‍
Misinformation is at the heart of a spy’s portfolio of weapons - using the ‘Ds’ to destroy, deny, degenerate, disrupt, and discredit the enemy. The goal is to plant misinformation and shut down the opposition but what exactly was Britain’s Joint Threat Research and Intelligence Group (JTRIG) up to back in the early 2000s?

NSA files leaked by contractor Ed Snowden in 2013 revealed a campaign developed by JTRIG, a secretive group answering to Britain’s GCHQ signals intelligence agency - the UK equivalent of America’s NSA. JTRIG’s campaign included an offensive attack against adversaries ranging from Iran to Anonymous, according to Snowden files published by NBC, The Intercept, and others.

JTRIG’s campaign - essentially a bag of ‘dirty tricks’ - influences the way we behave using psychology and science so SPYSCAPE decided to take a closer look.

‍

What’s JTRIG’s ‘Effects’ campaign?

‘Effects’ was the name of a campaign of dirty tricks that British spies could use against enemies, hackers, terrorist groups, and suspected criminals. The campaign included plans to  release computer viruses, and spy on journalists and diplomats. Options for British spies also included jamming phones and computers or relying on a tried-and-true method - luring targets into honey traps.

The Effects campaigns was broken down into two categories: Cyber Attacks and Propaganda Operations.

The propaganda campaigns (named Online Covert Action) used deception, mass messaging, and pushed stories on social media - Twitter, Flickr, Facebook, and YouTube. JTRIG also used false flag operations against targets - online actions that appear to have been performed by a British adversary rather than JTRIG.

Reportedly, JTRIG also changed photographs on social media sites, as well as emailing and texting colleagues and neighbors with ‘unsavory’ information about a targeted individual.

‍

‍

‍

‍

Which DDoS tactics were used? 

‍

JTRIG cyber attack methods included distributed denial of service (DDoS) tactics used by computer hackers to shut down government and corporate websites, according to the Snowden leaks. For example, JTRIG used a DDoS attack to shut down Internet chat rooms used by members of Anonymous. As NBC reported: “It is the same technique hackers used to take down bank, retail, and government websites - making the British government the first Western government known to have conducted such an attack.”

JTRIG even boasted about using a DDoS attack - dubbed Rolling Thunder - and other techniques to frighten away 80 percent of the users of Anonymous internet chat rooms. Rolling Thunder was also used against hackers LulzSec and Syrian Electronic Army, leading British hacktivist Jake Davis (aka Topiary) to question: “"How can they even be permitted to launch these attacks at all? There's no justification for how nonchalant a democratic government can be when they breach the very computer misuse rules they strongly pushed to set in place."

JTRIG effectively used a computer virus codenamed ‘Ambassadors Reception’ in a variety of different areas, according to notes on the leaked documents. When sent to adversaries, the virus encrypted itself, deleted all emails, encrypted all files, made the screen shake, and blocked users from logging on.

‍

‍

Are JTRIG’s actions legal? 

Critics and civil libertarians suggested DDoS attacks against hackers infringed free speech by individuals who were not involved in illegal hacking and questioned whether the agency’s mission is too broad.

“GCHQ has no clear authority to send a virus or conduct cyber attacks,” Eric King, a lawyer and head of research at Privacy International, told NBC. “Hacking is one of the most invasive methods of surveillance.” 

British spies described the offensive tactics as an appropriate response to illegal acts, however: “All of GCHQ's work is carried out in accordance with a strict legal and policy framework,” the agency said in statement to the media, “which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee.”

‍

Honey traps and JTRIG methods

Spies aren’t limited to online operations, of course. Real-life honey traps have been used to snare targets, often male. Israel famously used a honey trap to lure nuclear technician Mordechai Vanunu from London to Rome where he was kidnapped and shipped to Israel to stand trial for leaking nuclear secrets.

The honey trap described in Britain’s 2012 PowerPoint also indicates there may have been physical encounters with the goal of discrediting the target. “The target is lured ‘to go somewhere on the Internet, or a physical location’ to be met by ‘a friendly face’. The documents do not offer an example of when the British government might have employed a honey trap.

‍

‍

What else did we learn? 

One of the JTRIG presentations describes a technique called ‘credential harvesting’ which involves selecting journalists to spread information. Apparently, the journalist’s job would provide a cover and access to the targeted individual, perhaps for an interview. It is not clear if the journalists would know if they were being used to funnel information.
‍
An internal GCHQ document released by the ACLU lists tools and techniques developed by JTRIG including: the ability to manipulate the results of online polls (UNDERPASS), artificially inflate page view counts on websites (SLIPSTREAM), ‘amplify’ sanctioned messages on YouTube (GESTATOR), censor video content deemed to be ‘extremist’ (SILVERLORD), find private photographs of targets on Facebook (SPRING BISHOP), and ‘spoof’ any email address and send an email under that identity (CHANGELING).

The documents note that the Effects campaign was a ‘major part’ of the spy agency’s business more than a decade ago. So where are we today? As The Guardian notes, the Snowden leaks are an indicator, an early snapshot into the growing trend of managing security threats by utilizing psychology and behavior-focused operations with the Internet as a battleground.