Internet Trolls May be Trained Government Agents According to Leaked Document
One of the many pressing stories that remain to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents.
Over the last several weeks, NBC News published a series of articles about “dirty trick” tactics used by GCHQ’s previously secret unit, JTRIG (Joint Threat Research Intelligence Group). These were based on four classified GCHQ documents presented to the NSA and the other three partners in the English-speaking “Five Eyes” alliance. Today, we at the Intercept are publishing another new JTRIG document, in full, entitled “The Art of Deception: Training for Online Covert Operations.”
By publishing these stories one by one, NBC reporting highlighted some of the key, discrete revelations: the monitoring of YouTube and Blogger, the targeting of Anonymous with the very same DDoS attacks they accuse “hacktivists” of using, the use of “honey traps” (luring people into compromising situations using sex) and destructive viruses.
But, here, I want to focus and elaborate on the overarching point revealed by all of these documents: namely, that these agencies are attempting to control, infiltrate, manipulate, and warp online discourse, and in doing so, are compromising the integrity of the internet itself.
Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable.
To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. Here is one illustrative list of tactics from the latest GCHQ document we’re publishing today:
Other tactics aimed at individuals are listed here, under the revealing title “discredit a target”:
Then there are the tactics used to destroy companies the agency targets:
GCHQ describes the purpose of JTRIG in starkly clear terms: “using online techniques to make something happen in the real or cyber world,” including “information ops (influence or disruption).”
Critically, the “targets” for this deceit and reputation-destruction extend far beyond the customary roster of normal spycraft: hostile nations and their leaders, military agencies, and intelligence services.
In fact, the discussion of many of these techniques occurs in the context of using them in lieu of “traditional law enforcement” against people suspected (but not charged or convicted) of ordinary crimes or, more broadly still, “hacktivism”, meaning those who use online protest activity for political ends.
The title page of one of these documents reflects the agency’s own awareness that it is “pushing the boundaries” by using “cyber offensive” techniques against people who have nothing to do with terrorism or national security threats, and indeed, centrally involves law enforcement agents who investigate ordinary crimes:
No matter your views on Anonymous, “hacktivists” or garden-variety criminals, it is not difficult to see how dangerous it is to have secret government agencies being able to target any individuals they want – who have never been charged with, let alone convicted of, any crimes – with these sorts of online, deception-based tactics of reputation destruction and disruption.
There is a strong argument to make, as Jay Leiderman demonstrated in the Guardian in the context of the Paypal 14 hacktivist persecution, that the “denial of service” tactics used by hacktivists result in (at most) trivial damage (far less than the cyber-warfare tactics favored by the US and UK) and are far more akin to the type of political protest protected by the First Amendment.
The broader point is that, far beyond hacktivists, these surveillance agencies have vested themselves with the power to deliberately ruin people’s reputations and disrupt their online political activity even though they’ve been charged with no crimes, and even though their actions have no conceivable connection to terrorism or even national security threats.
As Anonymous expert Gabriella Coleman of McGill University told me, “targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs, resulting in the stifling of legitimate dissent.” Pointing to this study she published, Professor Coleman vehemently contested the assertion that “there is anything terrorist/violent in their actions.”
Government plans to monitor and influence internet communications, and covertly infiltrate online communities in order to sow dissension and disseminate false information, have long been the source of speculation. Harvard Law Professor Cass Sunstein, a close Obama adviser and the White House’s former head of the Office of Information and Regulatory Affairs, wrote a controversial paper in 2008 proposing that the US government employ teams of covert agents and pseudo-” independent” advocates to “cognitively infiltrate” online groups and websites, as well as other activist groups.
Sunstein also proposed sending covert agents into “chat rooms, online social networks, or even real-space groups” which spread what he views as false and damaging “conspiracy theories” about the government. Ironically, the very same Sunstein was recently named by Obama to serve as a member of the NSA review panel created by the White House, one that – while disputing key NSA claims – proceeded to propose many cosmetic reforms to the agency’s powers (most of which were ignored by the President who appointed them).
But these GCHQ documents are the first to prove that a major western government is using some of the most controversial techniques to disseminate deception online and harm the reputations of targets. Under the tactics they use, the state is deliberately spreading lies on the internet about whichever individuals it targets, including the use of what GCHQ itself calls “false flag operations” and emails to people’s families and friends. Who would possibly trust a government to exercise these powers at all, let alone do so in secret, with virtually no oversight, and outside of any cognizable legal framework?
