Attacks/Breaches
8/14/2012
11:18 AM
Connect Directly
RSS
E-Mail
50%
50%

TrapWire Surveillance Software Debate Flares, WikiLeaks Hit

WikiLeaks suffers DDos takedown after publishing Stratfor emails alleging U.S. government investment in anti-terrorism surveillance software.

Last week, whistle-blowing website WikiLeaks released a new batch of documents that detail a third-party software system used by the U.S. government for detecting terrorists who are planning attacks. Not long afterwards, the WikiLeaks website was hit with a series of sustained distributed denial-of-service (DDoS) attacks that flooded the website with bogus traffic.

The anti-terrorism software in question, produced by a company called TrapWire, is reportedly able to combine facial and gait recognition of closed-circuit television (CCTV) footage with license-plate readers to help identify unfolding threats of a terrorist or criminal nature. According to the documents leaked by WikiLeaks--apparently obtained via a hack of global intelligence firm Stratfor in December 2011, the Department of Homeland Security paid $832,000 for TrapWire deployments in Washington, D.C., and Seattle alone.

A TrapWire spokesman didn't immediately respond to a request to comment about the veracity of the documents that have so far been published by WikiLeaks.

[ Learn about another CCTV-based anti-terrorism system. See NYC, Microsoft Team On Huge Surveillance System. ]

But could TrapWire be behind the attack against WikiLeaks, which the organization said involved "well over 10Gbits/second sustained on the main WikiLeaks domains"? Might not the DDoS attack be in retaliation for the ongoing WikiLeaks Global Intelligence Files program to release more than five million emails stolen from Stratfor by members of Anonymous and LulzSec?

In fact, a previously unknown group called Anti Leaks soon took credit for the attack. "We have proven to two separate media organizations that we are behind these attacks by giving them advanced notice of our next target. We find the speculation that we are not behind these attacks and/or that we are CIA/NSA/FBI or even wikileaks themselves to be downright comical," according to a statement issued in the name of Anti Leaks by the group's leader, who goes by the handle "DietPepsi."

"I want to make it clear to all the conspiracy theorists out there that we have nothing to do with the United States Government or TrapWire," DietPepsi told the The Register. After 10 days of intermittent disruptions, however, WikiLeaks Tuesday appeared to once more be reliably accessible.

But what of TrapWire? According to the company's website, its software is "a unique, predictive software system designed to detect patterns of pre-attack surveillance and logistical planning" by criminals or terrorists. An internal Stratfor email from January 2011, meanwhile, discussed how "footage can be walked back and track the suspects from the get go w/facial recognition software (or TrapWire) technology."

As befits a company that creates anti-terrorism software, TrapWire was founded by former members of the U.S. intelligence community. In the wake of the WikiLeaks document release program, however, the Sydney Morning Herald said that "the page on TrapWire's website outlining its executives and their links to the CIA has recently been removed." (Late Tuesday morning, however, that newspaper story had also been removed, from the newspaper's website.)

According to an in-depth report published by RT.com, TrapWire has been deployed "in most major American cities at selected high value targets (HVTs)," as well as in multiple Las Vegas casinos, for the state of Texas, as well as for the Pentagon and other military agencies. It said TrapWire was created by a company called Abraxas, which features a management team largely drawn from the intelligence services and military branches. An Abraxas spokesman didn't immediately respond to a request for comment about the company's relationship with TrapWire.

Is a system such as TrapWire any more than vaporware? Rik Ferguson, a security consultant at Trend Micro, told the Guardian that the types of capabilities supposedly sported by the system aren't new. "There's a lot of crossover between CCTV and facial recognition," he said. "It's feasible to have a camera looking for suspicious behavior--for example, in a computer server room it could recognize someone via facial recognition or your gait, then can identify them from the card they swipe to get in, and then know whether it's suspicious if they're meant to be a cleaner and they sit down at a computer terminal."

Still, the disclosure of the system's existence is likely to raise numerous questions about exactly how it's being used to monitor public spaces. "With every new surveillance technology that is implemented ... the question we all need to ask ourselves is this: What do we value more--privacy, or state security?" said Carole Theriault, a senior security consultant at Sophos, via email.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
8/18/2012 | 5:17:03 PM
re: TrapWire Surveillance Software Debate Flares, WikiLeaks Hit
The software sounds very cool and hopefully it is used for its intended purposes. It definitely touches on the privacy part and where and where they cannot use thus monitoring software. What is the quote by Ben Franklin GǣGǣThose who desire to give up freedom in order to gain security will not have, nor do they deserve, either one.Gǥ It is questionable weather the footage will always be used for the purpose of identifying terrorist activity. If the monitoring software is used in public areas like airports and government buildings then citizens should not have a problem with it. It sounds like the software can certainly save some lives or prevent potential threats before they occur. As far as the attack goes who knows what sparked that wiki leaks I am sure has some unhappy people appearing on their site.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0607
Published: 2014-07-24
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.

CVE-2014-1419
Published: 2014-07-24
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

CVE-2014-2360
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

CVE-2014-2361
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVE-2014-2362
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.