<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="region region-abv-main-content">
<div id="block-cwblogs-blogger_index_header" class="clear-block
block block-cwblogs">
<div class="content">
<div id="blog_topper" class=""> <a
href="http://blogs.computerworld.com/user/darlene-storm">
<div id="blogger_img"><img
src="cid:part1.05040801.05010102@clearerchannel.org"
alt="Darlene Storm"></div>
</a>
<div id="about_section" class="nocontent"> <a
href="http://blogs.computerworld.com/user/darlene-storm"
rel="author">
<h3 id="topper_title">Darlene Storm</h3>
</a>
<div id="about_dek">Most security news is about
insecurity, hacking and cyber threats, bordering on
scary. But when security is done right, it's a beautiful
thing...sexy even. Security IS sexy.</div>
</div>
<div id="share_tools" class="nocontent">
<div id="share_twitter"><a
href="http://twitter.com/SecurityIsSexy"
class="twitter" target="_new">Follow @SecurityIsSexy</a></div>
</div>
</div>
</div>
</div>
</div>
<div class=" fb_reset" id="fb-root">
<div style="position: absolute; top: -10000px; height: 0px; width:
0px;">
<div><iframe
src="http://static.ak.facebook.com/connect/xd_arbiter/bLBBWlYJp_w.js?version=41#channel=f18ef2354427f5a&origin=http%3A%2F%2Fblogs.computerworld.com"
style="border: medium none;" tabindex="-1" title="Facebook
Cross Domain Communication Frame" aria-hidden="true"
id="fb_xdm_frame_http" allowtransparency="true"
name="fb_xdm_frame_http" frameborder="0" scrolling="no"></iframe><iframe
src="https://s-static.ak.facebook.com/connect/xd_arbiter/bLBBWlYJp_w.js?version=41#channel=f18ef2354427f5a&origin=http%3A%2F%2Fblogs.computerworld.com"
style="border: medium none;" tabindex="-1" title="Facebook
Cross Domain Communication Frame" aria-hidden="true"
id="fb_xdm_frame_https" allowtransparency="true"
name="fb_xdm_frame_https" frameborder="0" scrolling="no"></iframe></div>
</div>
</div>
<div id="blog_post_top">
<div id="byline_post_comments">
<div id="byline">By <a
href="http://blogs.computerworld.com/user/darlene-storm"
rel="author">Darlene Storm</a></div>
<div id="post_time">July 16, 2014 1:22 PM EDT<br>
<a class="moz-txt-link-freetext" href="http://blogs.computerworld.com/privacy/24145/leaked-gchq-catalog-exploit-tools-manipulation-and-mass-surveillance">http://blogs.computerworld.com/privacy/24145/leaked-gchq-catalog-exploit-tools-manipulation-and-mass-surveillance</a><br>
</div>
</div>
<div class="share_bar">
<div class="share_tools"><span class="linkedin"><span
class="IN-widget" style="line-height: 1; vertical-align:
baseline; display: inline-block; text-align: center;"><span
style="padding: 0px ! important; margin: 0px !
important; text-indent: 0px ! important; display:
inline-block ! important; vertical-align: baseline !
important; font-size: 1px ! important;"><span
id="li_ui_li_gen_1405616567637_0"><a
id="li_ui_li_gen_1405616567637_0-link"
href="javascript:void(0);"><span
id="li_ui_li_gen_1405616567637_0-logo">in</span><span
id="li_ui_li_gen_1405616567637_0-title"><span
id="li_ui_li_gen_1405616567637_0-mark"></span><span
id="li_ui_li_gen_1405616567637_0-title-text">Share</span></span></a></span></span><span
style="padding: 0px ! important; margin: 0px !
important; text-indent: 0px ! important; display:
inline-block ! important; vertical-align: baseline !
