Stratfor emails reveal secret, widespread TrapWire surveillance system
August 10, 2012


Former senior intelligence officials have created a detailed surveillance system more accurate than modern facial recognition technology — and have installed it across the US under the radar of most Americans, according to emails hacked by Anonymous.

Every few seconds, data picked up at surveillance points in major cities and landmarks across the United States are recorded digitally on the spot, then encrypted and instantaneously delivered to a fortified central database center at an undisclosed location to be aggregated with other intelligence. It’s part of a program called TrapWire and it’s the brainchild of the Abraxas, a Northern Virginia company staffed with elite from America’s intelligence community. The employee roster at Arbaxas reads like a who’s who of agents once with the Pentagon, CIA and other government entities according to their public LinkedIn profiles, and the corporation’s ties are assumed to go deeper than even documented.

The details on Abraxas and, to an even greater extent TrapWire, are scarce, however, and not without reason. For a program touted as a tool to thwart terrorism and monitor activity meant to be under wraps, its understandable that Abraxas would want the program’s public presence to be relatively limited. But thanks to last year’s hack of the Strategic Forecasting intelligence agency, or Stratfor, all of that is quickly changing.

Hacktivists aligned with the loose-knit Anonymous collective took credit for hacking Stratfor on Christmas Eve, 2011, in turn collecting what they claimed to be more than five million emails from within the company. WikiLeaks began releasing those emails as the Global Intelligence Files (GIF) earlier this year and, of those, several discussing the implementing of TrapWire in public spaces across the country were circulated on the Web this week after security researcher Justin Fergusonbrought attention to the matter. At the same time, however, WikiLeaks was relentlessly assaulted by a barrage of distributed denial-of-service (DDoS) attacks, crippling the whistleblower site and its mirrors, significantly cutting short the number of people who would otherwise have unfettered access to the emails.

On Wednesday, an administrator for the WikiLeaks Twitter account wrote that the site suspected that the motivation for the attacks could be that particularly sensitive Stratfor emails were about to be exposed. A hacker group called AntiLeaks soon after took credit for the assaults on WikiLeaks and mirrors of their content, equating the offensive as a protest against editor Julian Assange, “the head of a new breed of terrorist.” As those Stratfor files on TrapWire make their rounds online, though, talk of terrorism is only just beginning.

Mr. Ferguson and others have mirrored what are believed to be most recently-released Global Intelligence Files on external sites, but the original documents uploaded to WikiLeaks have been at times unavailable this week due to the continuing DDoS attacks. Late Thursday and early Friday this week, the GIF mirrors continues to go offline due to what is presumably more DDoS assaults. Australian activist Asher Wolf wrote on Twitter that the DDoS attacks flooding the servers of WikiLeaks supporter sites were reported to be dropping upwards of 40 gigabytes of traffic per second. On Friday, WikiLeaks tweeted that their own site was sustaining attacks of 10 GB/second,adding, “Whoever is running it controls thousands of machines or is able to simulate them.”

According to a press release (pdf) dated June 6, 2012, TrapWire is “designed to provide a simple yet powerful means of collecting and recording suspicious activity reports.” A system of interconnected nodes spot anything considered suspect and then input it into the system to be “analyzed and compared with data entered from other areas within a network for the purpose of identifying patterns of behavior that are indicative of pre-attack planning.”

In a 2009 email included in the Anonymous leak, Stratfor Vice President for Intelligence Fred Burton is alleged to write, “TrapWire is a technology solution predicated upon behavior patterns in red zones to identify surveillance. It helps you connect the dots over time and distance.” Burton formerly served with the US Diplomatic Security Service, and Abraxas’ staff includes other security experts with experience in and out of the Armed Forces.

What is believed to be a partnering agreement included in the Stratfor files from August 13, 2009 indicates that they signed a contract with Abraxas to provide them with analysis and reports of their TrapWire system (pdf).

“Suspicious activity reports from all facilities on the TrapWire network are aggregated in a central database and run through a rules engine that searches for patterns indicative of terrorist surveillance operations and other attack preparations,” Crime and Justice International magazine explains in a 2006 article on the program, one of the few publically circulated on the Abraxas product (pdf). “Any patterns detected – links among individuals, vehicles or activities – will be reported back to each affected facility. This information can also be shared with law enforcement organizations, enabling them to begin investigations into the suspected surveillance cell.”

