GCHQ leak lists UK cyber-spies' hacking tools By Leo Kelion

Technology desk editor Published duration 15 July 2014

image copyright Reuters image caption More than 100 codenamed projects are defined in the leaked GCHQ document

A document that appears to list a wide variety of GCHQ's cyber-spy tools and techniques has been leaked online.

It indicates the agency worked on ways to alter the outcome of online polls, find private Facebook photos, and send spoof emails that appeared to be from Blackberry users, among other things.

The document is alleged to have been among those leaked by former US intelligence analyst Edward Snowden.

One expert said the release, published on the site Intercept, was "damaging".

Alan Woodward, a security consultant who has done work for GCHQ, the UK's intelligence agency, said: "If you read the mission statement of any signals intelligence organisation, all the listed techniques are what you'd expect them to be doing.

"But it's very unhelpful for the details to leak out because as soon as you reveal to people how something is being done they can potentially take steps to avoid their information being collected.

image copyright Intercept image caption The leaked document lists the techniques in the style of the online encyclopaedia Wikipedia

"We've already seen it happen when various forms of interception were revealed previously with the Snowden leaks."

Glenn Greenwald, the journalist who published the latest document, noted in his article that an earlier inquiry by the European Parliament's Civil Liberties Committee had called into question the "legality, necessity and proportionality" of the data-collection activities of GCHQ and the US National Security Agency (NSA), for which Mr Snowden worked.

He also highlighted that the article's publication coincided with the start of a legal challenge brought by Privacy International, Liberty and other civil rights groups that claimed the UK's security agencies had acted unlawfully.

However, GCHQ denies it is at fault.

"It is a longstanding policy that we do not comment on intelligence matters," it said in a statement.

"Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee."

Swamp donkey

More than 100 projects are included in the document, which appears to be from a Wikipedia-style listing for GCHQ's Joint Threat Research Intelligence Group.

image copyright Linden Lab image caption The leak indicates that GCHQ created a tool to help agents make use of Second Life

Many involve eccentric codenames.

For example, the ability to send an audio message to a large number of telephones and/or "repeatedly bomb" a target number with the same message is called Concrete Donkey - the name of a weapon in the video game Worms

Other examples include:

Angry Pirate - a tool to permanently disable a target's account on their computer

Bomb Bay - the capacity to increase website hits/rankings

Cannonball - the ability to send repeated text messages to a single target

Gestator - a tool to make a message, normally a video, more visible on websites including YouTube

Glitterball - software to help agents carry out operations in Second Life and other online games

Birdstrike - Twitter monitoring and profile collection

Fatyak - public data collection from the business-focused social network LinkedIn

Spring Bishop - a tool to find private pictures of targets on Facebook

Changeling - the ability to spoof any email address and send messages under that identity

Bearscrape - a tool to extract a computer's wi-fi connection history

Miniature Hero - the ability to source real-time call records, instant messages and contact lists from Skype

Swamp donkey - a way to send a modified Excel spreadsheet document that silently extracts and runs malware on the target's computer

Underpass - a tool to change the result of online polls

Some of the schemes are listed as being operational while others are said to be still at the design, development or pilot stages.

Analysis: Gordon Corera, security correspondent

image copyright Thinkstock

The latest revelations suggest that GCHQ is developing a wide range of capabilities which go beyond the simple gathering of information and into the realms of covert action.

This is another traditional part of the work of spy agencies but one they prefer to keep clandestine and therefore "deniable".

According to the documents, this appears to range from disrupting an individual's online activity to broader "information operations" to influence opinion in other countries.

What is not clear from the document is how far these capabilities have actually been deployed and put into action and against whom.

Almost every state is secretly developing capabilities to disrupt their opponents in cyberspace but they do not like talking about them or having them revealed in public.

'Chinese menu'

It is not clear exactly how out-of-date the list is.

The document states it was last modified in July 2012, but includes a note saying: "We don't update this page anymore, it became somewhat of a Chinese menu for effects operations."

Staff are instead directed to an alternative page, which has not been leaked.

"The accusation that GCHQ has been manipulating polls and influencing and distorting political discourse is incredibly serious," said Emma Carr, acting director of the Big Brother Watch campaign group.

"The UK is always the first to point the finger at countries if there is a whiff of corruption or interference within a democratic process, so if senior ministers are aware that this is taking place then this absolutely stinks of hypocrisy.