Wikileaks uncovers TrapWire surveillance: FAQ

Wikileaks uncovers TrapWire surveillance: FAQ

Summary: Wikileaks' latest trove of leaked Stratfor emails details the breadth and potential impact of the TrapWire surveillance system. What is it, and are you affected?


Wikileaks has released as part of its The Global Intelligence Files series another vast cache of leaked emails from private intelligence firm Stratfor. Brought to the public eye is a system called TrapWire. This previously little known technology may have the ability to impact our everyday lives in the U.S. and abroad.

This serves as an FAQ to what we know so far. 

It's worth noting -- as described below -- Wikileaks has been under a sustained denial-of-service attack, which has left the site unable to load for days, so some links below may not be available at the time of publication.

Here's what you need to know.

What is TrapWire?

In short, TrapWire is surveillance software used by both private industry and the U.S. government and its allies oversees, allowing both public and private sector users to help in counter-terrorism and anti-crime efforts.  The software uses algorithms and data from a variety of surveillance sources -- including CCTV and human-input from spotted 'suspicious' behavior -- to, in essence, 'predict' potentially criminal activity.

One leaked Stratfor-owned document, describes it as follows:

There are a variety of new tools, such as TrapWire, a software system designed to work with camera systems to help detect patterns of pre-operational surveillance, that can be focused on critical areas to help cut through the fog of noise and activity and draw attention to potential threats.

While ordinary CCTV cameras are often 'passive' and monitored by humans, TrapWire-connected cameras, such as 'pan-tilt-zoom' cameras, are able to track people, along with license plate readers, called Automatic Number Plate Recognition (ANPR) from place to place.

A U.S. Patents and Trademark Office filing says the system is "centralized" and information flows in and out of its global office to 'regional' distribution centers.  Despite being owned by a private company, the information collected by the system "can also be shared with law enforcement agencies."

As with any data mining software, the more data that is plugged into the system the greater its effectiveness.

Why such a recent controversy?

Wikileaks' latest release on August 10 of emails from private intelligence group Stratfor suggests the system is global, rather than limited to just the United States.

Simply put: it became increasingly clear how wide and far the extensive use of this software is. If one person is deemed to be acting suspiciously in one TrapWire covered area of the U.S., for example, the software may pick them up elsewhere by a different TrapWire network. 

It also means that the surveillance once thought to be relatively passive is instead pre-emptive and sophisticated in its methods. It uses a "10-characteristic description of individuals," human activity, or "8-characteristic description" of vehicle information -- such as license plates and other identifiable marks -- which is then correlated with other information collected elsewhere.

The 'TrapWire Threat Meter' means threats can be passed on through the network while vulnerabilities are not, though nevertheless remains a far more extensive breach of citizen privacy than first considered or understood.

The system appears to be 'for hire' in that it can be bought and used by private industry. For example, in a 2005 interview with former CIA employee (since removed from his corporate profile) and Abraxas founder and chief executive Richard Helms, he says:

...the nuclear industry has 104 civilian owned and operated nuclear power plants, and yet they don’t collect or share pre-attack information. TrapWire can help do that without infringing anyone’s civil liberties.

In a 2007 whitepaper, Abraxas describes TrapWire's ability to determine "suspicious activity in less than 60 seconds."

Who owns TrapWire, and how does it connect with governments?

The TrapWire software is now owned by TrapWire Inc., a Reston, VA company. But it wasn't always.

(Comment was sought from TrapWire Inc. regarding this story, but no reply had been received at the time of writing.)

Abraxas Corp. created TrapWire under its subsidiary firm Abraxas Applications Inc., according to Public Intelligence, a respected research site. Abraxas Corp. trademarked the TrapWire software in a filing with the U.S. PTO in 2006. 

But Abraxas Corp. is now owned by Cubic Corporation, which bought the firm in November 2010 for $124 million in cash

According to one report, Cubic acquired Abraxas Corp., TrapWire's former parent company, after TrapWire was spun out as a separate entity. One of the terms of the acquisition was to "cause the corporate name of Abraxas Applications, Inc. to be changed to a name that does not include 'Abraxas' or any variation thereof."

Abraxas, in a statement released on Monday, said: "Abraxas Corporation then and now has no affiliation with Abraxas Applications now known as TrapWire, Inc." 

Abraxas is based in Northern Virginia, according to the trademark filing. Many of its employees -- there are around 60 listed on LinkedIn, but thought to be in the low hundreds -- come from the U.S. military or other public sector organizations, including the U.S. intelligence community. 

The U.S. government has given both TrapWire and Abraxas more than $1.6 million in the past 12 months from the Dept. of Homeland Security, Dept. of Defense, and the General Services Administration.

In one leaked email, former Stratfor chief executive and current vice president Fred Burton claims:

Do you know how much a Lockheed Martin [defense contractor] would pay to have their logo/feed into the USSS CP? MI5? RCMP? LAPD CT? NYPD CT? 

This suggests that the NYPD and LAPD counter-terrorism divisions, the U.S. Secret Service, Canada's Royal Canadian Mounted Police and the U.K.'s domestic intelligence agency MI5 are all clientele of the TrapWire service.

Next: Where is TrapWire installed?


Topics: Government US, Google, Legal, Microsoft, Privacy,, Security, EU

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Well done research on the issue

    When the work is good, gratitudes should follow.
  • Not bad

    That was a surprisingly investigative report. As a random dude on the Internet, I can say that, generally, when spy-ish IT stuff traces back to the greater DC area, like Reston, Viginia, you can safely assume a few things:

    1) It's not being used "properly" (aka in complete accordance with US and International law.)

    2) It probably doesn't function very well (numerous software and hardware bugs tied in with poor design.)

    3) It doesn't deliver the goods (it's less effective than traditional, heads up investigative work.)

    4) It will be misused for political/personal purposes (and inevitable consequence of "if it can be used this, it will be used for that.)
    • Not for nothing...

      ... were they called the Beltway Bandits when I lived and worked in the area.
  • WoW

    and here I was thinking the TV show Person of Interest was a little far fetched ;-)
    • Yup!!

      Your thoughts are the same as mine as I read through the article - I know London is intermeshed with cameras, but was not aware as to how widespread this was becoming - what limit is privacy stretched to??
  • Zack Is A Trained Criminologist

    That gives him a nose for sniffing out dodgy activities like this.
    • Not quite...

      We're more about 'why' than 'how.' But I appreciate the thought nonetheless.
  • This article is an example of journalism should be

    I've been following the trapwire saga for 3 days and have read every story posted.

    This article has been the best balanced, most thoroughly researched and accurately delivered piece I have come across.
    I can't stress enough how superior it is to everything else I have read. The Times, Salon and MSNBC were too obsessed with downplaying the situation to actually look into what it was about.

    Only some of the raw details that continue to emerge in the #Trapwire twitter stream could possibly add anything of substance. But that info isn't quite ready to weave into the storyline just yet.
    beau parisi
    • Circumstantial and Asumptive.

      All I really see is a lot of circumstantial "evidence" based on hearsay and allegations that may or may not be fabricated. I suspect the major networks remain cautious as they are concerned about the "egg on their face" epidemic that would occur if these claims were found to be falsified.

      It's a conspiracy theorist's dream come true, no doubt, but if you read through the article carefully, you see phrases such as "declined to comment on rumors" and the group "anonymous" was used for the individuals taking credit for the capture of the documents.

      My experience with these type of articles (based on speculation, unofficial transcripts, and guilty until proven innocent) is that they have a 50/50 chance of being correct. To the scope of what is discussed here? Not likely. As one person noted, the software likely over-promises and under-delivers.

      I could make an article based on a few produced documents (I'm sure "anonymous" would be happy to provide them) stating that the government has hidden E.T. in their basement, and imply the guilt of the government through their lack of cooperation on commenting, but it wouldn't make it true.
      • I thought about this a little more...

        And if we trust WikiLeaks and "anonymous" more for providing accurate and non-fabricated/altered news channels than we do the Associated Press, and the target of allegations, then we will believe anything.

        I believe our society has become too engrossed with what "could be" than what "actually is." VERIFIED FACTS should be the foundation and cornerstone of the press (and no, I'm not accusing the Associate Press of being accurate in their reporting).

        Lives are ruined, uprisings are started, and businesses are tarnished by what we "believe" to be true, rather than what we "know" to be true.
      • It makes a lot of effort to gather all of this circumstantial evidence

        Zack gives all the links and quotes, so everyone can harvest primary sources for information and come to different conclusions, if they want.

        So this is real journalism. Journalism is not about articles that have no point, it is about the kind of work that Zack did based on listed sources information.
        • It is a lot of work...

          And it is good for an entertainment piece, but sources based on circumstantial evidence is not necessarily rooted in fact. Therein lies the problem. The masses accept what they are told if it is a well written piece, regardless of the actual facts behind the story (because if there are no actual facts, and everyone declines to comment, it must be true, right?).

          There is a danger behind sensationalist journalism, and it's that the masses don't think for themselves. Most journalism is sensationalist, as that's what sells. It feeds the fear of the masses. That's why roller-coasters are so popular.
  • The Last Enemy

    (TV mini-series 2008) - IMDb

    We are rapidly yielding all personal privacy in this world.

    "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." ~Benjamin Franklin
    David A. Pimentel
  • Brad Thor's new novel "Black List"

    Just read Brad Thor's new novel "Black List". Very interesting and timely given these reports.
  • Question

    Is Abraxas CEO and "former CIA employee" Richard Helms the same one who was CIA director under Richard Nixon? If so, he must be quite old.
    John L. Ries
    • I looked it up

      That Richard Helms died in 2003. I'm guessing that this one is his son or grandson (the CIA connection is unlikely to be a coincidence).
      John L. Ries
  • Excellent article Zack

    An excellent round up of the key details of Trapwire, thank you Zack. As others note, much superior to the dismissive coverage from the NYT (written by Scott Shane, who also wrote "The Moral Case for Drones) and Gawker, which appeared to repeat what they were sent from a Cubic Corp press release.

    You've also done a great job of explaining the concerns over US intelligence services having real-time access to UK CCTV. If footage sent to Trapwire is being stored on centralised US servers, as is believed to be the case as it's a Software-as-a-Service product, then the CIA/NSA have access to it under the Patriot Act. How a private corp is getting away with sending photos and footage of random EU civilians' faces over to the US in breach of Data Protection legislation I do not understand.

    One contentious point, with some MSM articles claiming there's no evidence, is whether TW includes facial recognition tech. As Zack notes, the Stratfor e-mails include references from head honcho Burton to Trapwire's ability to "track the suspects from the get go w/facial recognition software".

    Trapwire Inc's production description page also included (before it was edited in response to the publicity): "Pictures for Identification: Face & Torso, and Full Body .. These will be used for tracking purposes." Abraxas CEO Richard H Helms wrote in 2005: "It can collect information about people and vehicles that is more accurate than facial recognition."

    Trapwire's product brochure states: "To collect and process suspicious event data, TrapWire utilizes a facility's existing technologies (such as pan-tilt-zoom [PTZ] cameras) .. TrapWire records .. PersonPrint, a 10-characteristic description of individuals; .. matches this human-entered data with information collected by sensors [video & photography] and enters the reporting into the TrapWire database."

    None of this conclusive answers whether facial recognition is built into the system, but boy some writers have been quick to dismiss the possibility. Furthermore they fail to consider the fact that even if facial recognition isn't built into TW itself, it is trivial enough for US Intell to run 3rd party FR tools against video stored within TW, which has as identical result.

    All very worrying - thank you Zack for highlighting this as an area for concern.
  • Have you watched Spooks? (UK Spy TV Series)

    On a perahps lighter note - Anyone on the UK side of the pond will be no stranger to this; it was all used on a daily basis by the imaginary team in Spooks. I wonder where the script-writers got the idea?
  • trapwire

    Good article
    Makes a good case for technology bringing unintended consequences to the table
    along with more than a little chaos .
    preferred user
  • we also need to know this:

    We must open all fbi/cia files in order to understand the total corruption of these two groups of homicidal sociopaths and how they blackmail all other branches of gov, including congress & courts.
    Must also understand the threat to the people of the WHOLE world by the assassins & torturers of the fbi/cia/mi6/mossad; start here: