Iranian protests in recent days resurfaced questions about just how far Western intelligence agencies have gone in sowing unrest against political opponents.
"The Joint Threat Research Intelligence Group (JTRIG), a unit in one of Britain's intelligence agencies, is tasked with creating sock puppet accounts and fake content on social media in order to use ‘dirty tricks' to ‘destroy, deny, degrade [and] disrupt' enemies by ‘discrediting' them," Mustafa al-Bassam, a security researcher pursuing a Ph.D. in London and former member of the LulzSec hacktivist group, said in a December 27 talk at the 34th Chaos Communication Congress.
Bassam was selected for Forbes' 2016 "30 Under 30" list for up and coming leaders in the European tech sector.
On December 28, protests erupted in Tehran, Mashhad, Isfahan and Rasht, with demonstrators calling for better economic opportunities and lower living costs. At least 22 people have been killed since the demonstrations started.
JTRIG has also gotten its hands dirty in "social manipulation operations" targeting hacktivists like LulzSec and Anonymous, according to Bassam. Until former National Security Agency contractor Edward Snowden released documents in 2014 showing that JTRIG used "distributed denial of service" (DDoS) attacks to target Anonymous and LulzSec, the British unit's existence remained a secret.
Using information from the leaked materials as well as his first-hand experience in being targeted by covert UK cyber-intelligence agents, Bassam found out that London's Government Communications Headquarters (GCHQ) made use of a URL shortening service to unmask the identities of Anonymous activists. "Using this key detail, I was able to discover a network of sock puppet Twitter accounts and websites set up by GCHQ," he said.
The accounts and websites feigned the appearance of being "activists during the Arab spring of 2011 and the Iranian revolution of 2009," the researcher told the Chaos Communication Congress. JTRIG carried out social manipulation operations concerning protests in Syria and Bahrain, he noted.
Leaked GCHQ slides labelled "top secret" and related to the US, Australia, Canada, Great Britain and New Zealand show that by sending a link through hacker chat rooms, the agency could deanonymize the person who clicked on it. The URL shortening service "lurl.me" appeared online in 2009 and tweeted links about the Iran protests in 2009, according to Bassam's research.
JTRIG's techniques include "uploading YouTube videos containing persuasive messages; establishing online aliases with Facebook and Twitter accounts, blogs and forum memberships for conducting [human intelligence] or encouraging discussion on specific issues; sending spoof emails and text messages as well as providing online resources; and setting up spoof trade sites," according to a GCHQ document subtitled "Behavioral Science Support for JTRIG's Effects and Online HUMINT [Human Intelligence] Operations."
The targets of the operations "may cover all areas of the globe," the document reads. "Staff described operations that are currently targeted at, for example, Iran," it said, noting that operations can target whole populations "e.g., Iranians," a group of roughly 80 million people.
JTRIG's goals in Iran were "discrediting the Iranian leadership and its nuclear program," "delaying and disrupting online access to materials used in the nuclear program," "conducting online HUMINT" and "counter-censorship," Bassam noted, citing GCHQ documents.
"It might sound great, it might sound like GCHQ is aligned with the motives of the internet freedom community by helping these Iranian people to avoid censorship," he noted. The GCHQ was ostensibly helping Iranians avoid censorship with certain IP addresses and websites that could maneuver around internet blockades to access accurate information.
"In this context, the GCHQ is acting like the big bad wolf from the Little Red Riding Hood" fairy tale, Bassam said. "They may seem like they are helping you, but they are also harming you in the process."
While "providing online access to uncensored material" was one goal, the GCHQ killed two birds with one stone by "hosting targets' online communications/websites for collecting signals intelligence" and surveilling Iranians who clicked on shortened links provided by the GCHQ.
Source: News Agencies, Edited by website team