important; font-size: 1px ! important;"><span
id="li_ui_li_gen_1405616567652_1-container"
class="IN-right"><span
id="li_ui_li_gen_1405616567652_1" class="IN-right"><span
id="li_ui_li_gen_1405616567652_1-inner"
class="IN-right"><span
id="li_ui_li_gen_1405616567652_1-content"
class="IN-right">1</span></span></span></span></span></span></span>
<span st_processed="yes"
st_url="http://blogs.computerworld.com/privacy/24145/leaked-gchq-catalog-exploit-tools-manipulation-and-mass-surveillance"
class="st_twitter_custom" st_via="computerworld"
st_username="computerworld"> </span>
<div id="___plusone_0" style="text-indent: 0px; margin: 0px;
padding: 0px; background: none repeat scroll 0% 0%
transparent; border-style: none; float: none; line-height:
normal; font-size: 1px; vertical-align: baseline; display:
inline-block; width: 32px; height: 20px;"><iframe title="+1"
data-gapiattached="true"
src="https://apis.google.com/u/0/_/+1/fastbutton?usegapi=1&annotation=none&size=medium&origin=http%3A%2F%2Fblogs.computerworld.com&url=http%3A%2F%2Fblogs.computerworld.com%2Fprivacy%2F24145%2Fleaked-gchq-catalog-exploit-tools-manipulation-and-mass-surveillance&gsrc=3p&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_GB.eHllf2_uGqk.O%2Fm%3D__features__%2Fam%3DAQ%2Frt%3Dj%2Fd%3D1%2Ft%3Dzcms%2Frs%3DAItRSTOGiUfWGwYiLFf2Ios6RSpNKd6NPw#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh%2Conload&id=I0_1405616567511&parent=http%3A%2F%2Fblogs.computerworld.com&pfname=&rpctoken=13388674"
name="I0_1405616567511" id="I0_1405616567511" vspace="0"
tabindex="0" style="position: static; top: 0px; width:
32px; margin: 0px; border-style: none; left: 0px;
visibility: visible; height: 20px;" marginwidth="0"
marginheight="0" hspace="0" frameborder="0" scrolling="no"
width="100%"></iframe></div>
<span st_processed="yes"
st_url="http://blogs.computerworld.com/privacy/24145/leaked-gchq-catalog-exploit-tools-manipulation-and-mass-surveillance"
class="st_stumbleupon_custom" displaytext="Submit"> </span>
<span st_processed="yes"
st_url="http://blogs.computerworld.com/privacy/24145/leaked-gchq-catalog-exploit-tools-manipulation-and-mass-surveillance"
class="st_reddit_custom"> </span>
<fb:like
fb-iframe-plugin-query="app_id=129182073794488&href=http%3A%2F%2Fblogs.computerworld.com%2Fprivacy%2F24145%2Fleaked-gchq-catalog-exploit-tools-manipulation-and-mass-surveillance&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&width=55"
fb-xfbml-state="rendered" class=" fb_iframe_widget"
href="http://blogs.computerworld.com/privacy/24145/leaked-gchq-catalog-exploit-tools-manipulation-and-mass-surveillance"
send="false" layout="button_count" width="55"
show_faces="false"><span style="vertical-align: bottom;
width: 76px; height: 20px;"><iframe class=""
src="http://www.facebook.com/plugins/like.php?app_id=129182073794488&channel=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter%2FbLBBWlYJp_w.js%3Fversion%3D41%23cb%3Df1ee9455f7941e6%26domain%3Dblogs.computerworld.com%26origin%3Dhttp%253A%252F%252Fblogs.computerworld.com%252Ff18ef2354427f5a%26relation%3Dparent.parent&href=http%3A%2F%2Fblogs.computerworld.com%2Fprivacy%2F24145%2Fleaked-gchq-catalog-exploit-tools-manipulation-and-mass-surveillance&layout=button_count&locale=en_US&sdk=joey&send=false&show_faces=false&width=55"
style="border: medium none; visibility: visible; width:
76px; height: 20px;" title="fb:like Facebook Social
Plugin" allowtransparency="true" name="f3ffc084a6f8b0c"
frameborder="0" height="1000px" scrolling="no"
width="55px"></iframe></span></fb:like>
<span st_processed="yes"
st_url="http://blogs.computerworld.com/privacy/24145/leaked-gchq-catalog-exploit-tools-manipulation-and-mass-surveillance"
class="st_email_custom" displaytext="Email"> </span>
<span st_processed="yes"
st_url="http://blogs.computerworld.com/privacy/24145/leaked-gchq-catalog-exploit-tools-manipulation-and-mass-surveillance"
st_username="computerworld" class="st_sharethis_custom"> </span>
</div>
</div>
</div>
<div id="post_content">
<p> Just as civil liberties groups <a
href="http://www.bbc.com/news/uk-28286105">challenge the
legality</a> of the UK intelligence agency’s mass surveillance
programs, a catalog of exploit tools for monitoring and
manipulation is leaked online.</p>
<p> The Joint Threat Research Intelligence Group (JTRIG), a
department within the Government Communications Headquarters
(GCHQ), “develops the majority of effects capabilities” for UK’s
NSA-flavored intelligence agency. <a
href="https://firstlook.org/theintercept/2014/07/14/manipulating-online-polls-ways-british-spies-seek-control-internet/">First
Look Media</a> first published the Snowden-leaked
Wikipedia-like document full of covert tools used by GCHQ for
surveillance and propaganda. JTRIG tools and techniques help
British spies “seed the internet with false information,
including the ability to manipulate the results of online
polls,” monitor social media posts, and launch attacks ranging
from denial of service, to call bombing phones, to disabling
users' accounts on PCs.</p>
<p> Devil’s Handshake, Dirty Devil, Reaper and Poison Arrow are
but a few vicious-sounding JTRIG system tools, but the naming
convention for others are just inane like Bumblebee Dance,
Techno Viking and Jazz Fusion. Perhaps the British spies were
hungry when coming up with Fruit Bowl, Spice Island, Nut
Allergy, and Berry Twister? </p>
<p> Most of the tools are "fully operational, tested and
reliable,” according to the 2012 <a
href="https://firstlook.org/theintercept/document/2014/07/14/jtrig-tools-techniques/">JTRIG
Manual</a>, but "Don't treat this like a catalog. If you don't
see it here, it doesn't mean we can't build it." Like the
previously <a
href="http://blogs.computerworld.com/cybercrime-and-hacking/23195/leaked-slide-shows-nsa-hackers-secretly-infected-50000-computer-networks-malware">leaked</a>
<a
href="http://blogs.computerworld.com/cybercrime-and-hacking/23347/17-exploits-nsa-uses-hack-pcs-routers-and-servers-surveillance">TAO
exploits</a>, it’s an eye-opener as to exploits that GCHQ can
deploy.</p>
<p> <br>
</p>
<p> Some of the especially invasive tools that are “either ready
to fire or very close to being ready” include:</p>
<ul>
<li> Angry Pirate can “permanently disable a target’s
account on their computer.”</li>
<li> Stealth Moose can “disrupt” a target’s “Windows
machine. Logs of how long and when the effect is active.”</li>
<li> Sunblock can “deny functionality to send/receive
email or view material online.”</li>
<li> Swamp Donkey “silently” finds and encrypts all
predefined types of files on a target’s machine.</li>
<li> Tracer Fire is an “Office document that grabs the
targets machine info, files, logs, etc and posts it back to
GCHQ.”</li>
<li> Gurkhas Sword is a tool for “beaconed Microsoft
Office documents to elicit a targets IP address.”</li>
<li> Tornado Alley is a delivery system aimed at
Microsoft Excel "to silently extract and run an executable on
a target's machine."</li>
<li> Changeling provides UK spies with the “ability to
spoof any email address and send email under that identity.”</li>
<li> Glassback gets a target’s IP by “pretending to be a
spammer and ringing them. Target does not need to answer.”</li>
</ul>
<p> <strong>Denial of Service</strong>:</p>
<ul>
<li> Rolling Thunder uses P2P for distributed denial of
service.</li>
<li> Predators Face is used for “targeted denial of
service against web servers.”</li>
<li> Silent Movie provides “targeted denial of service
against SSH services.”</li>
</ul>
<p> Other JTRIG exploits include Screaming Eagle, “a tool that
processes <a href="http://www.kismetwireless.net/">Kismet</a>
data into geolocation information” and Chinese Firecracker for
“overt brute login attempts against online forums.” Hacienda is
a “port scanning tool designed to scan an entire country or
city” before identifying IP locations and adding them to an
“Earthling database.”</p>
<p> <strong>Messing with cellphones</strong>:</p>
<ul>
<li> Burlesque can “send spoofed SMS text messages.”</li>
<li> Cannonball can “send repeated text messages to a
single target.”</li>
<li> Concrete Donkey can “scatter an audio message to a
large number of telephones, or repeatedly bomb a target number
with the same message.”</li>
<li> Deer Stalker provides a way to silently call a
satellite and GSM phone “to aid geolocation.”</li>
<li> Imperial Barge can connect two target phones
together in a call.</li>
<li> Mustang “provides covert access to the locations of
GSM cell towers.”</li>
<li> Scarlet emperor is used for denial of service
against targets’ phones via call bombing.</li>
<li> Scrapheap Challenge provides “perfect spoofing of
emails from BlackBerry targets.”</li>
<li> Top Hat is “a version of Mustang and Dancing Bear
techniques that allows us to pull back cell tower and Wi-Fi
locations targeted against particular areas.”</li>
<li> Vipers Tongue is another denial of service tool but
it’s aimed at satellite or GSM phone calls.</li>
</ul>
<p> <strong>Manipulation and propaganda </strong></p>
<p> Bomb Bay can “increase website hits/rankings.” Gateway can
“artificially increase traffic to a website;” Slipstream can
“inflate page views on websites.” Underpass “can change the
outcome of online polls.” Badger can mass deliver email messages
“to support an Information Operations campaign.” Gestator can
amplify a “given message, normally video, on popular multimedia
websites” like YouTube. The “production and dissemination of
multimedia via the web in the course of information operations”
can be accomplished with Skyscraper. There are also various
tools to censor or report “extremist” content.</p>
<p> <strong>Online surveillance of social networks</strong></p>
<p> Godfather collects public data from Facebook. While Spring
Bishop finds private photos of targets on Facebook, Reservoir
allows the collection of various Facebook information. Clean
Sweep can “masquerade Facebook wall posts for individuals or <em>entire
countries</em>.”</p>
<p> Birdstrike monitors and collects Twitter profiles. Dragon’s
Snout collects Paltalk group chats. Airwolf collects YouTube
videos, comments and profiles. Bugsy collects users’ info off
Google+. Fatyak is about collecting data from LinkedIn.
Goodfella is a “generic framework to collect public data from
online social networks.” Elate monitors a target's use of UK's
eBay. Mouth finds, collects and downloads a user’s files from
achive.org. Photon Torpedo can “actively grab the IP address of
an MSN messenger user.” Pitbull is aimed at large scale delivery
of tailored messages to IM services.</p>
<p> Miniature Hero is about exploiting Skype. The description
states, “Active Skype capability. Provision of real time call
records (SkypeOut and SkypetoSkype) and bidirectional instant
messaging. Also contact lists.”</p>
<p> If that’s not enough mass-scale surveillance and manipulation
to irk you, there are more weaponized tricks and techniques in
the <a
href="https://firstlook.org/theintercept/document/2014/07/14/jtrig-tools-techniques/">JTRIG
Manual</a>.</p>
</div>
</body>
</html>