Joint Threat Research Intelligence Group

Last updated October 09, 2024

The Joint Threat Research Intelligence Group (JTRIG) is a unit of the Government Communications Headquarters (GCHQ), the British intelligence agency.^[1] The existence of JTRIG was revealed as part of the global surveillance disclosures in documents leaked by the former National Security Agency contractor Edward Snowden.^[2]

Mission

The scope of the JTRIG's mission includes using "dirty tricks" to "destroy, deny, degrade [and] disrupt" enemies by "discrediting" them, planting misinformation and shutting down their communications.^[2]^[3] Known as "Effects" operations, the work of JTRIG had become a "major part" of GCHQ's operations by 2010.^[2] Slides leaked by Snowden also disclose the deployment of "honey traps" of a sexual nature by British intelligence agents.^[2]

Operations

In 2011, the JTRIG conducted a denial-of-service attack (DoS) on the activist network Anonymous.^[1] Other JTRIG targets have included the government of Iran and the Taliban in Afghanistan.^[2]

Campaigns operated by JTRIG have broadly fallen into two categories; cyber attacks and propaganda efforts. The propaganda efforts (named "Online Covert Action")^[3] utilize "mass messaging" and the "pushing [of] stories" via the medium of Twitter, Flickr, Facebook and YouTube.^[2] Online "false flag" operations are also used by JTRIG against targets.^[2] JTRIG have also changed photographs on social media sites, as well as emailing and texting colleagues and neighbours with "unsavory information" about the targeted individual.^[2]

JTRIG developed a URL shortening service called Lurl.me to manipulate and collect intelligence on social media users. The service was used to spread pro-revolution messages in the Middle East during the Arab Spring.^[5]^[6]

A computer virus named Ambassadors Reception has been used by GCHQ "in a variety of different areas" and has been described in the slides as "very effective." The virus can "encrypt itself, delete all emails, encrypt all files, [and] make [the] screen shake" when sent to adversaries.^[2] The virus can also block a user from logging on to their computer.^[2] Information obtained by GCHQ is also used in "close access technical operations," in which targets are physically observed by intelligence officers, sometimes in person at hotels. Telephone calls can also be listened to and hotel computers tapped, the documents asking "Can we influence hotel choice? Can we cancel their visits?".^[2]

In a "honey trap", an identified target is lured "to go somewhere on the Internet, or a physical location" to be met by "a friendly face", with the aim to discredit them.^[2] A "honey trap" is described as "very successful when it works" by the slides.^[2] The disclosures also revealed the technique of "credential harvesting", in which journalists could be used to disseminate information and identify non-British journalists who, once manipulated, could give information to the intended target of a secret campaign, perhaps providing access during an interview.^[2] It is unknown whether the journalists would be aware that they were being manipulated.^[2]

A JTRIG operation saw GCHQ "significantly disrupt" the communications of the Taliban in Afghanistan with a "blizzard" of faxes, phone calls and text messages scheduled to arrive every minute.^[2] Specific JTRIG operations also targeted the nuclear programme of Iran with negative information on blogs attacking private companies, to affect business relationships and scupper business deals.^[2]

JTRIG also undertook cyber-operations as part of a wider GCHQ mission to prevent the Argentine takeover of the Falkland Islands. The scope of the cyber tactics used in this operation was unclear. The name given to JTRIG's role was Operation Quito.^[7]

In June 2015, NSA files published by Glenn Greenwald revealed new details about JTRIG's work at covertly manipulating online communities and internal activities within the United Kingdom. UK agencies that JTRIG says it co-operates with include the Metropolitan police, Security Service (MI5), National Crime Agency (NCA), Border Agency, Revenue and Customs (HMRC), and National Public Order and Intelligence Unit (NPOIU). It is also involved in what it calls "missions" with various other agencies described as "customers", including the Bank of England, and the Department for Children, Schools and Families.^[8]

Info-weapons held or being developed by JTRIG can be used to send bulk email, spoof SMS messages, impersonate Facebook posts for individuals or entire countries, artificially increase traffic to a website and change the outcome of online polls.^[9]

Related Research Articles

Government Communications Headquarters (GCHQ) is an intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance (IA) to the government and armed forces of the United Kingdom. Primarily based at "The Doughnut" in the suburbs of Cheltenham, GCHQ is the responsibility of the country's Secretary of State for Foreign and Commonwealth Affairs, but it is not a part of the Foreign Office and its director ranks as a Permanent Secretary.

The National Security Agency (NSA) is an intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes, specializing in a discipline known as signals intelligence (SIGINT). The NSA is also tasked with the protection of U.S. communications networks and information systems. The NSA relies on a variety of measures to accomplish its mission, the majority of which are clandestine. The NSA has roughly 32,000 employees.

