Leaked GCHQ catalog of exploit tools for manipulation and mass surveillance

Just as civil liberties groups challenge the legality of the UK intelligence agency’s mass surveillance programs, a catalog of exploit tools for monitoring and manipulation is leaked online.

The Joint Threat Research Intelligence Group (JTRIG), a department within the Government Communications Headquarters (GCHQ), “develops the majority of effects capabilities” for UK’s NSA-flavored intelligence agency. First Look Media first published the Snowden-leaked Wikipedia-like document full of covert tools used by GCHQ for surveillance and propaganda. JTRIG tools and techniques help British spies “seed the internet with false information, including the ability to manipulate the results of online polls,” monitor social media posts, and launch attacks ranging from denial of service, to call bombing phones, to disabling users' accounts on PCs.

Devil’s Handshake, Dirty Devil, Reaper and Poison Arrow are but a few vicious-sounding JTRIG system tools, but the naming convention for others are just inane like Bumblebee Dance, Techno Viking and Jazz Fusion. Perhaps the British spies were hungry when coming up with Fruit Bowl, Spice Island, Nut Allergy, and Berry Twister?  

Most of the tools are "fully operational, tested and reliable,” according to the 2012 JTRIG Manual, but "Don't treat this like a catalog. If you don't see it here, it doesn't mean we can't build it." Like the previously leaked TAO exploits, it’s an eye-opener as to exploits that GCHQ can deploy.

GCHQ spy tools, techniques and exploits in JTRIG manual

Some of the especially invasive tools that are “either ready to fire or very close to being ready” include:

  •         Angry Pirate can “permanently disable a target’s account on their computer.”
  •         Stealth Moose can “disrupt” a target’s “Windows machine. Logs of how long and when the effect is active.”
  •         Sunblock can “deny functionality to send/receive email or view material online.”
  •         Swamp Donkey “silently” finds and encrypts all predefined types of files on a target’s machine.
  •         Tracer Fire is an “Office document that grabs the targets machine info, files, logs, etc and posts it back to GCHQ.”
  •         Gurkhas Sword is a tool for “beaconed Microsoft Office documents to elicit a targets IP address.”
  •        Tornado Alley is a delivery system aimed at Microsoft Excel "to silently extract and run an executable on a target's machine."
  •         Changeling provides UK spies with the “ability to spoof any email address and send email under that identity.”
  •         Glassback gets a target’s IP by “pretending to be a spammer and ringing them. Target does not need to answer.”

Denial of Service:

  •         Rolling Thunder uses P2P for distributed denial of service.
  •         Predators Face is used for “targeted denial of service against web servers.”
  •         Silent Movie provides “targeted denial of service against SSH services.”

Other JTRIG exploits include Screaming Eagle, “a tool that processes Kismet data into geolocation information” and Chinese Firecracker for “overt brute login attempts against online forums.” Hacienda is a “port scanning tool designed to scan an entire country or city” before identifying IP locations and adding them to an “Earthling database.”

Messing with cellphones:

  •         Burlesque can “send spoofed SMS text messages.”
  •         Cannonball can “send repeated text messages to a single target.”
  •         Concrete Donkey can “scatter an audio message to a large number of telephones, or repeatedly bomb a target number with the same message.”
  •         Deer Stalker provides a way to silently call a satellite and GSM phone “to aid geolocation.”
  •         Imperial Barge can connect two target phones together in a call.
  •         Mustang “provides covert access to the locations of GSM cell towers.”
  •         Scarlet emperor is used for denial of service against targets’ phones via call bombing.
  •         Scrapheap Challenge provides “perfect spoofing of emails from BlackBerry targets.”
  •         Top Hat is “a version of Mustang and Dancing Bear techniques that allows us to pull back cell tower and Wi-Fi locations targeted against particular areas.”
  •         Vipers Tongue is another denial of service tool but it’s aimed at satellite or GSM phone calls.

Manipulation and propaganda

Bomb Bay can “increase website hits/rankings.” Gateway can “artificially increase traffic to a website;” Slipstream can “inflate page views on websites.” Underpass “can change the outcome of online polls.” Badger can mass deliver email messages “to support an Information Operations campaign.” Gestator can amplify a “given message, normally video, on popular multimedia websites” like YouTube. The “production and dissemination of multimedia via the web in the course of information operations” can be accomplished with Skyscraper. There are also various tools to censor or report “extremist” content.

Online surveillance of social networks

Godfather collects public data from Facebook. While Spring Bishop finds private photos of targets on Facebook, Reservoir allows the collection of various Facebook information. Clean Sweep can “masquerade Facebook wall posts for individuals or entire countries.”

Birdstrike monitors and collects Twitter profiles. Dragon’s Snout collects Paltalk group chats. Airwolf collects YouTube videos, comments and profiles. Bugsy collects users’ info off Google+. Fatyak is about collecting data from LinkedIn. Goodfella is a “generic framework to collect public data from online social networks.” Elate monitors a target's use of UK's eBay. Mouth finds, collects and downloads a user’s files from achive.org. Photon Torpedo can “actively grab the IP address of an MSN messenger user.” Pitbull is aimed at large scale delivery of tailored messages to IM services.

Miniature Hero is about exploiting Skype. The description states, “Active Skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.”

If that’s not enough mass-scale surveillance and manipulation to irk you, there are more weaponized tricks and techniques in the JTRIG Manual.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.