Leaked GCHQ catalog of exploit tools for manipulation and mass surveillance

[Eugen Leitl]

http://blogs.computerworld.com/privacy/24145/leaked-gchq-catalog-exploit-tools-manipulation-and-mass-surveillance?source=CTWNLE_nlt_security_2014-07-17

Leaked GCHQ catalog of exploit tools for manipulation and mass surveillance

By Darlene Storm

July 16, 2014 1:22 PM EDTAdd a comment

Just as civil liberties groups challenge the legality of the UK intelligence
agency’s mass surveillance programs, a catalog of exploit tools for
monitoring and manipulation is leaked online.

The Joint Threat Research Intelligence Group (JTRIG), a department within the
Government Communications Headquarters (GCHQ), “develops the majority of
effects capabilities” for UK’s NSA-flavored intelligence agency. First Look
Media first published the Snowden-leaked Wikipedia-like document full of
covert tools used by GCHQ for surveillance and propaganda. JTRIG tools and
techniques help British spies “seed the internet with false information,
including the ability to manipulate the results of online polls,” monitor
social media posts, and launch attacks ranging from denial of service, to
call bombing phones, to disabling users' accounts on PCs.

Devil’s Handshake, Dirty Devil, Reaper and Poison Arrow are but a few
vicious-sounding JTRIG system tools, but the naming convention for others are
just inane like Bumblebee Dance, Techno Viking and Jazz Fusion. Perhaps the
British spies were hungry when coming up with Fruit Bowl, Spice Island, Nut
Allergy, and Berry Twister?  

Most of the tools are "fully operational, tested and reliable,” according to
the 2012 JTRIG Manual, but "Don't treat this like a catalog. If you don't see
it here, it doesn't mean we can't build it." Like the previously leaked TAO
exploits, it’s an eye-opener as to exploits that GCHQ can deploy.

GCHQ spy tools, techniques and exploits in JTRIG manual

Some of the especially invasive tools that are “either ready to fire or very
close to being ready” include:

	Angry Pirate can “permanently disable a target’s account on their
computer.”

	Stealth Moose can “disrupt” a target’s “Windows machine. Logs of how
long and when the effect is active.”

	Sunblock can “deny functionality to send/receive email or view
material online.”

	Swamp Donkey “silently” finds and encrypts all predefined types of
files on a target’s machine.

	Tracer Fire is an “Office document that grabs the targets machine
info, files, logs, etc and posts it back to GCHQ.”

	Gurkhas Sword is a tool for “beaconed Microsoft Office documents to
elicit a targets IP address.”

       Tornado Alley is a delivery system aimed at Microsoft Excel "to
silently extract and run an executable on a target's machine."

	Changeling provides UK spies with the “ability to spoof any email
address and send email under that identity.”

	Glassback gets a target’s IP by “pretending to be a spammer and
ringing them. Target does not need to answer.” Denial of Service:

	Rolling Thunder uses P2P for distributed denial of service.

	Predators Face is used for “targeted denial of service against web
servers.”

	Silent Movie provides “targeted denial of service against SSH
services.” Other JTRIG exploits include Screaming Eagle, “a tool that
processes Kismet data into geolocation information” and Chinese Firecracker
for “overt brute login attempts against online forums.” Hacienda is a “port
scanning tool designed to scan an entire country or city” before identifying
IP locations and adding them to an “Earthling database.”

Messing with cellphones:

	Burlesque can “send spoofed SMS text messages.”

	Cannonball can “send repeated text messages to a single target.”

	Concrete Donkey can “scatter an audio message to a large number of
telephones, or repeatedly bomb a target number with the same message.”

	Deer Stalker provides a way to silently call a satellite and GSM
phone “to aid geolocation.”

	Imperial Barge can connect two target phones together in a call.

	Mustang “provides covert access to the locations of GSM cell towers.”

	Scarlet emperor is used for denial of service against targets’ phones
via call bombing.

	Scrapheap Challenge provides “perfect spoofing of emails from
BlackBerry targets.”

	Top Hat is “a version of Mustang and Dancing Bear techniques that
allows us to pull back cell tower and Wi-Fi locations targeted against
particular areas.” Vipers Tongue is another denial of service tool but it’s
aimed at satellite or GSM phone calls.  Manipulation and propaganda

Bomb Bay can “increase website hits/rankings.” Gateway can “artificially
increase traffic to a website;” Slipstream can “inflate page views on
websites.” Underpass “can change the outcome of online polls.” Badger can
mass deliver email messages “to support an Information Operations campaign.”
Gestator can amplify a “given message, normally video, on popular multimedia
websites” like YouTube. The “production and dissemination of multimedia via
the web in the course of information operations” can be accomplished with
Skyscraper. There are also various tools to censor or report “extremist”
content.

Online surveillance of social networks

Godfather collects public data from Facebook. While Spring Bishop finds
private photos of targets on Facebook, Reservoir allows the collection of
various Facebook information. Clean Sweep can “masquerade Facebook wall posts
for individuals or entire countries.”

Birdstrike monitors and collects Twitter profiles. Dragon’s Snout collects
Paltalk group chats. Airwolf collects YouTube videos, comments and profiles.
Bugsy collects users’ info off Google+. Fatyak is about collecting data from
LinkedIn. Goodfella is a “generic framework to collect public data from
online social networks.” Elate monitors a target's use of UK's eBay. Mouth
finds, collects and downloads a user’s files from achive.org. Photon Torpedo
can “actively grab the IP address of an MSN messenger user.” Pitbull is aimed
at large scale delivery of tailored messages to IM services.

Miniature Hero is about exploiting Skype. The description states, “Active
Skype capability. Provision of real time call records (SkypeOut and
SkypetoSkype) and bidirectional instant messaging. Also contact lists.”

If that’s not enough mass-scale surveillance and manipulation to irk you,
there are more weaponized tricks and techniques in the JTRIG Manual.