GCHQ JTRIG Tools and Techniques for propaganda and internet deception

Edward Snowden leaked a top-secret GCHQ document which details the operations and the techniques used by JTRIG unit for propaganda and internet deception.

The JTRIG unit of the British GCHQ intelligence agency has designed a collection of applications that were used to manipulate for internet deception and surveillance, including the modification of the results of the online polls. The hacking tools have the capability to disseminate fake information, for example artificially increasing the counter of visit for specific web sites, and could be also used to censor video content judged to be “extremist.” The set of application remembers me the NSA catalog published in December when the Germany’s Der Spiegel has revealed another disturbing article on the NSA surveillance, the document leaked by tge media agency was an internal NSA catalog that offers spies backdoors into a wide range of equipment from major vendors.

The existence of the tools was revealed by the last collection of documents leaked by Edward Snowden, the applications were created by GCHQ’s Joint Threat Research Intelligence Group (JTRIG) and are considered one of the most advanced system for propaganda and internet deception. JTRIG is the secret unit mentioned for the first time in a collection of documents leaked by Snowden which describe the Rolling Thunder operation, the group ran DoS attack against chatrooms used by hacktivists.

“and it also used “fake victim blog posts,” “false flag operations,” “honey traps” and psychological manipulation to target online activists, monitor visitors to WikiLeaks, and spy on YouTube and Facebook users.” states the blog post published on the Intercept.

The post mentions a top-secret GCHQ document called “JTRIG Tools and Techniques” which details the operations and the techniques used by JTRIG unit, the presentation was created with the purpose to share information on “weaponised capability” of the team with other units of the GCHQ.

Many tools designed by JTRIG are introduced as “in development,”but many of them as “fully operational, tested and reliable.”

“We only advertise tools here that are either ready to fire or very close to being ready.” reports the presentation.

The document is reserved for internal use, querying it GCHQ agents may have an idea of surveillance and online deception activities which can be conducted by the Intelligence agency.

“The page indicates that it was last modified in July 2012, and had been accessed almost 20,000 times.”

The presentation details the list of tools designed by the JTRIG which were used for the Internet surveillance and also for PSYOPs by manipulating and distorting online political discourse and disseminating state propaganda.

The post provides the complete list of JTRIG capabilities:

“Change outcome of online polls” (UNDERPASS)
“Mass delivery of email messaging to support an Information Operations campaign” (BADGER) and “mass delivery of SMS messages to support an Information Operations campaign” (WARPARTH)
“Disruption of video-based websites hosting extremist content through concerted target discovery and content removal.” (SILVERLORD)
“Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.” (MINIATURE HERO)
“Find private photographs of targets on Facebook” (SPRING BISHOP)
“A tool that will permanently disable a target’s account on their computer” (ANGRY PIRATE)
“Ability to artificially increase traffic to a website” (GATEWAY) and “ability to inflate page views on websites” (SLIPSTREAM)
“Amplification of a given message, normally video, on popular multimedia websites (Youtube)” (GESTATOR)
“Targeted Denial Of Service against Web Servers” (PREDATORS FACE) and “Distributed denial of service using P2P. Built by ICTR, deployed by JTRIG” (ROLLING THUNDER)
“A suite of tools for monitoring target use of the UK auction site eBay (www.ebay.co.uk)” (ELATE)
“Ability to spoof any email address and send email under that identity” (CHANGELING)
“For connecting two target phone together in a call” (IMPERIAL BARGE)

The information provided in the presentation confirms the previous revelations on the capabilities of British Intelligence, the tools and the techniques available at of GCHQ are not different from the ones used by NSA and by its secret unit known as TAO.

In the past we discussed about Tempora Operation, the massive tapping program conducted by Britain’s Government Communications Headquarters (GCHQ) and revealed by The Guardian, this last revelation on JTRIG’s activities shows that British Intelligence, like US one, is working to improve its capabilities for the control of the Internet and any other channel of communication.

GCHQ refused to provide any comment on the revelation, the agency claims that it acts “in accordance with a strict legal and policy framework” and is subject to “rigorous oversight.” …. what do you think about?

Pierluigi Paganini

Security Affairs – (GCHQ, JTRIG)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.