The United Kingdom – United States of America Agreement is a multilateral agreement for cooperation in signals intelligence between Australia, Canada, New Zealand, the United Kingdom, and the United States. The alliance of intelligence operations is also known as the Five Eyes. In classification markings this is abbreviated as FVEY, with the individual countries being abbreviated as AUS, CAN, NZL, GBR, and USA, respectively.

The Office of Tailored Access Operations (TAO), now Computer Network Operations, and structured as S32, is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least 1998, possibly 1997, but was not named or structured as TAO until "the last days of 2000," according to General Michael Hayden.

Boundless Informant is a big data analysis and data visualization tool used by the United States National Security Agency (NSA). It gives NSA managers summaries of the NSA's worldwide data collection activities by counting metadata. The existence of this tool was disclosed by documents leaked by Edward Snowden, who worked at the NSA for the defense contractor Booz Allen Hamilton. Those disclosed documents were in a direct contradiction to the NSA's assurance to United States Congress that it does not collect any type of data on millions of Americans.

Edward Joseph Snowden is an American former NSA intelligence contractor and whistleblower who leaked classified documents revealing the existence of global surveillance programs. He became a naturalized Russian citizen in 2022.

<span class="mw-page-title-main">Tempora</span> GCHQ-operated Internet and telephone surveillance system

Tempora is the codeword for a formerly-secret computer system that is used by the British Government Communications Headquarters (GCHQ). This system is used to buffer most Internet communications that are extracted from fibre-optic cables, so these can be processed and searched at a later time. It was tested from 2008 and became operational in late 2011.

Special Source Operations (SSO) is a division in the US National Security Agency (NSA) which is responsible for all programs aimed at collecting data from major fiber-optic cables and switches, both inside the US and abroad, and also through corporate partnerships. Its existence was revealed through documents provided by Edward Snowden to media outlets in 2013 and, according to him, it is the "crown jewel" of the NSA.

Global Telecoms Exploitation is reportedly a secret British telephonic mass surveillance programme run by the British signals intelligence and computer security agency, the Government Communications Headquarters (GCHQ). Its existence was revealed along with its sister programme, Mastering the Internet, in June 2013, as part of the global surveillance disclosures by the former National Security Agency contractor Edward Snowden.

XKeyscore is a secret computer system used by the United States National Security Agency (NSA) for searching and analyzing global Internet data, which it collects in real time. The NSA has shared XKeyscore with other intelligence agencies, including the Australian Signals Directorate, Canada's Communications Security Establishment, New Zealand's Government Communications Security Bureau, Britain's Government Communications Headquarters, Japan's Defense Intelligence Headquarters, and Germany's Bundesnachrichtendienst.

Dishfire is a covert global surveillance collection system and database run by the United States of America's National Security Agency (NSA) and the United Kingdom's Government Communications Headquarters (GCHQ) that collects hundreds of millions of text messages on a daily basis from around the world. A related analytic tool is known as Prefer.

During the 2010s, international media reports revealed new operational details about the Anglophone cryptographic agencies' global surveillance of both foreign and domestic nationals. The reports mostly relate to top secret documents leaked by ex-NSA contractor Edward Snowden. The documents consist of intelligence files relating to the U.S. and other Five Eyes countries. In June 2013, the first of Snowden's documents were published, with further selected documents released to various news outlets through the year.

This is a category of disclosures related to global surveillance.

Global mass surveillance can be defined as the mass surveillance of entire populations across national borders.

This timeline of global surveillance disclosures from 2013 to the present day is a chronological list of the global surveillance disclosures that began in 2013. The disclosures have been largely instigated by revelations from the former American National Security Agency contractor Edward Snowden.

The Human Science Operations Cell (HSOC) is a division of the British signals intelligence agency, Government Communications Headquarters (GCHQ). The HSOC focus on “online human intelligence” and “strategic influence and disruption.”

The United States is widely considered to have one of the most extensive and sophisticated intelligence network of any nation in the world, with organizations including the Central Intelligence Agency and the National Security Agency, amongst others. It has conducted numerous espionage operations against foreign countries, including both allies and rivals. Its operations have included the use of industrial espionage, cyber espionage. and mass surveillance.

