Could GCHQ influence Iran protests? They’ve done it before, claims researcher

2 Jan, 2018 16:30 / Updated 7 years ago

The UK government uses fake content & sockpuppet accounts on social media to infiltrate activist groups & “destroy” enemies, former hacktivist Mustafa Al-Bassam claims. A shadowy unit is known to target the Middle East, he says.

Al-Bassam, who uses the alias TFlow, was a black hat hacker and one of the six core members of hacktivist group LulzSec. He is now a researcher and Computer Science PhD student at University College London, and says social media sites such as Twitter, BlogSpot and YouTube are being used by British intelligence agencies to pursue geopolitical goals.

He says through its social media manipulation operations, spy agency Government Communications Headquarters (GCHQ) tried to influence online activists during the 2009 Iranian presidential election protests, and the 2011 uprisings widely known as the Arab Spring.

Al-Bassam told the Chaos Communication Congress in Germany last week that the Joint Threat Research Intelligence Group (JTRIG) – a unit in GCHQ – uses “dirty tricks” to target activists.

He says JTRIG has been tasked by the British government to “[use] online techniques to make something happen in the real or cyber world.” To fulfil this aim, a wide but basic array of technological tools and software are used, including ‘DEADPOOL,’ which is described as a “URL shortening service,” and ‘HUSK,’ a “secure one-to-one web based dead-drop messaging platform.”

He told the conference: “It’s basically a fancy name for sitting on Twitter and Facebook all day and trolling online. What they do, is they conduct what they call ‘human intelligence’ – which is like the act of interacting with humans online to try and make something happen in the real world.

“In their own words one of the things they do is to use ‘dirty tricks’ to ‘destroy, deny, degrade [and] disrupt’ enemies by ‘discrediting’ them.”

JTRIG has been involved in infiltrating hacktivist groups Anonymous and LulzSec, and protesters in Iran, Syria and Bahrain, he says.

As a “honey pot” to attract activists, GCHQ set up free URL shortening service lurl.me, which was used on Twitter and other social media platforms to spread revolutionary messages in the Middle East. These messages would attract people protesting against the government there, and British intelligence would collect information on them.

Al-Bassam said he discovered this information among the documents leaked by NSA whistleblower Edward Snowden. “In 2011, I was unknowingly messaged… by a covert agent from [GCHQ], who was investigating the hacktivist groups of Anonymous and Lulzsec. Later that year, I was arrested and banned from the internet for my involvement in Lulzsec.

“Then, in 2014, I discovered through a new Snowden leak that GCHQ had targeted Anonymous and Lulzsec, and that the person that messaged me was a covert employee, pretending to be a hacktivist.”

He added: “Because I was myself targeted in the past, I was aware of a key detail – a honeypot URL shortening service set up by GCHQ, that was actually redacted in the Snowden documents published in 2014. This URL shortening service enabled GCHQ to deanonymize another hacktivist and discover his real name and Facebook account, according to the leaked document.

“Using this key detail, I was able to discover a network of sockpuppet Twitter accounts and websites set up by GCHQ, pretending to be activists during the Arab spring of 2011,” he said.