Hacker News new | comments | ask | show | jobs | submit login
Creepy Spying System Revealed by Wikileaks, Which Then Gets Hit by DDOS Attack (reason.com)
224 points by wmeredith on Aug 11, 2012 | hide | past | web | favorite | 63 comments



RT is, as usual, full of shit. TrapWire is no secret, but a public product, available to any company who wants to pay for it (see www.trapwire.com).

"more accurate than modern facial recognition technology"

"recorded digitally on the spot"

"encrypted and instantaneously delivered to a fortified central database center at an undisclosed location to be aggregated with other intelligence"

"the corporation's ties are assumed to go deeper than even documented"

It sounds a bit ominous, but what does any of that even mean? The security video cameras have encrypted feeds into a central server, which does facial recognition? Sounds nice, but I'd be surprised if it works well enough to be useful (esp. if someone is wearing sunglasses), but not nearly as alarmed as the tone of the RT article encourages. Sounds more like fantasy technology and wasted tax money than anything else.


Wouldn't it be something as simple as a continuous recording, uploaded to NSA/gov servers where they would then run basic facial recognition, tag each face, index them and compare them for matches in the database. Then you could track where an individual has been over time.

The product may be publicly available, but the difference here is that the government is secretly installing cameras in every major public location, and building a growing database of every individual's face and movements. No individual company could do that. The government can.


the government is secretly installing cameras in every major public location, and building a growing database of every individual's face and movements

Is there any proof of this actually happening? I mean not "there's a system that does video surveillance, so they must be spying on everybody", but actual proof that there exists the database that includes every individual's face and movements and that police is installing cameras in every major public location to maintain this database (as opposed to, you know, legitimate purposes of securing major public locations).


The high profile ex-NSA whistleblowers in the press right now are making plenty of statements about these new systems.

I don't recall anything about video surveillance specifically, but what they are concerned about is the database of dossiers on everyone that includes all of the multimedia information available. They have internet traffic, email, cell information (movements) but I don't know what else is collected.

Maybe someone who's done more reading on the subject can pipe up.


Any links to these whistleblowers that tell about dossiers on everyone including internet traffic and movements?


http://www.businessinsider.com/nsa-whistleblower-says-the-go...

http://www.democracynow.org/2012/4/20/exclusive_national_sec...

Isn't internet traffic a non secret now after the warrantless spying program fiasco that whistleblower Diane Roark allegedly leaked? And if you have cell phone information you have movement information, I haven't heard anything specifically about movement other than that.


The first link has a lot of things but I think main content is distilled here: http://publicintelligence.net/binney-nsa-declaration/ Where Binney says that NSA has capability to intercept electronic communications and he suspects it is doing so without privacy guards. He however does not say anything about existence of personal dossiers on every US citizen. He also makes some estimates of new (not yet existing) NSA data storage capacity, and deduces this amount of storage may only be needed if NSA plans to capture and store all traffic without filtering. However, this system does not actually exist as of yet, and his estimates are based on "some reports" and are hard to verify. While of course extreme suspicion may be prudent in every case where a lot of taxpayer dollars is spent on building new surveillance infrastructure by an agency that has had proven its disregard for privacy, it alone does not prove current existence of the program as described above.

The second link describes the program which was explicitly made to exclude US citizens, but after 9/11 they used also data on US citizens provided by telecoms, such as AT&T - namely billing data (i.e. who talked to whom). I see no mention on them having access to location data or internet traffic, or them doing it for every US citizen. Binney was understandably outraged about warrantless surveillance on US citizens and had quit, however he neither proves not implies there's a systematic program of the extent mentioned above (i.e. personal dossier on communications, location, etc. of every person in US), unless I have missed something there.


> RT is, as usual, full of shit.

"As usual" really? They are not an objective news source, for sure, but they are decent. They often provide a good counter point on any US based and so called "free" media news sources.

> TrapWire is no secret,

Not "secret" as in classified. Secret as in your average person on the street probably doesn't know about, unless they of course read the "full of shit RT" source instead of relying say on Fox News.

> Sounds nice, but I'd be surprised if it works

Alright so if we found out that China was using the technology would you be saying the same "they have it, but no worries, it is probably not usable, so we shouldn't worry about criticizing China for it"


> "As usual" really? They are not an objective news source, for sure, but they are decent. They often provide a good counter point on any US based and so called "free" media news sources.

I don't read them much, but was pretty disappointed with their coverage of CISPA linked on reddit a couple of months ago. It was very sparse on facts, and very heavy editorialized, full of fear mongering and propaganda. Same thing here.


[deleted]


Because we all know about the political implications of Clojure on the average American.


That may be true .. but why has http://www.trapwire.com/management.html been taken offline?

Cache available here: http://webcache.googleusercontent.com/search?q=cache:0pAfaMR...


Did you read the emails WL posted? At least one of the mirrors linked to in the article is up. I read through them all (there's about 8 of them). It seems TripWire has some kind of RSS feed viewer, and most of the emails are about how StratFor can get relevant articles into that RSS feed equivalent so that they can in turn sell ad space to big contractors like Lockheed Martin.

The emails are incredibly mundane, nothing even hinting at super secret conspiracy stuff in them at all.


My feeling is there are usually far more mundane reasons for trying to break/bury a story, corruption and conflicting interests still hold weight even if the main narrative isn't worthy of a sci-fi plot.


Yeah, RT alone is not a reputable source. They thrive on unfounded conspiracy theories and often times report outright falsehoods. During the Libyan revolution, they would claim whole cities were under Gaddafi control when they was clear video and multiple members of international media proving otherwise.


It was and still is an info war, both sides acting accordingly.

Lybian revolution had plenty of staged content that was fed to "international media" who happily gulped it down. Rebel troops taking on cities in fucking flip-flops? Sure, why not. Kind of unclear who did the actually fighting, but that's not really important, is it.


Why is it so hard to believe that they would be wearing flip-flops? Under-equipped fighters is nothing new. Here's a photo of a barefoot Khmer Rouge fighter with an RPG, at the fall of Phnom Penh.

http://2.bp.blogspot.com/-mYN-WF164gg/T40tDKWNLDI/AAAAAAAAas...

Have you never seen the picture of the guy with an assault rifle, wearing gardening gloves, a life vest, and sneakers?

http://borderland-beat-forum.924382.n3.nabble.com/file/n4027...

When George Washington led 12,000 men into winter camp at Valley Forge, 2/3 had no shoes. In December. In Pennsylvania.

At least Libya was probably warm enough for flip-flops.


various "news" sources are also quite adept at turning the cameras off when the larger agenda warrants it


If you unconditionally believe video, which so obviously can be misleading, then you might as well believe RT too. The international media, which can too often means Western media, is equally suspect at times. All sides play the information war games.


Nope. But I do believe my family and friends living in Libya. I also believe family friends there.


i'm a little scared that indeed, all mirrors are offline.

Why? because it means it's actually powerful people and not "random patriots in the USA". Thus, I feel like it's a more direct hit to our freedom of speech, etc.

It's also pretty obvious that no one would think Assange actually committed crimes. You'd need to be both blind and deaf to not figured that he's been framed into this ridiculous sex affair.

ps: hello trapwire auditors, have a nice day!


There is an up to date, official mirror running on Tor as a hidden service that is still online here:

http://isax7s5yooqgelbr.onion/

I say it is "official", because the wikileaks Twitter stream mentioned it here: https://twitter.com/wikileaks/status/233859958767226880

If you don't have Tor installed at the moment, it is trivial to install it nowadays. Just install the browser bundle from here https://www.torproject.org/download/download-easy.html and you'll be viewing the Wikileaks hidden service in a couple of minutes from now.


I'm too lazy to install Tor, so: http://isax7s5yooqgelbr.onion.to/


I guess I'm blind and deaf then.

I strongly support Wikileaks, but Assange strikes me as the sort of arrogant, narcissistic jerk that is capable of exactly what the women accused him of. Whether or not it's true, I don't know, but that's why we have courts.


have sex twice in a row except she decided that the second one was rape? she didn't even get out of the bed, i don't recall reading that he was restraining her or that she truly was disagreeing with the act.

That Assange is arrogant shouldn't come into account here. Else we'd just jail all arrogant people and be done with it.

with these arguments, any sex before marriage sounds pretty dangerous to me.


The laws of where the alleged crime took place are a little more strict than the uk and usa. That said really if the alegation is made by a victim and the system want to prosecute, then he should fight the rap, not run from it. End of the day no matter how much or little we share in ideals should put anyone beyond scrutinity.

When that happens you get people sending a thousand kilos of high explosives into a school bus and walking away with a book deal and secret service protection for life. If u catch my drift

I reckon this is probably q bunch of patriot hackers operated by some shadier puppet masters. Ironically probably someone that's not friendly with the US


No allegation was made by the claimed victims. They were seeking advice on the possibility to force Assange to take a STD test, and a prosectuter independently decided to start the prosecution after reading the report. One of the victims has gotten so tired of it all that she now refuses to testify, and refuses to sign any old statements she made in regards to the whole affair.


Wikileaks needs to start distributing files encrypted before they announce what's inside them. It wouldn't provoke a DDOS and distributing the password after the announcement is much simpler.


They're in it for the fame, not the delivery. They could put it on public torrent networks if they really wanted it out there. (They've done the "this torrent is everything we have, encrypted, if something happens to Assange we'll release the decryption key" before though.) Thanks to the Streisand Effect the DDoS guarantees this will receive lots of attention.


It is on torrent networks, but the places hosting the torrents are being attacked. This attack is above 10gbit/sec. It bought down the datacentre of one of the supporter sites. This could also take certain countries offline. Saying that, their supporter sites are run by some pretty competent system admins: here are the torrents http://wikileaks-press.org:81/


What level of network connections do most datacenters have?


T1. Yes. A T1 connection was bought down. Details and source if anybody needs it. http://pastie.org/4449905


I wonder if the US Government, presumably behind most of the DDoS attacks against them, are aware of this - that attacking them now, only puts tWikileaks back into the public's attention.


I'd be a little careful with that accusation. I think there are other groups that exist that would like you to believe that the US Government is behind these attacks. I am inclined to believe that the Feds are not the ones behind the attacks because the utility of doing so legitimizes Wikileaks and draws more attention to them.


Would this not prompt every paranoid government / organisation to DDOS them?


I'm not sure if the system is as bad as it's made out to be. Check out http://trapwire.com. It seems it's really just used for preventative measures in high security areas (although any company can participate).


It is getting harder to tell who is actually suffering from paranoid delusions and who is on to something. :(


It's safe to assume there's something to most "conspiracy theories".



as well, as far as I can tell the NYUD Wikileaks mirror is fine, http://88.80.13.160.nyud.net/ , and it links a directory of torrents which is also up: http://wlstorage.net/torrent/gifiles/ .

Anyway, I don't think wikileaks can seriously be stopped from disseminating information if they choose to, there are a thousand ways to spread it and zero ways to unspread it.


Sounds like a big waste of money for me. Too bad AI is so hard, and we are experimenting with a human flagging system. Unlike DMCA notices in business sector, this apparently doesn't even seem to depend have context to the significance of the transgressions, as it appears to depend on automated content collection from whatever sources they can muster.

I wish it was a big conspiracy by the EVIL GOVERNMENT. But alas, it is probably a huge waste of the taxpayers' money.


Waste can be evil as well.


Even if it is a big waste of money, it's still evil because it's presumably taxpayers' money.

That said, the EU is doing pretty much the same with INDECT. Apparently they think it's worthwhile too...


I'm wondering why it's a big surprise there are a group of anti-anonymous hackers out there who want to shut WikiLeaks down.

The author loses credibility with me when he insinuates this must the government. Trust me, if the government wanted the site down, they'd do it themselves and not act like some sort of hacker group.

Is it such a stretch to think the Anon's aren't the only "experts" out there?


Is there any way to verify externally that there is actually a DDoS of the scale that WikiLeaks is claiming going on? Seems like it might just be a PR stunt on their side... As mentioned in other comments, there are so many other ways to distribute this type of info if you really want, and anyone savvy enough to DDoS on this scale should be aware of that, plus the information doesn't seem to be as hot as they make it out to be anyway.


I would be surprised if a site like WikiLeaks wasn't under constant attack from any number of different parties. Where is the evidence of causality?


Internet Archive now seeds torrents of all new content, at honkin' speeds. But weren't these files released in February? Or is this a new set?


Has wikileaks ever heard of bit torrent?


Yes, they use it. http://wikileaks-press.org:81/ Here are the torrents. But supporter sites are getting hit at above 10gbit/sec. You try dealing with that.


Yes, of course they have. Most of their files are bundled and released via BT.


They might have. But the problem for everyone would be proving authenticity of the million clones these torrents would have then. Another trojan-distribution opportunity?


Something that seems easy to verify with a digital signature?


While I agree, it would probably be trivial to DDOS everyone in the wikileaks swarm if they have managed to knock out all the mirrors.


I don't know how modern DDoS works, but couldn't Wikilieaks just start repeatedly broadcasting files over UDP streams. Like how it's done in Carl Sagan's Contact?


I'm sorry, but whats the point of DDOSing this release? Aren't there just a million ways to push something out? How is this effective at all?


This is science-fiction coming alive, TrapWire seems to be a little like 'Minority Report' and 'Person of Interest'.


Instead of hacking Wired journalists and remotely wiping their devices (much to their consternation), black hat folks should do this sort of thing. That I can get behind.


So let's see what this creepy thing does:

Every few seconds, data picked up at surveillance points in major cities and landmarks across the United States are recorded digitally on the spot, then encrypted and instantaneously delivered to a fortified central database center at an undisclosed location to be aggregated with other intelligence.

Awful and scary, isn't it? Let's now take a deep breath and read it again. We'll see how this article makes most mundane and unremarkable things sound like a spy triller, it's a nice piece of work:

Former senior intelligence officials have created a detailed surveillance system more accurate than modern facial recognition technology

More accurate how? Than which modern facial recognition technology? All of them together? Sounds unlikely that RT made a survey of all modern face recognition technologies. But even if they did - what exactly it allows to do more accurately and how much more accurately? From the descriptions it sounds like it is a facial recognition technology plus some pattern matching - but 99% of it is marketing-speak, so impossible to understand what it actually does.

Every few seconds, data picked up at surveillance points in major cities and landmarks across the United States are recorded digitally on the spot

So we have some data recording happening in some locations in the US. We don't know anything about these locations except that some of them are inside major US cities and some other are in known places which aren't cities. For all we know, it may be inside bank vaults in major cities, or inside private secure structures - but the authors certainly make it sound as it is practically in your bedroom. It's like they are in major cities and I am in a major city - OMG!

Then these ominous surveillance points record video digitally. Oh noes! Just like my digital camera! Must be made by CIA to spy on me too. And it does it on the spot! There must be some spy stuff going on. But you heard nothing yet:

then encrypted

As we all know, encryption is practically synonymous with shady business. Nobody who has nothing to hide uses encryption. They do, ergo they are up to something bad.

and instantaneously delivered

Instantaneously! I mean, move over, physics, CIA is here! Oh, you mean they just upload their videos to the central server over https using broadband networks? Just like I do with Youtube clips? So that must mean Youtube is under CIA control too, I guess.

to a fortified central database center

Fortified center! Certainly sounds ominous - nobody ever that is up to any good would have any physical security in his data center that stores millions of dollars in hardware and information. Fortified means bad. It's like Mordor, dude!

at an undisclosed location

Undisclosed location? Did you ever hear "undisclosed location" in context that meant anything good? It's or somebody is hiding from mafia hitmen, or some spooks are meeting to discuss their spooky things. Or it's a conspiracy-speak for "they didn't tell us where their data center is because they didn't think it's our business to know where their data center is".

to be aggregated with other intelligence

OMG, can it get any worse? Other intelligence! What kind of other intelligence? Who cares, it's obvious aggregating video with "other intelligence" can only make it worse. Other intelligence is spookier than anything else, just let your imagination run for a bit and you'd see how scary "other intelligence" can get.

It's like that face.com startup that Facebook bought - that allowed to combine facial recognition with "other intelligence" to sort facebook pictures or make logins via face recognition APIs. I didn't know those guys were CIA, I actually used them! Good thing facebook shut them down. Or maybe they just were not supposed to show this technology to the people? After all, Facebook is CIA too, so maybe they just went underground...

The employee roster at Arbaxas reads like a who’s who of agents once with the Pentagon, CIA and other government entities according to their public LinkedIn profiles, and the corporation's ties are assumed to go deeper than even documented.

And now's this. Some employees of these companies worked for CIA or DoD (we don't know in which capacity, but everybody that ever worked for DoD in any capacity is up to no good, it's clear) or "other government entities" - you know, Department of Education, EPA, NIH, Smithsonian, National Science Foundation - those all are "government entities", so we can cover a lot of ground here while sounding like we still talk about spies. And if we miss something, we can always say "it is assumed" - by which we mean we just assumed that because why not, but we will say it as if it is a known, even if undocumented, fact.

So what we have is a regular video surveillance system with some algorithms built on top, some company founded by people with govt connections, looking probably into some juicy govt contracts on securing some of the numerous govt facilities that need securing, and some creative writers making it all sound like the CIA is out to get us while giving us next to zero information on actually what we are supposed to be afraid of and what new is in what they tell us.


Can you share, which of Arthur Schopenhauer's stratagems have you used in your reply? (http://coolhaus.de/art-of-controversy/)

From the last paragraph I got you're OK with having an unregulated surveillance system in the US which records information about you and makes god-knows-what conclusions from your movements, behaviour etc. And that's absolutely fine, you are entitled to your opinion.

But you have taken much efforts trying to ridicule OP's use of words "digital", "encrypted, "instantaneously", "undisclosed" etc. How is this discussion tactics called?


He's ridiculing the article's use of the words "digital", "encrypted", "instantaneously", and "undisclosed" because the article's use of those words is in fact ridiculous.

To understand why, log out of Hacker News, and then log back in. Your browser and Paul Graham have conspired to instantaneously send sensitive encrypted digital information to an undisclosed location. I hope it's fortified.


When Paul Graham has instruments of state power and coercion at his disposal then the use of encrypted and undisclosed will be relevant. I do not wish for the state to have access to this information. It being located in an undisclosed location and being encrypted suggests to me that should the government be ordered by a court to reveal the extent of this information it will be hard to determine if full disclosure has occurred. The use of these words my be needlessly alarmist but I don't see evidence of this. The government ought not be engaging in this and it is worthwhile to be alarmed and to try to get others to be alarmed.


So you would prefer surveillance data (and let it be clear, security is not possible without at least some surveillance being conducted on secured facilities, for example - even a store like 7-11 has video surveillance systems nowdays) be transmitted in the clear, stored accessibly to any malicious intruder in a well-known location without any physical security to speak of?


Of course I'm OK with having unregulated private video recording systems. I have 6 of them around me right now - my Macbook Pro, my iPad, iPhone, two digital cameras and home security system. Why would I want the government to tell me how to use these? Because you're afraid of the government? Fine, it is prudent, but why your fear of the government turns you to regulation which is government? Maybe you mean government should report on information it collects and not collect it without a good reason? But then sensationalist description of the technology has nothing do do with the topic, does it? Then the reporting should be - which information is collected, why and why I should be concerned about it. I would certainly welcome such article. But RT does nothing of the sort.

But you have taken much efforts trying to ridicule OP's use of words "digital", "encrypted, "instantaneously", "undisclosed" etc. How is this discussion tactics called?

I'm ridiculing them not because they use these words, but because their narrative is non-existant without these words and spooky style of their arrangement. If you strip them, you are left with "Some company has video recording security system, that involves recording data, storing it on the server and then running some algorithms on it. Some law enforcement agencies use it, and the management of the company has worked for the government in the past and now is probably using their past contacts to get government contracts". I do not see anything spooky here, and it's definitely not as sensationalist as the article is, and not nearly as interesting. That's what I am ridiculing them for - for sensationalizing a mundane piece of uninteresting information into a full-blown conspiracy theory.


"From the last paragraph I got you're OK with having an unregulated surveillance system in the US which records information about you and makes god-knows-what conclusions from your movements, behaviour etc."

And no evidence for this has been supplied.

For example, you're assuming the "central database" is one big one run by the government. The term would equally well apply to a computer in a university's security office, which receives feeds from all the university's security cameras, which it likely records digitally, because it's 2012 and that's how we do things now.

The location of that university security office is probably "undisclosed" because really who cares if you don't need to go there? It's "disclosed" to people for whom that information is relevant, like people who work there.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: