address space, you'll see that your packets go nowhere.
Thus, it's a good choice for pseudo-private address space.
This sort of thing happens a lot. I (or others I trust) have seen 188.8.131.52/24, 184.108.40.206/24, and other instances of 220.127.116.11/24 used this way. I can confirm that companies use DoD address space as private addresses. Just because it's DoD doesn't mean they route to the DoD.
The reason all these address spaces are DoD is because that's really the only source of unused IPv4 addresses left. All IPv4 address ranges have been assigned. But, the DoD has been assigned 20% of the IPv4 address space, but most of it is used within the DoD, on their own private networks, and is not routable to the outside world. Thus, if you are looking for a large chunk of "private" addresses that won't suddenly one day be assigned to Akamai or Amazon (and thus, explode in your face), then DoD addresses are the way to go.
There are a couple good reasons for going with this approach. The first is that existing private address spaces (10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12) are frequently used inside a home network, and thus, might cause some routing confusion if also used outside a home gateway. The second is that for a large company like BT, with millions of customers, they may have exhausted the private address space. The 10.x.x.x network has only 16 million possible addresses, and due to the way it needs to be carved up and routed, would be useful for quite a bit fewer than that. Thus, they may need a few /8 address chunks to adequately cover everyone for a management network.
What I'm trying to get to here is "Occam's Razor". For many people, when they see the 18.104.22.168/0 address, and that it's assigned to the DoD, their simplest explanation is that the DoD is spying on people's home modems. Those of us with more experience see that the most obvious explanation is that BT chose this as pseudo-private address space.
To be clear, that paper contains nothing that is evidence of NSA spying. I may have missed something, because I only skimmed it, skipping the paranoid ravings, but none of the technical details show anything amiss. Many ISPs provide custom firmwares for the modems they sell. These firmwares typically have a management "backdoor" so that the ISP can monitor and/or control the modem. Many, many networks use publicly allocated DoD addresses inside their network as private addresses.