This is part of an ongoing series to catalogue and describe various government-sponsored groups and agencies which have directly participated in spreading disingenuous, "fake news" through the Internet and conducting cyberattacks in order to discredit or subvert opponents. This may provide a valuable tool and reference to Internet researchers who encounter such groups and strategies online.

History

The Joint Threat Research Intelligence Group (JTRIG) is a unit of the British Government Communications Headquarters (GCHQ).(1) The existence of JTRIG was unconfirmed until Edward Snowden leaked documents on the global surveillance coalition known as Five Eyes in 2014.(2)

The official business of JTRIG would be to survey and conduct counterintelligence against enemies of the United Kingdom. A large part of JTRIG's work has been against Al Qaeda, the Taliban, and ISIS over the years. JTRIG would also be partly responsible for Britain's taking of the Falkland Islands in Argentina to an unknown degree.(3)

It was revealed in the Snowden documents that JTRIG would actively participate in attacks against citizen groups as well including the hacktivist group, Anonymous. Despite not being officially authorized by the British government to do so, JTRIG carried out a series of cyberattacks and hacks which allowed them to arrest at least one individual, Edward Pearson, and conduct illegal surveillance on countless others.(4) They were also able to bring down a number of Anonymous systems over many years to disrupt their communications.

Tactics

JTRIG themselves admit to the use of "dirty tricks" to accomplish their goals, as was briefly mentioned in the illegal surveillance program above. Their technology and techniques seem to be cutting edge, and thus traditional safeguards against their strategies, such as the use of Tor, are limited.

It was demonstrated in the case against Anonymous that they were able to obtain complete personal information on individuals despite attempts to hide their identities. While it is unknown how exactly they could compromise systems like Tor and select Virtual Private Networks, it has been well-accepted that these are no longer completely safe and have security holes which can be exploited by government surveillance.

JTRIG members will join chat rooms, social media, and popular platforms like Reddit and 4chan to infiltrate target groups and get closer to targeted individuals. In the case of Edward Pearson, JTRIG was able to send him a link through chat which appeared to be a legitimate website. However, the link itself was a "honey pot" that handed JTRIG Pearson's private information.(5) JTRIG has been known to use such honey pot techniques in addition with sexual content to enhance its effect.(6)

JTRIG has also been known to employ more traditional black-hat techniques such as DDoS attacking. In 2011 JTRIG was able to bring down an Anonymous chat room for 30 hours.(7) Against the Taliba JTRIG would also send "blizzards" of texts, faxes, and phone calls to disrupt their communications. In Iran, JTRIG would also write fake blog information attacking private companies involved in their nuclear program. They would even go so far as to utilize online "false flag" operations against targets, the exact definition of which is unknown.(8)

JTRIG has even employed malware in their operations such as a virus that can decrypt your filesystem, re-encrypt it, and cause the screen to violently shake.(9)

JTRIG is not above breaking the law or requiring orders, so this group should be considered exceptionally dangerous.

For more information on JTRIG and related organizations, see the Pizzagate Wiki's page on JTRIG.