Unravelling TrapWire: The CIA-Connected Global Suspicious Activity Surveillance System

A screenshot from the front page of trapwire.net, which is believed to be a web-based portal affiliated with the TrapWire system.

Public Intelligence

Hacked emails from the private intelligence firm Stratfor shed light on a global suspicious activity surveillance system called TrapWire that is reportedly in use in locations around the world from the London Stock Exchange to the White House.  The emails, which were released yesterday by WikiLeaks, provide information on the extent and operations of a system designed to correlate suspicious activity reports and other evidence that may indicate surveillance connected with a potential terrorist attack.

A proprietary white paper produced by TrapWire, formerly called Abraxas Applications, describes the product as “a unique, predictive software system designed to detect patterns of pre-attack surveillance.”  In an interview from 2005 with the Northern Virginia Technology Council, the CEO of Abraxas Corporation Richard “Hollis” Helms says the goal of TrapWire is to “collect information about people and vehicles that is more accurate than facial recognition, draw patterns, and do threat assessments of areas that may be under observation from terrorists.”  Fred Burton, the former CEO of Stratfor and current vice president, describes TrapWire in an email from November 2009 as “a technology solution predicated upon behavior patterns in red zones to identify surveillance. It helps you connect the dots over time and distance.”

Documents submitted with Abraxas’ initial trademarking of TrapWire, describe the system as utilizing “a facility’s existing technologies (such as pan-tilt-zoom [PTZ] cameras) and humans (security personnel, employees, and neighbors)” to collect data which is then “recorded and stored in a standardized format to facilitate data mining, information comparison and information sharing across the network.”  TrapWire “standardizes descriptions of potential surveillance activity, such as photographing, measuring and signaling” and then shares “threat information” across the network to track potential correlations across other locations on the network.

One thing that makes TrapWire a particularly interesting company is that its president, chief of operations and director of business development are all former employees of the Central Intelligence Agency.  According to a management page on TrapWire’s website, which has recently been removed for an undisclosed reason, the president and one of the founders of the company, Dan Botsch, “served 11 years as an Intelligence Officer with the Central Intelligence Agency, focusing on Russian and Eastern European affairs.”  Michael Maness, the company’s business development director, served over 20 years with the CIA, “where he directed counterterrorism and security operations in the Middle-East, the Balkans and Europe. As a senior operations officer and field operations manager, he was instrumental in combating Al-Qaeda’s operational units in the immediate wake of the September 11 terrorist attacks.”  Michael K. Chang, the company’s director of operations, served for “12 years with the Central Intelligence Agency as a counterterrorism operations officer and security officer” and even acted as personal security for the Director and Deputy Director of Central Intelligence.

Abraxas Corporation, the company that originally created TrapWire under its subsidiary Abraxas Applications, also has significant ties to the CIA.  The company was founded by Richard “Hollis” Helms in 2001, two years after he left the CIA where he had worked for nearly 30 years.  Many of the company’s past employees and management have worked at the CIA or other intelligence agencies. In fact, Tim Shorrock notes in his 2008 book Spies for Hire that so many employees of the CIA were thought to be going to work for private companies like Abraxas that in 2005 CIA Director Porter Goss had to ask the company to stop recruiting in the CIA Cafeteria at Langley. The Los Angeles Times reported in 2006 that Abraxas had a contract from the CIA for developing front companies and false identities for the Agency’s nonofficial cover (NOC) program.  The company and its work are so secretive that Shorrock reportedly called the company for comment and was told, “Sir, we don’t talk to the media.”

High-Profile Clients Around the World

The Stratfor emails on TrapWire detail the extent to which the software system is being utilized around the world, describing deals with clients representing domestic agencies, foreign governments and multinational corporations.  An email from Don Kuykendall, the chairman of Stratfor, in May 2009 describes how TrapWire’s clients “include Scotland Yard, #10 Downing, the White House, and many [multinational corporations].”  The email goes on to say how Stratfor is working to help introduce TrapWire to people at “Wal Mart, Dell and other Fred cronies.”  Another email from Fred Burton to Kuykendall in July 2011 describes how the Nigerian government is interested in opening a fusion center and may want to deploy TrapWire in the Nigerian Presidential Palace.