Then there is the use of psychology and other social sciences to not only understand but shape and control, how online activism and discourse unfolds. Today’s newly published document touts the work of GCHQ’s “Human Science Operations Cell,” devoted to “online human intelligence” and “strategic influence and disruption”:
Under the title “Online Covert Action”, the document details a variety of means to engage in “influence and info ops” as well as “disruption and computer net attack,” while dissecting how human beings can be manipulated using “leaders,” “trust,” “obedience” and “compliance”:
We submitted numerous questions to GCHQ, including: (1) Does GCHQ in fact engage in “false flag operations” where the material is posted to the Internet and falsely attributed to someone else?; (2) Does GCHQ engage in efforts to influence or manipulate political discourse online?; and (3) Does GCHQ’s mandate include targeting common criminals (such as boiler room operators), or only foreign threats?
As usual, they ignored those questions and opted instead to send their vague and nonresponsive boilerplate: “It is a longstanding policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position.”
These agencies’ refusal to “comment on intelligence matters” – meaning: talk at all about anything and everything they do – is precisely why whistleblowing is so urgent, the journalism that supports it so clearly in the public interest, and the increasingly unhinged attacks by these agencies so easy to understand. Claims that government agencies are infiltrating online communities and engaging in “false flag operations” to discredit targets are often dismissed as conspiracy theories, but these documents leave no doubt they are doing precisely that.
Whatever else is true, no government should be able to engage in these tactics: what justification is there for having government agencies target people – who have been charged with no crime – for reputation-destruction, infiltrate online political communities, and develop techniques for manipulating online discourse? But to allow those actions with no public knowledge or accountability is particularly unjustifiable.
Documents referenced in this article:
Disinformation Warriors – Part I: Joint Threat Research Intelligence Group (JTRIG)
The Joint Threat Research Intelligence Group (JTRIG) is a unit of the British Government Communications Headquarters (GCHQ). (1) The existence of JTRIG was unconfirmed until Edward Snowden leaked documents on the global surveillance coalition known as Five Eyes in 2014.(2)
The official business of JTRIG would be to survey and conduct counterintelligence against enemies of the United Kingdom. A large part of JTRIG’s work has been against Al Qaeda, the Taliban, and ISIS over the years. JTRIG would also be partly responsible for Britain’s taking of the Falkland Islands in Argentina to an unknown degree. (3)
It was revealed in the Snowden documents that JTRIG would actively participate in attacks against citizen groups as well including the hacktivist group, Anonymous. Despite not being officially authorized by the British government to do so, JTRIG carried out a series of cyberattacks and hacks which allowed them to arrest at least one individual, Edward Pearson, and conduct illegal surveillance on countless others. (4) They were also able to bring down a number of Anonymous systems over many years to disrupt their communications.
JTRIG themselves admit to the use of “dirty tricks” to accomplish their goals, as was briefly mentioned in the illegal surveillance program above. Their technology and techniques seem to be cutting edge, and thus traditional safeguards against their strategies, such as the use of Tor, are limited.
It was demonstrated in the case against Anonymous that they were able to obtain complete personal information on individuals despite attempts to hide their identities. While it is unknown how exactly they could compromise systems like Tor and select Virtual Private Networks, it has been well-accepted that these are no longer completely safe and have security holes which can be exploited by government surveillance.
JTRIG members will join chat rooms, social media, and popular platforms like Reddit and 4chan to infiltrate target groups and get closer to targeted individuals. In the case of Edward Pearson, JTRIG was able to send him a link through chat which appeared to be a legitimate website. However, the link itself was a “honey pot” that handed JTRIG Pearson’s private information. (5) JTRIG has been known to use such honey pot techniques in addition to sexual content to enhance its effect. (6)
JTRIG has also been known to employ more traditional black-hat techniques such as DDoS attacking. In 2011 JTRIG was able to bring down an Anonymous chat room for 30 hours. (7) Against the Taliba, JTRIG would also send “blizzards” of texts, faxes, and phone calls to disrupt their communications. In Iran, JTRIG would also write fake blog information attacking private companies involved in their nuclear program. They would even go so far as to utilize online “false flag” operations against targets, the exact definition of which is unknown. (8)
JTRIG has even employed malware in their operations such as a virus that can decrypt your filesystem, re-encrypt it, and cause the screen to violently shake. (9)
JTRIG is not above breaking the law or requiring orders, so this group should be considered exceptionally dangerous.