GCHQ's spy toolkit: Leaked documents reveal how UK manipulates information online

Inventory of GCHQ's 'weaponised capability' shows programs that are 'operational, reliable and tested'

Click to follow
The Independent Tech

The UK’s intelligence and information gathering agency GCHQ has developed a toolkit of software programs designed to manipulate online traffic and information, infiltrate target computers and spread chosen messages on sites like Facebook and YouTube, according to newly-published documents from NSA whistleblower Edward Snowden.

These capabilities – first published by The Intercept – are detailed in a Wiki document created by GCHQ’s Joint Threat Research Intelligence Group (JTRIG) as an inventory of the agency’s “weaponised capability”.

The introduction says that “most of our tools are fully operational, tested and reliable,” with the unknown author adding: “Don’t treat this like a catalogue. If you don’t see it here, it doesn’t mean we can’t build it.”

The publication comes in a week in which the British spy agency faces a legal challenge from civil liberty groups over its surveillance policies – alleged to be in breach of articles 8 and 10 of the European Convention of Human Rights, which provide for the right to privacy and freedom of expression respectively.

Video: 'Allows us to detect threats against our country'

Among the tools listed in the document are:

*SPRING BISHOP – “Find private photographs on Facebook”

*CONCRETE DONKEY – “Repeatedly bomb a target number with the same message”

*GATEWAY – “Ability to increase traffic to a website”

*GESTATOR – “Amplification of a given message, normally video, on popular multimedia websites (Youtube)”

*SUNBLOCK – “Ability to deny functionality to send/receive email”

*UNDERPASS – “Change outcome of online polls”

*CLEAN SWEEP - "masquerade[s] Facebook wall posts for individuals or entire countries"

Other tools listed can be used to scrape public information from sites such as Twitter, Facebook, Google+, LinkedIn and YouTube or be used to post messages automatically to these same.


Some of the programs are Government-sanctioned versions of standard hacker malware, including TRACER FIRE which masquerades as an Office document to “grab the targets [sic] Machine info, files, logs, etc and posts it back to GHCQ” and ROLLING THUNDER, which runs distribute denial of service attacks – a tactic commonly used by the hacking collective Anonymous.

In response to the publication GCHQ issued a standard statement to First Look saying that it operates “in accordance with strict legal and policy framework” and is subject to “rigorous oversight”.