Joint Threat Research Intelligence Group
The Joint Threat Research Intelligence Group (JTRIG) is a unit of the Government Communications Headquarters (GCHQ), the British intelligence agency . The existence of JTRIG was revealed as part of the global surveillance disclosures by NBC News in documents leaked by the former National Security Agency contractor Edward Snowden.
The scope of the JTRIG's mission includes using "dirty tricks" to “destroy, deny, degrade [and] disrupt” enemies by “discrediting” them, planting misinformation and shutting down their communications. Known as "Effects" operations, the work of JTRIG had become a "major part" of GCHQ's operations by 2010. The slides also disclose the deployment of "honey traps" of a sexual nature by British intelligence agents.
Campaigns operated by JTRIG have broadly fallen into two categories; cyber attacks and propaganda efforts. The propaganda efforts (named "Online Covert Action") utilize "mass messaging" and the “pushing [of] stories” via the medium of Twitter, Flickr, Facebook and YouTube. Online “false flag” operations are also used by JTRIG against targets. JTRIG have also changed photographs on social media sites, as well as emailing and texting work colleagues and neighbours with "unsavory information" about the targeted individual.
A computer virus named Ambassadors Reception has been used by GCHQ “in a variety of different areas” and has been described in the slides as “very effective.” The virus can “encrypt itself, delete all emails, encrypt all files, [and] make [the] screen shake” when sent to adversaries. The virus can also block a user from logging on to their computer. Information obtained by GCHQ is also used in “close access technical operations,” in which targets are physically observed by intelligence officers, sometimes in person at hotels. Telephone calls can also be listened to and hotel computers tapped, the documents ask, “Can we influence hotel choice? Can we cancel their visits?”.
In a "honey trap" an identified target is lured “to go somewhere on the Internet, or a physical location” to be met by “a friendly face”, with the aim to discredit them. A “honey trap” is described as "very successful when it works” by the slides. The disclosures also revealed the technique of “credential harvesting”, in which journalists could be used to disseminate information and identify non-British journalists who, once manipulated, could give information to the intended target of a secret campaign, perhaps providing access during an interview. It is unknown whether the journalists would be aware that they were being manipulated.
A JTRIG operation saw GCHQ "significantly disrupt" the communications of the Taliban in Afghanistan with a "blizzard" of faxes, phone calls and text messages scheduled to arrive every minute. Specific JTRIG operations also targeted the nuclear program of Iran with negative information on blogs attacking private companies, to affect business relationships and scupper business deals.
- "Snowden leaks: GCHQ 'attacked Anonymous' hackers". BBC. 5 February 2014. Retrieved 7 February 2014.
- "Snowden Docs: British Spies Used Sex and 'Dirty Tricks'". NBC News. 7 February 2014. Retrieved 7 February 2014.
- Glenn Greenwald (2014-02-24). "How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations". The Intercept. - contains the DISRUPTION Operational Playbook slide presentation by GCHQ
- Snowden: ‘Training Guide’ for GCHQ, NSA Agents Infiltrating and Disrupting Alternative Media Online. February 25, 2014.
- Fishman, Andrew; Greenwald, Glenn (2 April 2015). "Britain Used Spy Team to Shape Latin American Public Opinion on Falklands". The Intercept. First Look Media. Retrieved 5 April 2015.