On June 22, 2017, an anonymous user under the poster ID “yFIaEkoh” posted a forged letter to 4chan, an online forum popular with far-right and conspiracy theorist groups. The letter claimed to show that Britain’s electronic intelligence agency, GCHQ, spied during the 2016 U.S. presidential elections on the campaign of then-candidate Donald Trump at the behest of President Barack Obama.

Despite repeated exposure as a fraud, including on 4chan itself, the letter continued to circulate and was used to bolster claims that Trump remains the victim of an international “deep state” conspiracy aimed at undermining his presidency.

@DFRLab tracked the forgery across the internet, as a case study in how fakes can continue to spread through willing or engaged audiences, even when their falsehood is manifest.

The letter — content

The letter, dated November 2016, purported to be a request from then-GCHQ director Robert Hannigan to UK Foreign Secretary Boris Johnson, to extend permission “to surveil” Trump’s New York headquarters, “at the request of the US President”.

The text of the letter provided some logistical details, which implicated then-National Security Advisor Susan Rice.

To judge by the image posted online, the letter had been printed out on GCHQ headed paper, signed by Hannigan, then folded twice and scanned:

The image of the letter posted to 4chan on June 22, 2017. (Source: 4plebs)

The original 4chan post; note the date, June 22, 2017. (Source: 4plebs)

However, several internal factors confirm that the letter was a forgery. Paragraph four referred to “former MI5 agent Michael Steele,” who had provided “actionable leads” on apparent “communications with Russian hostile actors.” This was a glaring error: in fact, it was a former MI6 agent, Christopher Steele, who produced a dossier on Trump’s Russian connections.

Even if the author of a “TOP SECRET” document had been so sloppy as to give the source’s name — which is unlikely — it is beyond plausibility that they would get both Steele’s first name and his affiliation wrong in a communication with their own government.

The term “to surveil” was also indicative. For one thing, the verb is typical of American English, rather than British; for another, “surveillance” is a term proper to human intelligence, not signals intelligence, which is GCHQ’s remit. This may appear a technicality, but GCHQ is a technical organization.

Even the letter’s alleged back story is evidence of falsehood. The claim that GCHQ had sought permission to “surveil” Trump’s organization “at the request of the US President” could only be genuine if we were to believe that British civil servants would accept a tasking directly from the U.S. president, bypassing not only every intelligence and diplomatic entity in the U.S., but the entire diplomatic, political, and legal system of oversight in the UK.

In the words of former GCHQ director David Ormond, explaining this to the Financial Times:

If the telephone rang in GCHQ from the White House, that in itself would be unheard of. The director would then ring his US counterpart, the director of the NSA — there’s a hotline on his desk — to ask if it was a hoax. The next person he would ring would be the foreign secretary to say we’ve had this amazing request.

Whoever forged this letter had a very romantic view of the U.S. president’s power to task, and British civil servants’ willingness to comply.

The letter — presentation

While the content was demonstrably fake, the presentation of the letter was more convincing. It used a known GCHQ logo and Hannigan’s signature, and a classification (TOP SECRET STRAP3) which belongs to a known system.

However, all three features could easily be faked with a few minutes of research. The GCHQ logo and Hannigan’s signature are both available from his resignation letter, published by GCHQ in January 2017.

GCHQ Director Robert Hannigan’s resignation letter; compare the header and signature with those in the forgery. (Source: GCHQ)

The STRAP system of classification was exposed on various blogs since at least 2013, as have examples of STRAP-classified material leaked by former U.S. National Security Agency contractor Edward Snowden.

The forger would thus have found it easy to make their document look convincing; it is perhaps fortunate that their ability to write convincing content was so much lower.

We cannot establish the identity of the forger with certainty, yet the writing bears indicative patterns. The letter was written in idiomatic English; its tone is more American than British (“surveil”, “advisor” spelt with an o), and the context of the fake suggests an American focus, but there is insufficient evidence to be conclusive.

Context

The forgery was not released into an information vacuum. Three months earlier, on March 16, 2017, Fox News commentator Andrew Napolitano, a former judge, claimed:

Sources have told me that the British foreign surveillance service, the Government Communications Headquarters, known as GCHQ, most likely provided Obama with transcripts of Trump’s calls…by bypassing all American intelligence services.

The Trump White House took up the claim, which triggered a sharp response from both GCHQ and 10 Downing Street. Napolitano was reportedly suspended from Fox for two weeks for his comments.

The forgery appears aimed at reviving and bolstering Napolitano’s story, and thus feeding the ongoing conspiracy theory that the Obama White House abused its power against Trump.

Rapid exposure

The forgery was exposed almost as soon as it was posted. According to an archive of the 4chan page, it was placed online at 20:54:49 on June 22, 2017. At 21:13:34, less than nineteen minutes later, another anonymous user replied that it was fake.