In a 2005 interview with The Entrepreneur Center, Abraxas founder Richard “Hollis” Helms said his signature product “can collect information about people and vehicles that is more accurate than facial recognition, draw patterns, and do threat assessments of areas that may be under observation from terrorists.” He calls it “a proprietary technology designed to protect critical national infrastructure from a terrorist attack by detecting the pre-attack activities of the terrorist and enabling law enforcement to investigate and engage the terrorist long before an attack is executed,” and that, “The beauty of it is that we can protect an infinite number of facilities just as efficiently as we can one and we push information out to local law authorities automatically.”

An internal email from early 2011 included in the Global Intelligence Files has Stratfor’s Burton allegedly saying the program can be used to “[walk] back and track the suspects from the get go w/facial recognition software.”

Since its inception, TrapWire has been implemented in most major American cities at selected high value targets (HVTs) and has appeared abroad as well. The iWatch monitoring system adopted by the Los Angeles Police Department (pdf) works in conjunction with TrapWire, as does the District of Columbia and the “See Something, Say Something” program conducted by law enforcement inNew York City, which had 500 surveillance cameras linked to the system in 2010. Private properties including Las Vegas, Nevada casinos have subscribed to the system. The State of Texasreportedly spent half a million dollars with an additional annual licensing fee of $150,000 to employ TrapWire, and the Pentagon and other military facilities have allegedly signed on as well.

In one email from 2010 leaked by Anonymous, Stratfor’s Fred Burton allegedly writes, “God Bless America. Now they have EVERY major HVT in CONUS, the UK, Canada, Vegas, Los Angeles, NYC as clients.” Files on reveal that the US Department of Homeland Security and Department of Defense together awarded Abraxas and TrapWire more than one million dollars in only the past eleven months.

News of the widespread and largely secretive installation of TrapWire comes amidst a federal witch-hunt to crack down on leaks escaping Washington and at attempt to prosecute whistleblowers. Thomas Drake, a former agent with the NSA, has recently spoken openly about the government’s Trailblazer Project that was used to monitor private communication, and was charged under the Espionage Act for coming forth. Separately, former NSA tech director William Binney and others once with the agency have made claims in recent weeks that the feds have dossiers on every American, an allegation NSA Chief Keith Alexander dismissed during a speech at Def-Con last month in Vegas.


DC Chief of Police Cites Role of TrapWire During Senate Committee Hearing
12:43pm (ET) 10/13/2011

" The MPD receives SARs through many different methods, including 911 calls, text messages, email, ouriWatchDC public web portal, from trained terrorism liaison officers,TrapWire reports from critical infrastructure sites, and observations made by patrol officers during the course of their duties. All of these SAR reports are forwarded to the fusion center and reviewed by trained analysts to ensure that the reports meet the established standards for suspicious activity reporting. If they do, the reports are entered into software programs where they are plotted for pattern analysis and proximity to critical infrastructure and other sensitive locations."

Chairman Lieberman, Ranking Member Collins, members of the Committee, staff and guests – thank you for the opportunity to present this statement on the status of information sharing among federal and local partners. I am the Chief of Police of the Metropolitan Police Department of the District of Columbia, the primary police force in the nation’s capital. As the Chief of a major city police department, I am very pleased to be able to brief you on the significant progress made in federal–local information sharing, and how that has improved our ability to safeguard the public.

In my testimony, I will elaborate on why it is even more important now, ten years later, to recognize the vital role of local law enforcement in our homeland security efforts. With threats to the nation constantly evolving, local law enforcement officers who are on the street every day are uniquely positioned to detect and prevent terrorist incidents. There are more than 700,000 law enforcement members across the nation that know and are connected to the communities they serve, placing them in the best position to detect and investigate criminal activity that might be connected to terrorism or violent extremism. Clearly, information sharing with local police is essential to countering the threats we face going forward.

