back

Uncovering British spies’ web of sockpuppet social media personas

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:31:31
Language
English
Abstract
The Joint Threat Research Intelligence Group (JTRIG), a unit in one of Britain’s intelligence agencies, is tasked with creating sockpuppet accounts and fake content on social media, in order to use "dirty tricks" to "destroy, deny, degrade [and] disrupt" enemies by "discrediting" them. In this talk, we reveal some of that content, in relation to infiltrating activists groups around the world, including during the Arab spring and Iranian revolution.

In 2011, I was unknowingly messaged on an IRC channel by a covert agent from the UK’s Government Communications Headquarters (GCHQ), who was investigating the hacktivist groups of Anonymous and LulzSec. Later that year, I was arrested (and banned from the Internet) for my involvement in LulzSec. Then, in 2014, I discovered through a new Snowden leak[1] that GCHQ had targeted Anonymous and LulzSec, and the person that messaged me was a covert GCHQ employee, pretending to be a hacktivist.

Because I was myself targeted in the past, I was aware of a key detail, a honeypot URL shortening service setup by GCHQ, that was actually redacted in the Snowden documents published in 2014. This URL shortening service enabled GCHQ to deanonymize another hacktivist and discover his real name and Facebook account, according to the leaked document.

Using this key detail, I was able to discover a network of sockpuppet Twitter accounts and websites setup by GCHQ, pretending to be activists during the Arab spring of 2011 and Iranian revolution of 2009, and we published an article about it last summer in Motherboard as a piece of investigative journalism.

This talk will:
- go into detail about how and why GCHQ setup a network of fake social media accounts, blogs, honeypot proxies and news sites during revolutionary events;
- reveal new details about other fake websites that GCHQ setup in other parts of the world for different purposes.

The people responsible, the Joint Threat Research Intelligence Group (JTRIG), is a group within GCHQ that has the aim of "using online techniques to make something happen in the real or cyber world". To fulfill this aim, a wide but basic array of technological tools and software are used at JTRIG’s disposal, as detailed in the published document titled "JTRIG tools and techniques"[2]. These tools include "DEADPOOL", described as a "URL shortening service", and "HUSK", a "secure one-to-one web based dead-drop messaging platform".

How can seemingly innocent web services be used as honeypots to conduct signal intelligence, being part of something more sinister?

Talk ID
9233
Event:
34c3
Day
1
Room
Saal Borg
Start
1:30 p.m.
Duration
00:30:00
Track
Ethics, Society & Politics
Type of
lecture
Speaker
Mustafa Al-Bassam
Talk Slug & media link
34c3-9233-uncovering_british_spies_web_of_sockpuppet_social_media_personas

Talk & Speaker speed statistics

Very rough underestimation:
151.2 wpm
851.1 spm
150.7 wpm
858.4 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
151.2 wpm
851.1 spm
peopleaccountsgchqtwitterurliranpersononlineintelligenceipp0kethings2009jtrigquestionleakedbasicallymictechniquesactivitiesoperationsshortenerexampleiranianfacebookgovernment2011agentgroupsocialnumber2013proxiesaddressprotestslinkaccountlistwebsitesspecificnamesactivitytweetapplauseinterestinglulzseclurl.metargetingmediamustafa
Mustafa Al-Bassam:
150.7 wpm
858.4 spm
accountspeoplegchqurltwitteriranintelligenceonline2009ipthingsjtrigbasicallyiranianp0keshortenergovernment2011addresstechniquesleakedperson2013proxiesfacebooksocialoperationsprotestsnameswebsitesfindwebsitelurl.medefaultmediabigtweetsrealactivitycalledconducthumantargetinglulzsecbunchcourtmanagedofflinedocumentstargeted