Regin is a sophisticated malware and hacking toolkit used by United States' National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ). It was first publicly revealed by Kaspersky Lab, Symantec, and The Intercept in November 2014. The malware targets specific users of Microsoft Windows-based computers and has been linked to the US intelligence-gathering agency NSA and its British counterpart, the GCHQ. The Intercept provided samples of Regin for download, including malware discovered at a Belgian telecommunications provider, Belgacom. Kaspersky Lab says it first became aware of Regin in spring 2012, but some of the earliest samples date from 2003. Among computers infected worldwide by Regin, 28 percent were in Russia, 24 percent in Saudi Arabia, 9 percent each in Mexico and Ireland, and 5 percent in each of India, Afghanistan, Iran, Belgium, Austria, and Pakistan.

Targeted surveillance is a form of surveillance, such as wiretapping, that is directed towards specific persons of interest, and is distinguishable from mass surveillance. Both untargeted and targeted surveillance is routinely accused of treating innocent people as suspects in ways that are unfair, of violating human rights, international treaties and conventions as well as national laws, and of failing to pursue security effectively.

Internet manipulation is the co-optation of online digital technologies, including algorithms, social bots, and automated scripts, for commercial, social, military, or political purposes. Internet and social media manipulation are the prime vehicles for spreading disinformation due to the importance of digital platforms for media consumption and everyday communication. When employed for political purposes, internet manipulation may be used to steer public opinion, polarise citizens, circulate conspiracy theories, and silence political dissidents. Internet manipulation can also be done for profit, for instance, to harm corporate or political adversaries and improve brand reputation. Internet manipulation is sometimes also used to describe the selective enforcement of Internet censorship or selective violations of net neutrality.

References

1 2 "Snowden leaks: GCHQ 'attacked Anonymous' hackers". BBC. 5 February 2014. Retrieved 7 February 2014.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 "Snowden Docs: British Spies Used Sex and 'Dirty Tricks'". NBC News. 7 February 2014. Retrieved 7 February 2014.
1 2 Glenn Greenwald (2014-02-24). "How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations". The Intercept. - contains the DISRUPTION Operational Playbook slide presentation by GCHQ
↑ "Behavioural Science Support for JTRIG'S Effects and Online HUMINT Operations". The Intercept. 22 June 2015. Retrieved 5 October 2019.
↑ "Twitter needs to start exposing the UK's murky online propaganda". Wired UK. Retrieved 26 September 2022.
↑ Burton, Graeme (1 August 2016). "GCHQ used 'lurl.me' URL shortening service to attack and track targets in the Middle East". www.computing.co.uk. Retrieved 26 September 2022.
↑ Fishman, Andrew; Greenwald, Glenn (2 April 2015). "Britain Used Spy Team to Shape Latin American Public Opinion on Falklands". The Intercept. First Look Media. Retrieved 5 April 2015.
↑ Greenwald, Glenn and Andrew Fishman. Controversial GCHQ Unit Engaged in Domestic Law Enforcement, Online Propaganda, Psychology Research. The Intercept. 2015-06-22.
↑ Miller, Carl (14 November 2018). "Inside the British Army's secret information warfare machine". Wired. Retrieved 16 April 2019.

External links

How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations - The Intercept
Hacking Online Polls and Other Ways British Spies Seek to Control the Internet - The Intercept

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[bbc1-1] 1 2 "Snowden leaks: GCHQ 'attacked Anonymous' hackers". BBC. 5 February 2014. Retrieved 7 February 2014.

[NBCFeb14-2] 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 "Snowden Docs: British Spies Used Sex and 'Dirty Tricks'". NBC News. 7 February 2014. Retrieved 7 February 2014.

[Intercept2014-3] 1 2 Glenn Greenwald (2014-02-24). "How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations". The Intercept. - contains the DISRUPTION Operational Playbook slide presentation by GCHQ

[jtrigReport2011-4] "Behavioural Science Support for JTRIG'S Effects and Online HUMINT Operations". The Intercept. 22 June 2015. Retrieved 5 October 2019.

[5] "Twitter needs to start exposing the UK's murky online propaganda". Wired UK. Retrieved 26 September 2022.

[6] Burton, Graeme (1 August 2016). "GCHQ used 'lurl.me' URL shortening service to attack and track targets in the Middle East". www.computing.co.uk. Retrieved 26 September 2022.

[falklands-7] Fishman, Andrew; Greenwald, Glenn (2 April 2015). "Britain Used Spy Team to Shape Latin American Public Opinion on Falklands". The Intercept. First Look Media. Retrieved 5 April 2015.

[8] Greenwald, Glenn and Andrew Fishman. Controversial GCHQ Unit Engaged in Domestic Law Enforcement, Online Propaganda, Psychology Research. The Intercept. 2015-06-22.

[9] Miller, Carl (14 November 2018). "Inside the British Army's secret information warfare machine". Wired. Retrieved 16 April 2019.

[1]

[2]

[3]

[5]

[6]

[7]

[8]

[9]