Targeted Individual: UK Cyber HUMINT Operations Revealed

Posted: June 22, 2015 in SWIG
Tags: , ,

electronic-eye

JTRIG targets a range of individual, group and state actors across the globe who pose criminal, security and defense threats. JTRIG staff use a range of techniques to, for example, discredit, disrupt, delay, deny, degrade, and deter. The techniques include: uploading YouTube videos containing persuasive messages; establishing online aliases with Facebook and Twitter accounts, blogs and forum memberships for conducting HUMINT or encouraging discussion on specific issues; sending spoof emails and text messages as well as providing spoof online resources; and setting up spoof trade sites.

The main goal of the present report is to provide an assessment of JTRIG’s behavioural science support requirements for conducting effects and online HUMINT operations. Given that such support would need to occur within certain bounds, a secondary goal is to provide an assessment of some of JTRIG’s other (non-technical) operational planning and management requirements such as risk assessment and conduct guidelines.
Operation methods/techniques. All of JTRIG’s operations are conducted using cyber technology. Staff described a range of methods/techniques that have been used to-date for conducting effects operations. These included:

  • Uploading YouTube videos containing “persuasive” communications (to discredit, promote distrust, dissuade, deter, delay or disrupt)
  • Setting up Facebook groups, forums, blogs and Twitter accounts that encourage and monitor discussion on a topic (to discredit, promote distrust, dissuade, deter, delay or disrupt)
  • Establishing online aliases/personalities who support the communications or messages in YouTube videos, Facebook groups, forums, blogs etc
  • Establishing online aliases/personalities who support other aliases
  • Sending spoof e-mails and text messages from a fake person or mimicking a real person (to discredit, promote distrust, dissuade, deceive, deter, delay or disrupt)
  • Providing spoof online resources such as magazines and books that provide inaccurate information (to disrupt, delay, deceive, discredit, promote distrust, dissuade, deter or denigrate/degrade)
  • Providing online access to uncensored material (to disrupt)
  • Sending instant messages to specific individuals giving them instructions for accessing uncensored websites
  • Setting up spoof trade sites (or sellers) that may take a customer’s money and/or send customers degraded or spoof products (to deny, disrupt, degrade/denigrate, delay, deceive, discredit, dissuade or deter)
  • Interrupting (i.e., filtering, deleting, creating or modifying) communications between real customers and traders (to deny, disrupt, delay, deceive, dissuade or deter)
  • Taking over control of online websites (to deny, disrupt, discredit or delay)
  • Denial of telephone and computer service (to deny, delay or disrupt)
  • Hosting targets’ online communications/websites for collecting SIGINT (to disrupt, delay, deter or deny)
  • Contacting host websites asking them to remove material (to deny, disrupt, delay, dissuade or deter)

Glenn Greenwald and Andrew Fishman of The Intercept write:

Previous reporting on the spy agency established its focus on what it regards as political radicalism. Beyond JTRIG’s targeting of Anonymous, other parts of GCHQ targeted political activists deemed to be “radical,” even monitoring the visits of people to the WikiLeaks website. GCHQ also stated in one internal memo that it studied and hacked popular software programs to “enable police operations” and gave two examples of cracking decryption software on behalf of the National Technical Assistance Centre, one “a high profile police case” and the other a child abuse investigation.

You can read the full report online or download the pdf.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s