In another email Burton brags about Stratfor’s role in authoring situation reports that feed into the TrapWire system, saying that this is the Stratfor’s number one way of impressing potential clients in government positions.  “Do you know how much a Lockheed Martin would pay to have their logo/feed into the USSS CP? MI5? RCMP? LAPD CT? NYPD CT?” Burton asks, implying that TrapWire is in use by the U.S. Secret Service, the British security service MI5, the Royal Canadian Mounted Police, as well as counterterrorism divisions in both the Los Angeles and New York Police Department. In a 2009 thesis from the Naval Postgraduate School, the Los Angeles Joint Regional Intelligence Center (LA-JRIC), one of more than seventy fusion centers around the country, is listed as utilizing TrapWire.

The emails also suggest that TrapWire is in use at military bases around the country. A July 2011 email from Burton to others at Stratfor describes how the U.S. Army, Marine Corps and Pentagon have all begun using TrapWire and are “on the system now.”  Burton described the Navy as the “next on the list.”

The Information Sharing Environment – Suspicious Activity Reporting Evaluation Environment Report from 2010 describes how the Las Vegas Police Department is providing TrapWire software to at least fourteen different hotels and casinos in the area. Several emails make reference to the network running in Las Vegas and one discusses contacting a security officer at the MGM Grand to discuss the system’s practical implementation.

According to one particularly unusual email from Burton, TrapWire is reportedly in use to protect the homes of some former Presidents of the United States.

Burton also describes TrapWire as possibly “the most successful invention on the [global war on terror] since 9-11.”  Describing his connections with the company’s management, he adds “I knew these hacks when they were GS-12’s at the CIA. God Bless America. Now they have EVERY major [high-value target] in [the continental U.S.], the UK, Canada, Vegas, Los Angeles, NYC as clients.”

Links to Nationwide Suspicious Activity Reporting Initiative

TrapWire is also linked to the National Suspicious Activity Reporting (NSI) Initiative, a program designed to help aggregate reports of suspicious activity around the country.  One email from an executive at TrapWire states that “TrapWire SAR reports are fed directly/automatically into the National SAR Initiative” as well as “the FBI’s eGuardian system if/when there’s confirmed nexus to terrorism or major crimes (which is happening frequently).”  The email goes on to say that “our networks in LA, Vegas and DC all support See Something Say Something (S4 as I call it).”

Over the past few years, several cities around the U.S. have implemented websites allowing the public to report suspicious activity, including Washington D.C., Houston and even the U.S. Army.  These activities are part of a larger program called iWatch, which also feeds into TrapWire according to a leaked email:

iWatch pulls community member reporting into the TrapWire search engine and compares SARs across the country…with potential matches being fed back to the local LE agency. An amazing amount of good quality reporting is coming in from alert citizens (and police officers) in the DC area in particular.

TrapWire reportedly operates separate regional networks around the country, each with a number of different interconnected sites.  However, the president of the company Dan Botsch explains in an email to Fred Burton that the TrapWire system operators do “cross-network” some information from separate networks and that he believes one day the networks will begin to merge:

We have regional networks in which information sharing is limited to that network. If a network has 25 sites, those 25 sites match against each other’s reports. They can also send reports to any other site on the network and they can post reports to a network-wide bulletin board. Sites cannot share information across networks.

However, we do cross-network matching here at the office. If we see cross-network matches, we will contact each affected site, explain that the individual(s) or vehicle they reported has been seen on another network, and then offer to put the affected sites into direct contact. We have not yet had a cross-network match. I think over time the different networks will begin to unite. I’m not exactly being prescient here, as there is already talk in Vegas and LA of combining their two networks. Same here in DC.

The use of TrapWire could eventually extend to fusion centers all around the country as congressional testimony from June 2011 indicates that the Washington D.C. Metropolitan Police Department is part of a trial project of the Department of Homeland Security to test the use of TrapWire.  The Texas Department of Public Safety, which operates the Texas Fusion Center, also purchased TrapWire software in 2010.


Editor’s Note: WikiLeaks has been inaccessible for some time now due to a sustained distributed denial of service attack.  All links to emails released by WikiLeaks are currently pointing to sites mirroring the content.  If WikiLeaks should come back online sometime soon, all emails associated with TrapWire should be accessible at the following URL:


Thanks to Justin Ferguson and others for helping to spread the information in these emails in the face of vigorous attempts to suppress them.

Share this: