GCHQ JTRIG Tools and Techniques for propaganda and internet deception

Pierluigi Paganini July 15, 2014

Edward Snowden leaked a top-secret GCHQ document which details the operations and the techniques used by JTRIG unit for propaganda and internet deception.

The JTRIG unit of the British GCHQ intelligence agency has designed a collection of applications that were used to manipulate for internet deception and surveillance, including the modification of the results of the online polls. The hacking tools have the capability to disseminate fake information, for example artificially increasing the counter of visit for specific web sites, and could be also used to censor video content judged to be “extremist.” The set of application remembers me the NSA catalog published in December when the Germany’s Der Spiegel has revealed another disturbing article on the NSA surveillance, the document leaked by tge media agency was an internal NSA catalog that offers spies backdoors into a wide range of equipment from major vendors. 

The existence of the tools was revealed by the last collection of documents leaked by Edward Snowden, the applications were created by GCHQ’s Joint Threat Research Intelligence Group (JTRIG) and are considered one of the most advanced system for propaganda and internet deception. JTRIG is the secret unit mentioned for the first time in a collection of documents leaked by Snowden which describe the Rolling Thunder operation, the group ran DoS attack against chatrooms used by hacktivists.

and it also used “fake victim blog posts,” “false flag operations,” “honey traps” and psychological manipulation to target online activists, monitor visitors to WikiLeaks, and spy on YouTube and Facebook users.” states the blog post published on the Intercept.

The post mentions a top-secret GCHQ document called “JTRIG Tools and Techniques” which details the operations and the techniques used by JTRIG unit, the presentation was created with the purpose to share information on “weaponised capability” of the team with other units of the GCHQ.

Many tools designed by JTRIG are introduced as “in development,”but many of them as “fully operational, tested and reliable.”

“We only advertise tools here that are either ready to fire or very close to being ready.” reports the presentation.

The document is reserved for internal use, querying it GCHQ agents may have an idea of surveillance and online deception activities which can be conducted by the Intelligence agency.

“The page indicates that it was last modified in July 2012, and had been accessed almost 20,000 times.”

JTRIG capabilities


The presentation details the list of tools designed by the JTRIG which were used for the Internet surveillance and also for PSYOPs by manipulating and distorting online political discourse and disseminating state propaganda.

The post provides the complete list of JTRIG capabilities:

  • “Change outcome of online polls” (UNDERPASS)
  • “Mass delivery of email messaging to support an Information Operations campaign” (BADGER) and “mass delivery of SMS messages to support an Information Operations campaign” (WARPARTH)
  • “Disruption of video-based websites hosting extremist content through concerted target discovery and content removal.” (SILVERLORD)
  • “Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.” (MINIATURE HERO)
  • “Find private photographs of targets on Facebook” (SPRING BISHOP)
  • “A tool that will permanently disable a target’s account on their computer” (ANGRY PIRATE)
  • “Ability to artificially increase traffic to a website” (GATEWAY) and “ability to inflate page views on websites” (SLIPSTREAM)
  • Amplification of a given message, normally video, on popular multimedia websites (Youtube)” (GESTATOR)
  • “Targeted Denial Of Service against Web Servers” (PREDATORS FACE) and “Distributed denial of service using P2P. Built by ICTR, deployed by JTRIG” (ROLLING THUNDER)
  • “A suite of tools for monitoring target use of the UK auction site eBay (www.ebay.co.uk)” (ELATE)
  • “Ability to spoof any email address and send email under that identity” (CHANGELING)
  • “For connecting two target phone together in a call” (IMPERIAL BARGE)

The information provided in the presentation confirms the previous revelations on the capabilities of British Intelligence, the tools and the techniques available at of GCHQ are not different from the ones used by NSA and by its secret unit known as TAO.

In the past we discussed about Tempora Operation, the massive tapping program conducted by Britain’s Government Communications Headquarters (GCHQ) and revealed by The Guardian, this last revelation on JTRIG’s activities shows that British Intelligence, like US one, is working to improve its capabilities for the control of the Internet and any other channel of communication.

GCHQ refused to provide any comment on the revelation, the agency claims that it acts “in accordance with a strict legal and policy framework” and is subject to “rigorous oversight.” …. what do you think about?

Pierluigi Paganini

Security Affairs –  (GCHQ, JTRIG)

you might also like

leave a comment