Attacks/Breaches
8/14/2012
11:18 AM
Connect Directly
RSS
E-Mail
50%
50%

TrapWire Surveillance Software Debate Flares, WikiLeaks Hit

WikiLeaks suffers DDos takedown after publishing Stratfor emails alleging U.S. government investment in anti-terrorism surveillance software.

Last week, whistle-blowing website WikiLeaks released a new batch of documents that detail a third-party software system used by the U.S. government for detecting terrorists who are planning attacks. Not long afterwards, the WikiLeaks website was hit with a series of sustained distributed denial-of-service (DDoS) attacks that flooded the website with bogus traffic.

The anti-terrorism software in question, produced by a company called TrapWire, is reportedly able to combine facial and gait recognition of closed-circuit television (CCTV) footage with license-plate readers to help identify unfolding threats of a terrorist or criminal nature. According to the documents leaked by WikiLeaks--apparently obtained via a hack of global intelligence firm Stratfor in December 2011, the Department of Homeland Security paid $832,000 for TrapWire deployments in Washington, D.C., and Seattle alone.

A TrapWire spokesman didn't immediately respond to a request to comment about the veracity of the documents that have so far been published by WikiLeaks.

[ Learn about another CCTV-based anti-terrorism system. See NYC, Microsoft Team On Huge Surveillance System. ]

But could TrapWire be behind the attack against WikiLeaks, which the organization said involved "well over 10Gbits/second sustained on the main WikiLeaks domains"? Might not the DDoS attack be in retaliation for the ongoing WikiLeaks Global Intelligence Files program to release more than five million emails stolen from Stratfor by members of Anonymous and LulzSec?

In fact, a previously unknown group called Anti Leaks soon took credit for the attack. "We have proven to two separate media organizations that we are behind these attacks by giving them advanced notice of our next target. We find the speculation that we are not behind these attacks and/or that we are CIA/NSA/FBI or even wikileaks themselves to be downright comical," according to a statement issued in the name of Anti Leaks by the group's leader, who goes by the handle "DietPepsi."

"I want to make it clear to all the conspiracy theorists out there that we have nothing to do with the United States Government or TrapWire," DietPepsi told the The Register. After 10 days of intermittent disruptions, however, WikiLeaks Tuesday appeared to once more be reliably accessible.

But what of TrapWire? According to the company's website, its software is "a unique, predictive software system designed to detect patterns of pre-attack surveillance and logistical planning" by criminals or terrorists. An internal Stratfor email from January 2011, meanwhile, discussed how "footage can be walked back and track the suspects from the get go w/facial recognition software (or TrapWire) technology."

As befits a company that creates anti-terrorism software, TrapWire was founded by former members of the U.S. intelligence community. In the wake of the WikiLeaks document release program, however, the Sydney Morning Herald said that "the page on TrapWire's website outlining its executives and their links to the CIA has recently been removed." (Late Tuesday morning, however, that newspaper story had also been removed, from the newspaper's website.)

According to an in-depth report published by RT.com, TrapWire has been deployed "in most major American cities at selected high value targets (HVTs)," as well as in multiple Las Vegas casinos, for the state of Texas, as well as for the Pentagon and other military agencies. It said TrapWire was created by a company called Abraxas, which features a management team largely drawn from the intelligence services and military branches. An Abraxas spokesman didn't immediately respond to a request for comment about the company's relationship with TrapWire.

Is a system such as TrapWire any more than vaporware? Rik Ferguson, a security consultant at Trend Micro, told the Guardian that the types of capabilities supposedly sported by the system aren't new. "There's a lot of crossover between CCTV and facial recognition," he said. "It's feasible to have a camera looking for suspicious behavior--for example, in a computer server room it could recognize someone via facial recognition or your gait, then can identify them from the card they swipe to get in, and then know whether it's suspicious if they're meant to be a cleaner and they sit down at a computer terminal."

Still, the disclosure of the system's existence is likely to raise numerous questions about exactly how it's being used to monitor public spaces. "With every new surveillance technology that is implemented ... the question we all need to ask ourselves is this: What do we value more--privacy, or state security?" said Carole Theriault, a senior security consultant at Sophos, via email.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
8/18/2012 | 5:17:03 PM
re: TrapWire Surveillance Software Debate Flares, WikiLeaks Hit
The software sounds very cool and hopefully it is used for its intended purposes. It definitely touches on the privacy part and where and where they cannot use thus monitoring software. What is the quote by Ben Franklin GǣGǣThose who desire to give up freedom in order to gain security will not have, nor do they deserve, either one.Gǥ It is questionable weather the footage will always be used for the purpose of identifying terrorist activity. If the monitoring software is used in public areas like airports and government buildings then citizens should not have a problem with it. It sounds like the software can certainly save some lives or prevent potential threats before they occur. As far as the attack goes who knows what sparked that wiki leaks I am sure has some unhappy people appearing on their site.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6335
Published: 2014-08-26
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and ...

CVE-2014-0480
Published: 2014-08-26
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL ...

CVE-2014-0481
Published: 2014-08-26
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a d...

CVE-2014-0482
Published: 2014-08-26
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors relate...

CVE-2014-0483
Published: 2014-08-26
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field ...

Best of the Web
Dark Reading Radio
Listen Now The Best of the Rest of Black Hat: The Enterprise View
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.