11:18 AM

TrapWire Surveillance Software Debate Flares, WikiLeaks Hit

WikiLeaks suffers DDos takedown after publishing Stratfor emails alleging U.S. government investment in anti-terrorism surveillance software.

Last week, whistle-blowing website WikiLeaks released a new batch of documents that detail a third-party software system used by the U.S. government for detecting terrorists who are planning attacks. Not long afterwards, the WikiLeaks website was hit with a series of sustained distributed denial-of-service (DDoS) attacks that flooded the website with bogus traffic.

The anti-terrorism software in question, produced by a company called TrapWire, is reportedly able to combine facial and gait recognition of closed-circuit television (CCTV) footage with license-plate readers to help identify unfolding threats of a terrorist or criminal nature. According to the documents leaked by WikiLeaks--apparently obtained via a hack of global intelligence firm Stratfor in December 2011, the Department of Homeland Security paid $832,000 for TrapWire deployments in Washington, D.C., and Seattle alone.

A TrapWire spokesman didn't immediately respond to a request to comment about the veracity of the documents that have so far been published by WikiLeaks.

[ Learn about another CCTV-based anti-terrorism system. See NYC, Microsoft Team On Huge Surveillance System. ]

But could TrapWire be behind the attack against WikiLeaks, which the organization said involved "well over 10Gbits/second sustained on the main WikiLeaks domains"? Might not the DDoS attack be in retaliation for the ongoing WikiLeaks Global Intelligence Files program to release more than five million emails stolen from Stratfor by members of Anonymous and LulzSec?

In fact, a previously unknown group called Anti Leaks soon took credit for the attack. "We have proven to two separate media organizations that we are behind these attacks by giving them advanced notice of our next target. We find the speculation that we are not behind these attacks and/or that we are CIA/NSA/FBI or even wikileaks themselves to be downright comical," according to a statement issued in the name of Anti Leaks by the group's leader, who goes by the handle "DietPepsi."

"I want to make it clear to all the conspiracy theorists out there that we have nothing to do with the United States Government or TrapWire," DietPepsi told the The Register. After 10 days of intermittent disruptions, however, WikiLeaks Tuesday appeared to once more be reliably accessible.

But what of TrapWire? According to the company's website, its software is "a unique, predictive software system designed to detect patterns of pre-attack surveillance and logistical planning" by criminals or terrorists. An internal Stratfor email from January 2011, meanwhile, discussed how "footage can be walked back and track the suspects from the get go w/facial recognition software (or TrapWire) technology."

As befits a company that creates anti-terrorism software, TrapWire was founded by former members of the U.S. intelligence community. In the wake of the WikiLeaks document release program, however, the Sydney Morning Herald said that "the page on TrapWire's website outlining its executives and their links to the CIA has recently been removed." (Late Tuesday morning, however, that newspaper story had also been removed, from the newspaper's website.)

According to an in-depth report published by, TrapWire has been deployed "in most major American cities at selected high value targets (HVTs)," as well as in multiple Las Vegas casinos, for the state of Texas, as well as for the Pentagon and other military agencies. It said TrapWire was created by a company called Abraxas, which features a management team largely drawn from the intelligence services and military branches. An Abraxas spokesman didn't immediately respond to a request for comment about the company's relationship with TrapWire.

Is a system such as TrapWire any more than vaporware? Rik Ferguson, a security consultant at Trend Micro, told the Guardian that the types of capabilities supposedly sported by the system aren't new. "There's a lot of crossover between CCTV and facial recognition," he said. "It's feasible to have a camera looking for suspicious behavior--for example, in a computer server room it could recognize someone via facial recognition or your gait, then can identify them from the card they swipe to get in, and then know whether it's suspicious if they're meant to be a cleaner and they sit down at a computer terminal."

Still, the disclosure of the system's existence is likely to raise numerous questions about exactly how it's being used to monitor public spaces. "With every new surveillance technology that is implemented ... the question we all need to ask ourselves is this: What do we value more--privacy, or state security?" said Carole Theriault, a senior security consultant at Sophos, via email.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
8/18/2012 | 5:17:03 PM
re: TrapWire Surveillance Software Debate Flares, WikiLeaks Hit
The software sounds very cool and hopefully it is used for its intended purposes. It definitely touches on the privacy part and where and where they cannot use thus monitoring software. What is the quote by Ben Franklin GǣGǣThose who desire to give up freedom in order to gain security will not have, nor do they deserve, either one.Gǥ It is questionable weather the footage will always be used for the purpose of identifying terrorist activity. If the monitoring software is used in public areas like airports and government buildings then citizens should not have a problem with it. It sounds like the software can certainly save some lives or prevent potential threats before they occur. As far as the attack goes who knows what sparked that wiki leaks I am sure has some unhappy people appearing on their site.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-02-01
Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys. NOTE: this vulnerability exists because of an incomplete fix for CVE-2...

Published: 2015-02-01
ASUS JAPAN RT-AC87U routers with firmware and earlier, RT-AC68U routers with firmware and earlier, RT-AC56S routers with firmware and earlier, RT-N66U routers with firmware and earlier, and RT-N56U routers with firmware

Published: 2015-02-01
Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U routers with firmware and earlier, RT-AC68U routers with firmware and earlier, RT-AC56S routers with firmware and earlier, RT-N66U routers with firmware and earl...

Published: 2015-02-01
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shel...

Published: 2015-02-01
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X8...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If youre a security professional, youve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.