WikiLeaks suffers DDos takedown after publishing Stratfor emails alleging U.S. government investment in anti-terrorism surveillance software.

Mathew J. Schwartz, Contributor

August 14, 2012

4 Min Read

Last week, whistle-blowing website WikiLeaks released a new batch of documents that detail a third-party software system used by the U.S. government for detecting terrorists who are planning attacks. Not long afterwards, the WikiLeaks website was hit with a series of sustained distributed denial-of-service (DDoS) attacks that flooded the website with bogus traffic.

The anti-terrorism software in question, produced by a company called TrapWire, is reportedly able to combine facial and gait recognition of closed-circuit television (CCTV) footage with license-plate readers to help identify unfolding threats of a terrorist or criminal nature. According to the documents leaked by WikiLeaks--apparently obtained via a hack of global intelligence firm Stratfor in December 2011, the Department of Homeland Security paid $832,000 for TrapWire deployments in Washington, D.C., and Seattle alone.

A TrapWire spokesman didn't immediately respond to a request to comment about the veracity of the documents that have so far been published by WikiLeaks.

[ Learn about another CCTV-based anti-terrorism system. See NYC, Microsoft Team On Huge Surveillance System. ]

But could TrapWire be behind the attack against WikiLeaks, which the organization said involved "well over 10Gbits/second sustained on the main WikiLeaks domains"? Might not the DDoS attack be in retaliation for the ongoing WikiLeaks Global Intelligence Files program to release more than five million emails stolen from Stratfor by members of Anonymous and LulzSec?

In fact, a previously unknown group called Anti Leaks soon took credit for the attack. "We have proven to two separate media organizations that we are behind these attacks by giving them advanced notice of our next target. We find the speculation that we are not behind these attacks and/or that we are CIA/NSA/FBI or even wikileaks themselves to be downright comical," according to a statement issued in the name of Anti Leaks by the group's leader, who goes by the handle "DietPepsi."

"I want to make it clear to all the conspiracy theorists out there that we have nothing to do with the United States Government or TrapWire," DietPepsi told the The Register. After 10 days of intermittent disruptions, however, WikiLeaks Tuesday appeared to once more be reliably accessible.

But what of TrapWire? According to the company's website, its software is "a unique, predictive software system designed to detect patterns of pre-attack surveillance and logistical planning" by criminals or terrorists. An internal Stratfor email from January 2011, meanwhile, discussed how "footage can be walked back and track the suspects from the get go w/facial recognition software (or TrapWire) technology."

As befits a company that creates anti-terrorism software, TrapWire was founded by former members of the U.S. intelligence community. In the wake of the WikiLeaks document release program, however, the Sydney Morning Herald said that "the page on TrapWire's website outlining its executives and their links to the CIA has recently been removed." (Late Tuesday morning, however, that newspaper story had also been removed, from the newspaper's website.)

According to an in-depth report published by RT.com, TrapWire has been deployed "in most major American cities at selected high value targets (HVTs)," as well as in multiple Las Vegas casinos, for the state of Texas, as well as for the Pentagon and other military agencies. It said TrapWire was created by a company called Abraxas, which features a management team largely drawn from the intelligence services and military branches. An Abraxas spokesman didn't immediately respond to a request for comment about the company's relationship with TrapWire.

Is a system such as TrapWire any more than vaporware? Rik Ferguson, a security consultant at Trend Micro, told the Guardian that the types of capabilities supposedly sported by the system aren't new. "There's a lot of crossover between CCTV and facial recognition," he said. "It's feasible to have a camera looking for suspicious behavior--for example, in a computer server room it could recognize someone via facial recognition or your gait, then can identify them from the card they swipe to get in, and then know whether it's suspicious if they're meant to be a cleaner and they sit down at a computer terminal."

Still, the disclosure of the system's existence is likely to raise numerous questions about exactly how it's being used to monitor public spaces. "With every new surveillance technology that is implemented ... the question we all need to ask ourselves is this: What do we value more--privacy, or state security?" said Carole Theriault, a senior security consultant at Sophos, via email.

About the Author(s)

Mathew J. Schwartz

Contributor

Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights