Remember the Joint Threat Research Intelligence Group, the unit of British spy agency GCHQ that uses criminal-style techniques to disrupt and discourage online activism? Now, thanks to a new Snowden document published late Monday by The Intercept, we know JTRIG also developed tools for manipulating online polls, “shaping” what people see, and spamming on an epic scale.
The document comprises screenshots of a GCHQ wiki page for JTRIG tools and techniques. It’s a sort of menu for other departments in GCHQ, showing what tools have been developed or were under development – the page was last updated in July 2012, and a note near the top says “We don’t update this page anymore,” pointing users to a newer page.
Apart from providing a list of rather hilarious codenames with frequent geek culture/gaming references (CONCRETE DONKEY is a Worms weapon; POD RACE a Star Wars thing) and a few nods to questionable music (a data collection system called JAZZ FUSION has a subsystem called TECHNO VIKING), the page also gives an interesting insight into modern propaganda and disinformation techniques.
Using JTRIG’s toolset, agents can:
- Spoof an email address and send mail from it (CHANGELING, or SCRAPHEAP CHALLENGE for BlackBerry users – “Ready to fire, but see constraints”)
- Send out spam emails on mass scale (BADGER – “Ready to fire”)
- Send out audio messages to large numbers of phones or “repeatedly bomb a target number with the same message” (CONCRETE DONKEY – “In development”)
- Spam a target with text messages (CANNONBALL – “Ready to fire”) and send spoofed text messages (BURLESQUE – “Ready to fire”)
- Send out SMS spam to lots of people (WARPATH – “Ready to fire”)
- Spam instant messaging users with “a tailored message” (PITBULL – “In development”)
- Fax-spam (SERPENTS TONGUE – “In redevelopment” for some reason)
- Automate interaction and alias management on social networks including Twitter (SYLVESTER)
- “Produce and disseminate multimedia via the web” (SKYSCRAPER – “Ready to fire”)
- Amplify messages, normally video, on sites like YouTube (GESTATOR)
- “Change the outcome of online polls” (UNDERPASS – “In development”)
- Clone and alter websites in real-time (HAVOK)
- “Masquerade Facebook Wall Posts for individuals or entire countries” (CLEAN SWEEP – “Ready to fire”)
- Insert media into target networks (SPACE ROCKET)
- Boost website hits and rankings (BOMB BAY – “In development”) and inflate page views on websites (SLIPSTREAM – “Ready to fire”)
- Use denial-of-service attacks (PREDATORS FACE and ROLLING THUNDER)
So, by the looks of it, agents can send out mass messages on a variety of platforms, shape which websites people are most likely to see – both by boosting some sites and crushing others with denial-of-service attacks — and shape the conversation on social networks. 50 Cent Party, eat your heart out.
There’s also a section entitled “Shaping and Honeypots” that mentions a URL shortening service (DEADPOOL), a “secure one-to-one web based dead-drop messaging platform” (HUSK), a file-sharing site (LONGSHOT), an image hosting website (PISTRIX) and a “public online group against dodgy websites” (NIGHTCRAWLER). It would be lovely to know which sites and services those codenames refer to.
Also, GCHQ-ers can spy on people and attack targets’ computers in various ways, as one would expect:
- “Permanently disable a target’s account on their computer” (ANGRY PIRATE – “Ready to fire” with restrictions)
- Disrupt target’s Windows computer (STEALTH MOOSE – “Ready to fire” with restrictions)
- Block the target from being able to send or receive email or view online material (SUNBLOCK – “Tested, but operational limitations”)
- Identify and encrypt files on a target’s computer (SWAMP DONKEY – “Ready to fire” with restrictions)
- Find private photos on Facebook (SPRING BISHOP)
- Get Skype call and chat records, and contact lists, in real-time (MINIATURE HERO)
And so on. This is quite the catalog.