Important groundwork for the anniversary preparations was established in 2010. With a significant increase in American citizens or residents aligned with violent Islamic extremists arrested or convicted in 2009, the Department of Homeland Security (DHS) launched a broad working group on Countering Violent Extremism (CVE). From the outset, this working group included local law enforcement. Following that effort, DHS and the Federal Bureau of Investigation (FBI) committed to a partnership with MPD to engage and educate our partners in the private sector and the community. Beginning in 2010, we jointly briefed thousands of government and private sector partners around the National Capital Region on recognizing and reporting suspicious activity; as well as responding to potential terrorist threats. Those briefings certainly paid off, as you will see, when we entered the high threat period of the 9/11 10-year anniversary.

Fast forwarding to last month, early on the morning of September 8, 2011, I received virtually simultaneous calls from my own official in the Joint Terrorism Task Force (JTTF) and my counterpart at the Department of Homeland Security urging me to attend a classified briefing on an emerging threat to Washington, DC, and New York. Within an hour, both the FBI and DHS provided me with unfettered access to the actual cable outlining the threat. This shows that not only have we built strong relationships in the region, but more importantly the institutional structures that we have created are ensuring the flow of information. What was perhaps even more important was the quality of the information made available to me. The details in the briefings were far greater than law enforcement had received in the past and enabled our officers to focus on the specifics of the threat.

Equally important, within 24 hours, the intelligence community collectively decided that the public needed to be informed of this credible threat, a significant departure from previous experiences. This decision helped law enforcement in several ways. For one, many of the actions of local law enforcement are much more visible than those of our federal partners, and in many cases are intended to be. In other words, our community members notice when we takes steps in relation to a heightened threat – they see us on the street, around critical infrastructure, and they know that something unusual is happening. Although this may only be a local concern, announcing the threat helps local authorities explain – and sometimes justify – our actions to the public. Local partners appreciate this support. More importantly, making this potential threat public helped us focus our community on reporting suspicious activity that may help us detect and deter those who may be interested in carrying out this threat. Obviously, when we can effectively harness and direct the attentions of the public, we can get more – and more useful – information to help us counter a threat. In this case, after the announcement our calls for suspicious activity jumped significantly.

Most importantly, this announcement caused many of our private sector partners that had been involved in the joint briefings months earlier to report specific suspicious activity that warranted further investigation. For example, on September 10th, MPD was contacted by the general manager of a local hotel who advised that six males from various Middle Eastern countries had checked into the hotel between the 8th and the 10th. The last to arrive paid cash for his room, and asked for a specific view of a notable landmark. All six individuals placed "Do Not Disturb" placards on their doors. A manager at another hotel contacted MPD on September 11th to report that cleaning personnel had found suspicious items left in a hotel room. The occupant had departed early without checking out, and leaving cash for the room. In this instance, the activity was linked to suspicious financial transactions reported earlier in the week. MPD and the FBI determined that the case did not have a nexus to terrorism, but was linked to criminal activity. Although neither instance was related to the 9/11 threat or to terrorism, the hotel managers took the right step in calling to report these indicators.

As you can see, providing some information to the public helps our efforts in the long run. It is a recognized principle in policing that sometimes you need to give a little information in order to get information. With the information about the threat on the anniversary of 9/11, and the visible government mobilization to it, the public is reminded of the importance of sharing information about suspicious activities with authorities. It reinforces the significance of the "See Something, Say Something" campaign, which is strongly supported by federal and local partners.

Fortunately, our experience here in the District of Columbia during the threats around the 9/11 anniversary highlighted several areas in which information sharing has improved. However, recognizing that my experience as the Chief of Police of the nation’s capital may differ from other chiefs around the country, I reached out to colleagues around the country, including Charles Ramsey, current Police Commissioner in Philadelphia and President of the Major City Chiefs, and of course former chief of MPD, and Raymond Kelly, the Police Commissioner of the New York Police Department. Across the board, local law enforcement chiefs agreed that the progress since 9/11 has been tremendous.

One person simply and aptly described the fusion centers and the FBI’s Field Intelligence Group and Directorate of Intelligence as "game changers" for local police departments. We would not be able to prepare for and work together to prevent the significant threats facing our communities without this sea change in governmental cooperation. In addition to these cornerstones of federal–local information sharing, we continue to work on new links between the levels of government and with the private sector.

The Washington Regional Threat and Analysis Center, the District’s fusion center, serves a critical role in receiving, vetting and sharing suspicious activity reports (SARs). The MPD receives SARs through many different methods, including 911 calls, text messages, email, our iWatchDC, public web portal from trained terrorism liaison officers, TrapWire reports from critical infrastructure sites, and observations made by patrol officers during the course of their duties. All of these SAR reports are forwarded to the fusion center and reviewed by trained analysts to ensure that the reports meet the established standards for suspicious activity reporting. If they do, the reports are entered into software programs where they are plotted for pattern analysis and proximity to critical infrastructure and other sensitive locations. The vetted reports are then entered into the National SAR Shared Space where they are available for review by the national network of fusion centers, and are forwarded to the FBI’s eGuardian system for investigation by the Joint Terrorism Task Force (JTTF).

While the high tech support may be more interesting, low tech support is just as important. Our DHS partnership here in the District has been critical in educating the private sector about detecting and protecting business and customers from risks and threats. Even before the launch of the CVE working group, DHS has been a constant partner in trainings for the District’s hospitals, hospitality industry, Business Improvement Districts, and others. They provide materials such as CDs and booklets that my Department would not be able to fund. Most importantly, they lend credibility to our public education efforts.

As we continue this forward progress, there are several areas that we should focus on. The most critical need continues to be effective and interoperable communications. Although the 9/11 anniversary highlighted the advances we have made in the past ten years, the earthquake that struck the region a few weeks earlier highlighted a problem we have not solved: instant communications. When the earthquake struck, I was in a Drug Enforcement Administration briefing with two other police chiefs. For at least 15 minutes after it struck, we were not able to use our cell phones to communicate with anyone. Rest assured, we do have other options. We can use the Government Emergency Telecommunications Service (GETS), the decades-old failsafe communication procedure. We can, of course, also use police radios. But neither of these methods is efficient. Using the GETS card takes time, and, during emergencies, police radios will already be subject to increased traffic from the public calls for service. Neither of these is the answer for a secure and reliable communication network. From my perspective, the federal government must move forward with D-Block, a broadband spectrum for first responders. It is past time for this recommendation from the 9/11 Commission to be implemented.

Beyond that critical step, the overarching imperative is that we must continue to institutionalize this information sharing. If this process is just built on relationships and personalities, there will be gaps and it will ultimately fail. Most people in the federal community are excellent partners, but my colleagues around the country report that, to put it bluntly, some people and organizations still don’t get it. More specifically, although progress has been made on over-classification, we must remain vigilant. It is particularly frustrating to local officials when major media outlets share more information than we have. It can’t be an effective security strategy to have law enforcement learning of threats or other intelligence at the same time that the public and potential terrorists learn of it. Local law enforcement recognizes and respects that intelligence agencies are reluctant to reveal their sources or techniques. However we continue to believe the intelligence interests can be readily balanced with the need to share actionable intelligence. Although we share the same ultimate goal of safeguarding the country, both the law enforcement and intelligence community still need to work to understand the varying intermediate interests and operations of the other, in order to help each other more effectively and efficiently work to attain our organizational goals.

Maintaining robust fusion centers and co-locating analysts helps to counter any natural tendencies in the intelligence and law enforcement communities to operate in silos. This familiarity also helps the intelligence community to better target the information they share. There has certainly been progress in this area, but local law enforcement is still given more information than we can sift through. This brings us to one of the most critical issues facing local partnerships in homeland security – funding. Nationwide, local law enforcement faces significant budget pressures, and police departments need federal support and resources to continue their vital work. This includes funding for fusion centers and analysts to work with law enforcement.

Although the technology to support homeland security efforts has advanced in areas many could not have foreseen a decade ago, we now eagerly look to future improvements. For instance, classified information is currently only available in specific locations, which requires that all organizations have representation at the right places. But public safety and homeland security is not a stationary effort. When there is a public safety threat facing a city, chiefs of police do not sit in a command center; we are out on the street, assessing conditions on the ground, directing our officers, and reassuring the public. Therefore, we must find ways to share classified information on the move.

This would also help us with another gap: involving smaller jurisdictions in this effort. Although smaller jurisdictions have even fewer resources to devote to homeland security efforts than our major cities, our small cities and towns are just as likely to be the setting for suspicious and criminal activities. Larger police departments and the federal government bear equal responsibility for reaching out to and involving smaller law enforcement agencies. Regional fusion centers can fulfill a critical role by increasing outreach and technical assistance to smaller local law enforcement agencies. Every agency should have a trained Terrorism Liaison Officer able to connect their agency with regional and national efforts to detect and deter terrorist threats.

In closing, federal and local coordination in countering terrorism has advanced significantly over the past ten years. I know that the District, the National Capital Region, and the country are safer because of this work. However, we cannot rest as we still have work to do. I look forward to continuing to work with all of you on this vital effort.

Thank you again for the opportunity to appear before you today.


Interviews at The Entrepreneur Center @NVTC


An Interview with Richard "Hollis" Helms, Founder and CEO, Abraxas Corp.
November 7, 2005

Not to be confused with the other Richard Helms (who headed the CIA under Nixon), “Hollis” Helms was with the CIA for nearly 30 years until October 1999, including 12 years overseas in several postings in the Mideast and South Asia. He was also one of the original assignees to its Counter Terrorism Center in the mid-1980s. He started Abraxas Corp. four years ago. Headquartered in McLean, it now has 225 employees. Helms has a BA and MA (in national security policy) from American University.

Bisnow on Business: This is some retirement – you left the government and became an entrepreneur. How did you get into this business?
After retirement I worked for a small company for a year before it was sold to a very large firm. Six of my coworkers at the time sat around my kitchen table discussing whether we should or could start something on our own. One of them brought a spreadsheet, something new to me at the time, which showed reasons for not going into business, the cost of doing business, and how cash flow needs were excessive. Everyone immediately pushed back from the table but me, and declined to go forward. I went forward with a $5,000 investment. Then after 9/11, my former colleagues were being called in by big defense contractors to help defend the country. Most contractors did not understand the uniqueness of the problems, nor the potential these people represented. So I seized the moment, because I could identify extraordinary people who were available and was able to offer them what the big companies could not: ownership. From that kernel we have developed a number of technology solutions for the security and defense problems of today.

So what does Abraxas do exactly?
We have the largest aggregate of analytical counter-terrorism capabilities, outside of the U.S. Government, and are foremost among competitors in intelligence experience. We offer data collection and analytical skills, fraud investigation and containment, domestic and international due diligence, competitive market intelligence, new market entry, with an emphasis on China, political, economic and security assessment, behavioral analysis and deception detection services. We give clients a competitive advantage by providing them with better information, enabling them to make stronger and more informed decisions. With offices in both the U.S. and China, we can serve clients effectively and efficiently across the globe.

Who would use you for what?
The vast majority of our clients are big or small companies dealing with different cultures where they don’t have skills in-house to understand overseas risks. They may have a lot at stake dealing with a foreign company, for example, that’s investing in them or manufacturing something for them, and they want to have a Plan B in case that company has labor or governmental difficulties. We advise them. At one point, we calculated that our employees have over 3,000 years of experience in foreign intelligence.

What’s the deliverable? A thick black briefing book?
We have done that kind of advice and due diligence for clients, but sometimes it’s as simple as, “Can you participate in this meeting with us, could you bring in one of your experts for the Q & A?”

Choosing to put your own money up first is a risk. How did you determine that was the right course of action versus seeking outside investors?
No one in his or her right mind would give you money without you already having something at risk. You need to determine – fairly accurately – what it takes to get started and reach profitability. I think the more money you have to start a business, the more money you will spend and the less efficient you will be, and having more money may delay profitability. I say start with using your own money and plan on using as little as possible. While there are people who will invest, if you do not have an investment yourself, you are taking on partners, which means time away from managing and developing your business. The more you spend getting it going, the longer it will take to be profitable.

So you don’t believe that early money is like yeast?
Not in my experience. The ability to execute the plan is the most important aspect of a successful startup. If you cannot execute the idea, it is useless. The Wrights could not execute much beyond their first flights – other aeronauts accomplished much more. Curtiss Aircraft, the company started by Glenn Curtiss, eventually purchased the Wrights’ company and the new company became known as the Curtiss-Wright Aircraft Company, not the Wright-Curtiss Aircraft Company. Even though the Wrights bitterly used patent lawsuits against Curtiss, he flew rings around them as an inventor and an entrepreneur. Curtiss was building motorcycles when the Wrights first flew. He, in my view, was one of the real entrepreneurs in American aviation.

You really draw from the early entrepreneurial spirit of aviation.
There was an incredible amount of entrepreneurship involved among the early developers of powered, fixed winged aircraft. The Wright brothers were the first, but they ran out to file their patents to protect their work and reap their rewards. It is remarkable where they were not able to take their invention. While they used every piece of information they could lay their hands on to systematically solve the problem of the first flight, they gave little thought beyond the event and their patents. Meanwhile, an explosion of development work took place in Europe where U.S. patents were not feared and a free exchange of information was taking place. There were numerous inventions that resulted in flight safer than in a Wright airplane.

You have a product with an intriguing name: TrapWire. What is it?
It’s a proprietary technology designed to protect critical national infrastructure from a terrorist attack by detecting the pre-attack activities of the terrorist and enabling law enforcement to investigate and engage the terrorist long before an attack is executed. The beauty of it is that we can protect an infinite number of facilities just as efficiently as we can one and we push information out to local law authorities automatically.

Is TrapWire a service or a product, or what does it look like exactly?
It’s a software application we’ve developed over the last two years. It runs on a server and is used across whole industries. For example, the nuclear industry has 104 civilian owned and operated nuclear power plants, and yet they don’t collect or share pre-attack information. TrapWire can help do that without infringing anyone’s civil liberties. It can collect information about people and vehicles that is more accurate than facial recognition, draw patterns, and do threat assessments of areas that may be under observation from terrorists. The application can do things like “type” individuals so if people say “medium build,” you know exactly what that means from that observer.

You were the only employee at the beginning, and now you’ve grown to over 200. How’s that affected your role?
In the beginning, I did everything because it was just me. Doing proposals, accounting, business development, hiring, and human resource jobs are some of the things I did. I now focus on CEO functions of taking the company forward. I am challenged to learn a new, more focused role for the company and am involved in the planning and execution of all new initiatives. This includes the initiation of a summer intern program for analysts and operations personnel who are currently in, or are finishing, graduate school. I am also directing research into a new line of simulation business. I am one of several people in our company looking at opening new offices in southern Virginia and in Florida.

What do you think of advisory boards?
I think they are an invaluable way in which companies can access the talent and insight of revered professionals across a range of industry perspectives. We created an Advisory Board in 2004, and are delighted with the participation of retired Air Force Gen. John Gordon, former Virginia Governor Jim Gilmore, President Robert M. Bryant of the National Insurance Crime Bureau, and others.

Are you currently partnering with any companies?
In general we partner with a wide range of large and small defense contractors. One particularly interesting small company is called Sentia Group, which has developed a software application that combines cutting-edge advances in agent based modeling with the accumulation of subject matter expert knowledge. It draws on algorithms from game theory and spatial modeling to simulate the interactions between different individuals and stakeholders and can be implemented in a number of different political and social situations. We’re excited about its technology because we believe we can make it dramatically improve analytic outcomes.

Your career seems to have been fast paced. Do you seek any extracurricular thrills?
Some might say my flying around the country in an airplane I built myself is gambling. I believe I reduced the risks – and increased the performance – by building a better airplane than any I could afford from a U.S. manufacturer.

Which was?
A Lancair 360, built in my garage.

What does Abraxas mean?
It’s an ancient Greek word believed to be the source of the phrase “Abra-Kadabra.” But I prefer to think of it as one of the four horses that pulls the chariot of Helios, the sun god, around the heavens.

How’d you think of it?
To tell you the truth, I was having to fill out a Virginia state incorporation form, and I went into the living room and said, “Quick, give me a name—I don’t want to be one of these companies named after myself.” And my daughter was reading a book of mythology. Only later did I realize Abraxas was also the name of a hard rock band, and a Santana album.   🙂


Stratforgate: WikiLeaks releases ‘shadow CIA’ mail

Get short URL

email story to a friend print version

Published: 27 February, 2012, 09:59
Edited: 01 March, 2012, 14:08

Stratforgate: WikiLeaks releases ‘shadow CIA’ mail

Stratforgate: WikiLeaks releases ‘shadow CIA’ mail


TAGS: Scandal, Politics, WikiLeaks

Whistleblower website WikiLeaks has exposed more than 5 million emails apparently obtained by the hacking of Stratfor, the private intelligence company dubbed the “shadow CIA”. The leak may be as high-profile as that of the State Department cables.

The emails, dated between July 2004 and late December 2011, give a glimpse on the inner workings of the company. They show how Stratfor gathers confidential information from paid insiders, including senior state officials, and provides it to large corporations and US governmental agencies.

The private correspondence confirms that Stratfor’s area of interests goes far behind those of a merely civilian firm. In one report, an insider in Russian defense revealed sensitive information on the tactical ballistic missile Iskander, including its development progress and the use during the August 2008 armed conflict with Georgia.

The think-tank is operating as an outsourced spy agency, recruiting sources and pumping them for insider information (and, as skeptics say, disinformation). It lacks capabilities that true special services have, like using spy drones or secretly raiding governmental archives James Bond-style. But otherwise Stratfor operates successfully, turning secrets into cash outside of the usual restrictions and need for accountability that their state counterparts face.

The company’s spy network scoured for info on things ranging from health condition of Venezuela’s President Hugo Chavez to the laundering of drug profits by Mexican cartels, to the loss of faith in the Obama administration by US business elites. WikiLeaks itself was also an important topic of research for Stratfor, with more than 4,000 of the emails mentioning the website or its founder Julian Assange.

It also reveals Stratfor’s close ties with US agencies, from Marines Corps to Department of Homeland Security and what WikiLeaks calls a pro-American neoconservative political bias. “Stratfor claims that it operates ‘without ideology, agenda or national bias’, yet the emails reveal private intelligence staff who align themselves closely with US government policies and channel tips to Mossad,” the whistleblower website says in a statement.

WikiLeaks shared the material with more than 25 media outlets and activists throughout the world. The partners have been provided with early access to the database for journalistic investigation of the emails.

“Important revelations discovered using this system will appear in the media in the coming weeks, together with the gradual release of the source documents,”
WikiLeaks says.

WikiLeaks did not specify how exactly it came into possession of the Stratfor emails. However, the company itself admitted in December that its data servers had been breached by the “hacktivist” group Anonymous. The hackers posted online the names, emails and credit card numbers of thousands of Stratfor subscribers.

Stratfor dismissed the leak, calling it “a deplorable, unfortunate – and illegal – breach of privacy.”

“Some of the emails may be forged or altered to include inaccuracies; some may be authentic. We will not validate either. Nor will we explain the thinking that went into them. Having had our property stolen, we will not be victimized twice by submitting to questioning about them,” the company said in a statement.

It went on to confirm that the WikiLeaks disclosure must come from the Anonymous hack.


Anonymous details Stratfor Christmas hack

Get short URL

email story to a friend print version

Published: 28 December, 2011, 00:08
Edited: 07 March, 2012, 12:32

Reuters / David McNew

Reuters / David McNew

TAGS: Scandal, SciTech, Internet,Information Technology, Corruption, USA,WikiLeaks, Culture, Social networks, Anonymous

Operatives within the hacking collective Anonymous called the Christmas weekend release of data pertaining to customers of security firm Stratfor one of the biggest endeavors the group has ever undertaken.

For the insiders at Strategic Forecasting Inc. that thought their troubles were coming to a close already, however, they might not want to count their blessings just yet. Hackers are still on the prowl and the firm is warning their clients to keep quiet lest they want to risk further attacks.

Happy holidays!

Over the weekend, hacktivists with Anonymous released the names and credit card details of Stratfor clients, a move that Anon operative Barrett Brown says in a statement was made not just to make that information public, but rather an attempt at revealing nearly 3 million online contacts that have corresponded with the firm, known as a top-secret dealer of American intelligence.

“This wealth of data includes correspondence with untold thousands of contacts who have spoken to Stratfor’s employees off the record over more than a decade,” writes Brown. Those contacts, he says, link Stratfor with major corporations and military contractors and government agencies that have been of interest to the group since February 2011 — a fascination, he writes, the spawned due to “among many other things, a widespread conspiracy by the Justice Department, Bank of America and other parties to attack and discredit WikiLeaks and other activist groups.”

“Since that time,” he adds, “many of us in the movement have dedicated our lives to investigating this state-corporate alliance against the free information movement. For this and other reasons, operations have been conducted against Booz Allen Hamilton, Unveillance, NATO and other relevant institutions.”

Following the document dump on Saturday, Stratfor quickly reported the attack to its customers and warned them that their personal data could be in jeopardy; In the days since, the firm has followed through with its clients and letting them know that they aren’t exactly in the clear yet.

Stratfor first posted on their Facebook of the hack on Sunday afternoon, apologizing to customers and insuring them that a formal investigation was beginning to help make sense of the matter. As the news quickly made its way around the web, Stratfor followed up hours later by warning their clients through the social networking site that speaking out against the responsible hackers could do more harm than good.

“It’s come to our attention that our members who are speaking out in support of us on Facebook may be being targeted for doing so and are at risk of having sensitive information repeatedly published on other websites. So, in order to protect yourselves, we recommend taking security precautions when speaking out on Facebook or abstaining from it altogether,” the firm followed up with.

By the time Stratfor had issued that warning, 860,000 usernames, 75,000 credit card accounts and millions of email addresses were hacked. The firm quickly went on the record to downplay the attack and dismiss it as not an infiltration on its private clients as Anonymous operatives insisted. Technology commentator Colin Jackson tells Radio New Zealand, however, that no matter what kind of clientele was victimized by Anonymous in this case, it must be "really, really embarrassing for Stratfor."

Stratfor "has made a press statement saying ‘oh, this kind of thing happens to everybody and it’s pretty hard to keep these guys out.’ Yeah, right, well, you are supposed to be security experts," Jackson adds.

Given Anonymous’ tendency to continue with a kill until their prey is all but pulverized, the onslaught against Stratfor is almost sure to continue in one form or another. In a follow up to the attack, operative Barrett Brown returned to the Web to offer more insight as to why the attack was carried out.

“Although Stratfor is not necessarily among the parties at fault in the larger movement against transparency and individual liberty, it has long been a ‘subject of interest’ in our necessary investigation,” he writes. “The e-mails obtained before Christmas Day will vastly improve our ability to continue that investigation and thereby bring to light other instances of corruption, crime and deception on the part of certain powerful actors based in the US and elsewhere.”

Adds the operative, “Unlike the various agents of the US Government, the hacking team that obtained this information did not break down the doors of the target, point guns at children, and shoot down any dogs that might have been present; Anonymous does not resort to SWAT tactics, and this is simply one of many attributes that separate the movement from the governments that have sought to end our campaign and imprison our participants. Of course, such points as these will not prevent our movement from being subjected to harsher scrutiny than is given to those governments which are largely forgiven their more intrusive tactics by virtue of their status as de facto holders of power in a world that has long been governed in accordance with the dictate that might makes right.”

Brown adds to RT, however, that Stratfor’s course of action to assure their customer’s safety was handled well in the aftermath.

“That warning may be intended to turn the focus onto alleged wrongdoing by those who support Anonymous, in which case it worked well enough to prompt a few major news stories,” he tells RT. “Or, it may actually be a well-intentioned effort to prevent any hardship for their customers. If it’s the latter, it’s a very ethical course to take, and in such case they shouldn’t be criticized for choosing that course over a pretended ability to protect their customers in an unusual and fast-moving situation.”

The attack on Stratfor is only the latest in a string of hacks waged at supporters of what operatives say are colossal attacks on freedom and the flow of information. As the Stop Online Piracy Act and National Defense Authorization Act for Fiscal Year 2012 made their way through Congress earlier this month, activists against the legislation have launched similar campaigns to take down congressman and corporate sponsors that supported the bills. While those attacks seem far from over, Barrett Brown adds to RT that Strafor’s clients shouldn’t be worried of a follow-up strike. For the Anon operative, he tells RT that the firm’s clients “should not be concerned for their safety at all; nothing further will happen to them.”

“It is any of their past e-mail correspondents who might have revealed information that could come back to haunt them who should be concerned for their reputations in such cases, as they might be shown to be culpable for anything that negatively affects the public,” he says.

On his Twitter account, Brown says that "The Stratfor operation may yield the most revelatory trove of information ever seized by Anonymous," and updated followers on Tuesday that the previously reported tally of 2.5 million email accounts linked to Stratfor by the hackers had increased to over 3.3 million.