GCHQ leak lists UK cyber-spies' hacking tools

GCHQ Image copyright Reuters
Image caption More than 100 codenamed projects are defined in the leaked GCHQ document

A document that appears to list a wide variety of GCHQ's cyber-spy tools and techniques has been leaked online.

It indicates the agency worked on ways to alter the outcome of online polls, find private Facebook photos, and send spoof emails that appeared to be from Blackberry users, among other things.

The document is alleged to have been among those leaked by former US intelligence analyst Edward Snowden.

One expert said the release, published on the site Intercept, was "damaging".

Alan Woodward, a security consultant who has done work for GCHQ, the UK's intelligence agency, said: "If you read the mission statement of any signals intelligence organisation, all the listed techniques are what you'd expect them to be doing.

"But it's very unhelpful for the details to leak out because as soon as you reveal to people how something is being done they can potentially take steps to avoid their information being collected.

Image copyright Intercept
Image caption The leaked document lists the techniques in the style of the online encyclopaedia Wikipedia

"We've already seen it happen when various forms of interception were revealed previously with the Snowden leaks."

Glenn Greenwald, the journalist who published the latest document, noted in his article that an earlier inquiry by the European Parliament's Civil Liberties Committee had called into question the "legality, necessity and proportionality" of the data-collection activities of GCHQ and the US National Security Agency (NSA), for which Mr Snowden worked.

He also highlighted that the article's publication coincided with the start of a legal challenge brought by Privacy International, Liberty and other civil rights groups that claimed the UK's security agencies had acted unlawfully.

However, GCHQ denies it is at fault.

"It is a longstanding policy that we do not comment on intelligence matters," it said in a statement.

"Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee."

Swamp donkey

More than 100 projects are included in the document, which appears to be from a Wikipedia-style listing for GCHQ's Joint Threat Research Intelligence Group.

Image copyright Linden Lab
Image caption The leak indicates that GCHQ created a tool to help agents make use of Second Life

Many involve eccentric codenames.

For example, the ability to send an audio message to a large number of telephones and/or "repeatedly bomb" a target number with the same message is called Concrete Donkey - the name of a weapon in the video game Worms.

Other examples include:

  • Angry Pirate - a tool to permanently disable a target's account on their computer
  • Bomb Bay - the capacity to increase website hits/rankings
  • Cannonball - the ability to send repeated text messages to a single target
  • Gestator - a tool to make a message, normally a video, more visible on websites including YouTube
  • Glitterball - software to help agents carry out operations in Second Life and other online games
  • Birdstrike - Twitter monitoring and profile collection
  • Fatyak - public data collection from the business-focused social network LinkedIn
  • Spring Bishop - a tool to find private pictures of targets on Facebook
  • Changeling - the ability to spoof any email address and send messages under that identity
  • Bearscrape - a tool to extract a computer's wi-fi connection history
  • Miniature Hero - the ability to source real-time call records, instant messages and contact lists from Skype
  • Swamp donkey - a way to send a modified Excel spreadsheet document that silently extracts and runs malware on the target's computer
  • Underpass - a tool to change the result of online polls

Some of the schemes are listed as being operational while others are said to be still at the design, development or pilot stages.

Analysis: Gordon Corera, security correspondent

Image copyright Thinkstock

The latest revelations suggest that GCHQ is developing a wide range of capabilities which go beyond the simple gathering of information and into the realms of covert action.

This is another traditional part of the work of spy agencies but one they prefer to keep clandestine and therefore "deniable".

According to the documents, this appears to range from disrupting an individual's online activity to broader "information operations" to influence opinion in other countries.

What is not clear from the document is how far these capabilities have actually been deployed and put into action and against whom.

Almost every state is secretly developing capabilities to disrupt their opponents in cyberspace but they do not like talking about them or having them revealed in public.

'Chinese menu'

It is not clear exactly how out-of-date the list is.

The document states it was last modified in July 2012, but includes a note saying: "We don't update this page anymore, it became somewhat of a Chinese menu for effects operations."

Staff are instead directed to an alternative page, which has not been leaked.

"The accusation that GCHQ has been manipulating polls and influencing and distorting political discourse is incredibly serious," said Emma Carr, acting director of the Big Brother Watch campaign group.

"The UK is always the first to point the finger at countries if there is a whiff of corruption or interference within a democratic process, so if senior ministers are aware that this is taking place then this absolutely stinks of hypocrisy.

"It is essential that the government directly addresses these accusations, otherwise they are at risk of losing the international moral high ground."

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites