Attacks/Breaches
8/14/2012
11:18 AM
50%
50%

TrapWire Surveillance Software Debate Flares, WikiLeaks Hit

WikiLeaks suffers DDos takedown after publishing Stratfor emails alleging U.S. government investment in anti-terrorism surveillance software.

Last week, whistle-blowing website WikiLeaks released a new batch of documents that detail a third-party software system used by the U.S. government for detecting terrorists who are planning attacks. Not long afterwards, the WikiLeaks website was hit with a series of sustained distributed denial-of-service (DDoS) attacks that flooded the website with bogus traffic.

The anti-terrorism software in question, produced by a company called TrapWire, is reportedly able to combine facial and gait recognition of closed-circuit television (CCTV) footage with license-plate readers to help identify unfolding threats of a terrorist or criminal nature. According to the documents leaked by WikiLeaks--apparently obtained via a hack of global intelligence firm Stratfor in December 2011, the Department of Homeland Security paid $832,000 for TrapWire deployments in Washington, D.C., and Seattle alone.

A TrapWire spokesman didn't immediately respond to a request to comment about the veracity of the documents that have so far been published by WikiLeaks.

[ Learn about another CCTV-based anti-terrorism system. See NYC, Microsoft Team On Huge Surveillance System. ]

But could TrapWire be behind the attack against WikiLeaks, which the organization said involved "well over 10Gbits/second sustained on the main WikiLeaks domains"? Might not the DDoS attack be in retaliation for the ongoing WikiLeaks Global Intelligence Files program to release more than five million emails stolen from Stratfor by members of Anonymous and LulzSec?

In fact, a previously unknown group called Anti Leaks soon took credit for the attack. "We have proven to two separate media organizations that we are behind these attacks by giving them advanced notice of our next target. We find the speculation that we are not behind these attacks and/or that we are CIA/NSA/FBI or even wikileaks themselves to be downright comical," according to a statement issued in the name of Anti Leaks by the group's leader, who goes by the handle "DietPepsi."

"I want to make it clear to all the conspiracy theorists out there that we have nothing to do with the United States Government or TrapWire," DietPepsi told the The Register. After 10 days of intermittent disruptions, however, WikiLeaks Tuesday appeared to once more be reliably accessible.

But what of TrapWire? According to the company's website, its software is "a unique, predictive software system designed to detect patterns of pre-attack surveillance and logistical planning" by criminals or terrorists. An internal Stratfor email from January 2011, meanwhile, discussed how "footage can be walked back and track the suspects from the get go w/facial recognition software (or TrapWire) technology."

As befits a company that creates anti-terrorism software, TrapWire was founded by former members of the U.S. intelligence community. In the wake of the WikiLeaks document release program, however, the Sydney Morning Herald said that "the page on TrapWire's website outlining its executives and their links to the CIA has recently been removed." (Late Tuesday morning, however, that newspaper story had also been removed, from the newspaper's website.)

According to an in-depth report published by RT.com, TrapWire has been deployed "in most major American cities at selected high value targets (HVTs)," as well as in multiple Las Vegas casinos, for the state of Texas, as well as for the Pentagon and other military agencies. It said TrapWire was created by a company called Abraxas, which features a management team largely drawn from the intelligence services and military branches. An Abraxas spokesman didn't immediately respond to a request for comment about the company's relationship with TrapWire.

Is a system such as TrapWire any more than vaporware? Rik Ferguson, a security consultant at Trend Micro, told the Guardian that the types of capabilities supposedly sported by the system aren't new. "There's a lot of crossover between CCTV and facial recognition," he said. "It's feasible to have a camera looking for suspicious behavior--for example, in a computer server room it could recognize someone via facial recognition or your gait, then can identify them from the card they swipe to get in, and then know whether it's suspicious if they're meant to be a cleaner and they sit down at a computer terminal."

Still, the disclosure of the system's existence is likely to raise numerous questions about exactly how it's being used to monitor public spaces. "With every new surveillance technology that is implemented ... the question we all need to ask ourselves is this: What do we value more--privacy, or state security?" said Carole Theriault, a senior security consultant at Sophos, via email.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
8/18/2012 | 5:17:03 PM
re: TrapWire Surveillance Software Debate Flares, WikiLeaks Hit
The software sounds very cool and hopefully it is used for its intended purposes. It definitely touches on the privacy part and where and where they cannot use thus monitoring software. What is the quote by Ben Franklin GǣGǣThose who desire to give up freedom in order to gain security will not have, nor do they deserve, either one.Gǥ It is questionable weather the footage will always be used for the purpose of identifying terrorist activity. If the monitoring software is used in public areas like airports and government buildings then citizens should not have a problem with it. It sounds like the software can certainly save some lives or prevent potential threats before they occur. As far as the attack goes who knows what sparked that wiki leaks I am sure has some unhappy people appearing on their site.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0999
Published: 2015-06-02
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.

CVE-2014-8391
Published: 2015-06-02
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of request.

CVE-2015-0759
Published: 2015-06-02
Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users.

CVE-2015-0850
Published: 2015-06-02
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.

CVE-2015-1945
Published: 2015-06-02
Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors.

Dark Reading Radio
Archived Dark Reading Radio
From Target to Sony to Anthem, they are happening all around you: the big data breaches that compromise critical data and threaten the welfare of the corporate brand. Is your organization ready to respond?