The latest documents released from a trove leaked to journalist Glenn Greenwald by Edward Snowden reveal that GCHQ has created a virtual toolbox of online hacker tactics that allow British intelligence agents to "manipulate" online communities by seeding the Internet "with false information" and conducting the kind of malicious attacks on networks that send civilian hackers to prison.
According to the most recent reporting from Greenwald at The Intercept:
The tools were created by GCHQ’s Joint Threat Research Intelligence Group (JTRIG), and constitute some of the most startling methods of propaganda and internet deception contained within the Snowden archive. Previously disclosed documents have detailed JTRIG’s use of “fake victim blog posts,” “false flag operations,” “honey traps” and psychological manipulation to target online activists, monitor visitors to WikiLeaks, and spy on YouTube and Facebook users.
But as the U.K. Parliament [this week] debates a fast-tracked bill to provide the government with greater surveillance powers, one which Prime Minister David Cameron has justified as an “emergency” to “help keep us safe,” a newly released top-secret GCHQ document called “JTRIG Tools and Techniques” provides a comprehensive, birds-eye view of just how underhanded and invasive this unit’s operations are. The document—available in full here—is designed to notify other GCHQ units of JTRIG’s “weaponised capability” when it comes to the dark internet arts, and serves as a sort of hacker’s buffet for wreaking online havoc.
As the Guardian observes, the internal document "details a range of programs designed to collect and store public postings from Facebook, Twitter, LinkedIn and Google+, and to make automated postings on several of the social networks." In addition, the file shows the agency possesses the ability to "boost views of YouTube videos, or to boost the circulation of particular messages" it wants to promote.
Greenwald provided a sample list of the JTRIG programs detailed in the database—which he described as a "a massive Wikipedia-style archive" —and included their "boastful code names" which appear in parentheses:
• “Change outcome of online polls” (UNDERPASS)
• “Mass delivery of email messaging to support an Information Operations campaign” (BADGER) and “mass delivery of SMS messages to support an Information Operations campaign” (WARPARTH)
• “Disruption of video-based websites hosting extremist content through concerted target discovery and content removal.” (SILVERLORD)
• “Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.” (MINIATURE HERO)
• “Find private photographs of targets on Facebook” (SPRING BISHOP)
• “A tool that will permanently disable a target’s account on their computer” (ANGRY PIRATE)
• “Ability to artificially increase traffic to a website” (GATEWAY) and “ability to inflate page views on websites” (SLIPSTREAM)
• “Amplification of a given message, normally video, on popular multimedia websites (Youtube)” (GESTATOR)
• “Targeted Denial Of Service against Web Servers” (PREDATORS FACE) and “Distributed denial of service using P2P. Built by ICTR, deployed by JTRIG” (ROLLING THUNDER)
• “A suite of tools for monitoring target use of the UK auction site eBay (www.ebay.co.uk)” (ELATE)
• “Ability to spoof any email address and send email under that identity” (CHANGELING)
• “For connecting two target phone together in a call” (IMPERIAL BARGE)
According to Greenwald, this database was last updated in 2012, but had been accessed by GCHQ agents more than 20,000 times.