Stratfor emails reveal secret, widespread TrapWire surveillance system
Every few seconds, data picked up at surveillance points in major cities and landmarks across the United States are recorded digitally on the spot, then encrypted and instantaneously delivered to a fortified central database center at an undisclosed location to be aggregated with other intelligence. It’s part of a program called TrapWire and it's the brainchild of the Abraxas, a Northern Virginia company staffed with elite from America’s intelligence community. The employee roster at Arbaxas reads like a who’s who of agents once with the Pentagon, CIA and other government entities according to their public LinkedIn profiles, and the corporation's ties are assumed to go deeper than even documented.
The details on Abraxas and, to an even greater extent TrapWire, are scarce, however, and not without reason. For a program touted as a tool to thwart terrorism and monitor activity meant to be under wraps, its understandable that Abraxas would want the program’s public presence to be relatively limited. But thanks to last year’s hack of the Strategic Forecasting intelligence agency, or Stratfor, all of that is quickly changing.
Hacktivists aligned with the loose-knit Anonymous collective took credit for hacking Stratfor on Christmas Eve, 2011, in turn collecting what they claimed to be more than five million emails from within the company. WikiLeaks began releasing those emails as the Global Intelligence Files (GIF) earlier this year and, of those, several discussing the implementing of TrapWire in public spaces across the country were circulated on the Web this week after security researcher Justin Ferguson brought attention to the matter. At the same time, however, WikiLeaks was relentlessly assaulted by a barrage of distributed denial-of-service (DDoS) attacks, crippling the whistleblower site and its mirrors, significantly cutting short the number of people who would otherwise have unfettered access to the emails.
On Wednesday, an administrator for the WikiLeaks Twitter account wrote that the site suspected that the motivation for the attacks could be that particularly sensitive Stratfor emails were about to be exposed. A hacker group called AntiLeaks soon after took credit for the assaults on WikiLeaks and mirrors of their content, equating the offensive as a protest against editor Julian Assange, “the head of a new breed of terrorist.” As those Stratfor files on TrapWire make their rounds online, though, talk of terrorism is only just beginning.
Mr. Ferguson and others have mirrored what are believed to be most recently-released Global Intelligence Files on external sites, but the original documents uploaded to WikiLeaks have been at times unavailable this week due to the continuing DDoS attacks. Late Thursday and early Friday this week, the GIF mirrors continues to go offline due to what is presumably more DDoS assaults. Australian activist Asher Wolf wrote on Twitter that the DDoS attacks flooding the servers of WikiLeaks supporter sites were reported to be dropping upwards of 40 gigabits of traffic per second. On Friday, WikiLeaks tweeted that their own site was sustaining attacks of 10 Gb/second, adding, "Whoever is running it controls thousands of machines or is able to simulate them."
According to a press release (pdf) dated June 6, 2012, TrapWire is “designed to provide a simple yet powerful means of collecting and recording suspicious activity reports.” A system of interconnected nodes spot anything considered suspect and then input it into the system to be "analyzed and compared with data entered from other areas within a network for the purpose of identifying patterns of behavior that are indicative of pre-attack planning.”
In a 2009 email included in the Anonymous leak, Stratfor Vice President for Intelligence Fred Burton is alleged to write, “TrapWire is a technology solution predicated upon behavior patterns in red zones to identify surveillance. It helps you connect the dots over time and distance.” Burton formerly served with the US Diplomatic Security Service, and Abraxas’ staff includes other security experts with experience in and out of the Armed Forces.
What is believed to be a partnering agreement included in the Stratfor files from August 13, 2009 indicates that they signed a contract with Abraxas to provide them with analysis and reports of their TrapWire system (pdf).
“Suspicious activity reports from all facilities on the TrapWire network are aggregated in a central database and run through a rules engine that searches for patterns indicative of terrorist surveillance operations and other attack preparations,” Crime and Justice International magazine explains in a 2006 article on the program, one of the few publically circulated on the Abraxas product (pdf). “Any patterns detected – links among individuals, vehicles or activities – will be reported back to each affected facility. This information can also be shared with law enforcement organizations, enabling them to begin investigations into the suspected surveillance cell.”
In a 2005 interview with The Entrepreneur Center, Abraxas founder Richard “Hollis” Helms said his signature product “can collect information about people and vehicles that is more accurate than facial recognition, draw patterns, and do threat assessments of areas that may be under observation from terrorists.” He calls it “a proprietary technology designed to protect critical national infrastructure from a terrorist attack by detecting the pre-attack activities of the terrorist and enabling law enforcement to investigate and engage the terrorist long before an attack is executed,” and that, “The beauty of it is that we can protect an infinite number of facilities just as efficiently as we can one and we push information out to local law authorities automatically.”
An internal email from early 2011 included in the Global Intelligence Files has Stratfor’s Burton allegedly saying the program can be used to “[walk] back and track the suspects from the get go w/facial recognition software.”
Since its inception, TrapWire has been implemented in most major American cities at selected high value targets (HVTs) and has appeared abroad as well. The iWatch monitoring system adopted by the Los Angeles Police Department (pdf) works in conjunction with TrapWire, as does the District of Columbia and the "See Something, Say Something" program conducted by law enforcement in New York City, which had 500 surveillance cameras linked to the system in 2010. Private properties including Las Vegas, Nevada casinos have subscribed to the system. The State of Texas reportedly spent half a million dollars with an additional annual licensing fee of $150,000 to employ TrapWire, and the Pentagon and other military facilities have allegedly signed on as well.
In one email from 2010 leaked by Anonymous, Stratfor’s Fred Burton allegedly writes, “God Bless America. Now they have EVERY major HVT in CONUS, the UK, Canada, Vegas, Los Angeles, NYC as clients.” Files on USASpending.gov reveal that the US Department of Homeland Security and Department of Defense together awarded Abraxas and TrapWire more than one million dollars in only the past eleven months.
News of the widespread and largely secretive installation of TrapWire comes amidst a federal witch-hunt to crack down on leaks escaping Washington and at attempt to prosecute whistleblowers. Thomas Drake, a former agent with the NSA, has recently spoken openly about the government’s Trailblazer Project that was used to monitor private communication, and was charged under the Espionage Act for coming forth. Separately, former NSA tech director William Binney and others once with the agency have made claims in recent weeks that the feds have dossiers on every American, an allegation NSA Chief Keith Alexander dismissed during a speech at Def-Con last month in Vegas.