Session
Fahrplan 34C3
Ethics, Society & Politics

Uncovering British spies’ web of sockpuppet social media personas

Saal Borg
Mustafa Al-Bassam
The Joint Threat Research Intelligence Group (JTRIG), a unit in one of Britain’s intelligence agencies, is tasked with creating sockpuppet accounts and fake content on social media, in order to use "dirty tricks" to "destroy, deny, degrade [and] disrupt" enemies by "discrediting" them. In this talk, we reveal some of that content, in relation to infiltrating activists groups around the world, including during the Arab spring and Iranian revolution.

In 2011, I was unknowingly messaged on an IRC channel by a covert agent from the UK’s Government Communications Headquarters (GCHQ), who was investigating the hacktivist groups of Anonymous and LulzSec. Later that year, I was arrested (and banned from the Internet) for my involvement in LulzSec. Then, in 2014, I discovered through a new Snowden leak[1] that GCHQ had targeted Anonymous and LulzSec, and the person that messaged me was a covert GCHQ employee, pretending to be a hacktivist.

Because I was myself targeted in the past, I was aware of a key detail, a honeypot URL shortening service setup by GCHQ, that was actually redacted in the Snowden documents published in 2014. This URL shortening service enabled GCHQ to deanonymize another hacktivist and discover his real name and Facebook account, according to the leaked document.

Using this key detail, I was able to discover a network of sockpuppet Twitter accounts and websites setup by GCHQ, pretending to be activists during the Arab spring of 2011 and Iranian revolution of 2009, and we published an article about it last summer in Motherboard as a piece of investigative journalism.

This talk will: - go into detail about how and why GCHQ setup a network of fake social media accounts, blogs, honeypot proxies and news sites during revolutionary events; - reveal new details about other fake websites that GCHQ setup in other parts of the world for different purposes.

The people responsible, the Joint Threat Research Intelligence Group (JTRIG), is a group within GCHQ that has the aim of "using online techniques to make something happen in the real or cyber world". To fulfill this aim, a wide but basic array of technological tools and software are used at JTRIG’s disposal, as detailed in the published document titled "JTRIG tools and techniques"[2]. These tools include "DEADPOOL", described as a "URL shortening service", and "HUSK", a "secure one-to-one web based dead-drop messaging platform".

How can seemingly innocent web services be used as honeypots to conduct signal intelligence, being part of something more sinister?

Additional information

Type lecture
Language English

More sessions

12/27/17
Ethics, Society & Politics
Ingo Dachwitz
Saal Clarke
In der EU wird gerade über eine Verordnung verhandelt, die für die Vertraulichkeit der elektronischen Kommunikation verbindliche und zeitgemäße Regeln schaffen soll. Diese „ePrivacy-Verordnung“ könnte in absehbarer Zeit die letzte Möglichkeit sein, dem informationellen Kontrollverlust EU-weit politisch etwas entgegenzusetzen.
12/27/17
Ethics, Society & Politics
Katika Kühnreich
Saal Adams
In 2014 China’s government announced the implementation of big data based social credit systems (SCS). The SCS will rate online and offline behavior to create a score for each user. One of them is planned to become mandatory in 2020. This lecture will review the current state of governmental and private SCS and different aspects of these systems.
12/27/17
Ethics, Society & Politics
Markus Beckedahl
Saal Borg
Deutschland hat gewählt, man weiß nur noch nicht, wer regieren wird. Bis Weihnachten könnte ein Koalitionsvertrag verhandelt worden sein, vielleicht auch später. Was sind die zu erwartenden großen Debatten der neuen Legislaturperiode?
12/27/17
Ethics, Society & Politics
Saal Clarke
France is part of the top countries trying to destroy encryption, especially through backdoor obligations, global interceptions, and effort to get access to master keys. French law already criminalises the use of encryption, imposing heavier penalties on people using it or regarding them as general suspects. How can we oppose this trend? What political role for developers?
12/27/17
Ethics, Society & Politics
Tim Carstens & Parker Thompson
Saal Adams
Software vendors like to claim that their software is secure, but the effort and techniques applied to this end vary significantly across the industry. From an end-user's perspective, how do you identify those vendors who are effective at securing their software? From a vendor's perspective, how do you identify those techniques which are effective at improving security? Presenting joint work with Sarah Zatko, mudge, Patrick Stach, and Parker Thompson.
12/27/17
Ethics, Society & Politics
Saal Adams
Der NSA-BND-Untersuchungsausschuss des Deutschen Bundestags ist zu Ende. Da bietet es sich an, nun auf die gesammelten Geheimdienstskandale und die Reaktionen auf die Enthüllungen zurückzublicken.
12/27/17
Ethics, Society & Politics
Mahsa Alimardani
Saal Dijkstra
How do Iranians experience the Internet? Various hurdles and risks exist for Iranians and including outside actors like American technology companies. This talk will assess the state of the Internet in Iran, discuss things like the threats of hacking from the Iranian cyber army; how the government are arresting Iranians for their online activities; the most recent policies and laws for censorship, surveillance and encryption; and the policies and relationships of foreign technology companies ...