Forget Russian Trolls: NSA and GCHQ use sockpuppets, spread propaganda, and harvest user data on social networks
When Mueller indicted 13 Russians and 3 Russian enterprises for running a troll farm in St Petersburg in February, no one expected anything more to come of it. With America having no jurisdiction in Russia, he could do nothing to press charges against these Russian nationals or organisations, and the chances of the accused being extradited were almost zero. Many believed that Mueller had indicted the proverbial 'ham sandwich'.
A 37-page indictment document outlined how these 'Russian Trolls' had spread propaganda and tried to influence voting behaviour in the 2016 US Election. The report alleges that the troll farm targetted both Trump and Bernie supporters, and used social media channels and grass roots campaigners to try and sow discord in the democratic process.
When a legal representative of one of the accused organisations, Concorde Catering, turned up in court in May, demanding disclosure from Mueller's team, it took everybody by surprise. The company were accused of conspiring to defraud the United States, through controlling the funding, human resources and activities of the propaganda campaign. The Concorde Catering legal team pleaded "not guilty", and demanded to see what evidence Mueller had gathered, questioning whether he had any basis to charge the company of knowingly and willfully violating American laws.
At the hearing, the government disclosed that it had collected almost two terabytes of data relating to social media profiles as evidence. Defence attorney Eric Dubelier accused them of being deliberately slow in releasing the data, and sought to have the case dismissed; he stated that it was unconstitutional, there have been violations of due process, and there has been no charges of a criminal offence made.
Meanwhile, the government seem to be overlooking the fact their own agencies have been proven to be harvesting user data from social network sites and using it for their own propaganda efforts. The Snowden files contained Top Secret Documents showing that both NSA and GCHQ were using sock puppet troll accounts to influence political process in foreign countries.
Furthermore, GCHQ documents from around 2010 show that Twitter, Flickr, YouTube and Facebook were all used to build psychological profiles of users, then target them with viral campaigns and propaganda using fake social media personas.
A document regarding the QUITO program run by GCHQ's Joint Threat Research and Intelligence Group (JTRIG) outlined how they tried to discredit the current Zimbabwe regime by spreading misinformation online.
Security researcher and LulzSec co-founder Mustafa Al-Bassam gave a presentation in December 2017 containing slides showing that JTRIG create sock puppet accounts and post fake content on social media to "discredit, disrupt, delay, deny, degrade, and deter" enemies. They posed as Iranian, Syrian and Bahrainian protestors, with activity focused around the Iranian revolution of 2009, and the Arab Spring of 2011, providing "uncensored access" to news websites in the targetted countries which GHCQ themselves controlled. Oddly, JTRIG's sockpuppet Twitter accounts that promoted their honeytrap counter-censorship efforts (including '2009 Iran Free' which is still online) only tweeted between 9am and 5pm UK time.
JTRIG agents also lurked on a number of IRC channels, monitoring communications between users and gathering their personal information by getting them to follow links made using their own 'in-house' URL shortening service "lurl.me".
A full list of the tools that JTRIG had at their disposal is available, including GODFATHER which gathered Facebook profile information, and GOODFELLA, which targetted other social network sites.
The GCHQ "Effects" campaign used psychological profiling to try to influence hotel choices of hard targets. Their system of profilng, known by the acronym OCEAN, measured the openness, contentiousness, extroversion, agreeableness and neuroticism of individuals. It specifies that a low-level attack against an individual may comprise call bombing or WiFi DOS, where a mid-range attack may include PSYOPS over social networks, telephone or email.
In the training manual entitled "The ART of DECEPTION : Training for a New Generation of Online Covert Operations" GCHQ say they want to build "Cyber Magicians", and specify that Disruption and False Flag operations may be carried out online against groups or individuals.
It leaves you wondering if Russia may make their own indictments against their British counterparts; wherever it is our own Internet Research Agency may be based. Given the anti-Russian paranoia that the agencies are currently spreading, I'd guess that FSB were hot on their trail anyway. The next hearing on Mueller's Russian Indictment case is scheduled for June 15.
Check out the original documents for yourself:
Full-Spectrum Cyber Effects by GCHQ
Prism/US-984XN Overview by NSA
The ART of DECEPTION
Alternatively, search the full Snowden Archive here.
----
ther recent articles on my blog:
» David Hogg: "Fuck college & fuck the SAT!"
»"Show Me All The Muslims who Like Bacon!" - another case to #DeleteFacebook