I picked up on this via a tweet doing the rounds this morning, originating with one from Glenn Greenwald. The focus is a slideshow leaked by Edward Snowden used for a top secret spy conference in 2012. The tweet claims this indicates implicates involvement of all the 5 Eyes branches, meaning it includes the GCSB.
While the techniques of cyber warfare were
particularly used against the group anonymous, the use of blogs for circulation of (mis)information could be used against any online group/blog. [Edit: the attacks on Anonymous are indicated in another slideshow amongst the Snowden documents on the NBC site; also reported on in an NBC article part written by Greenwald, as mentioned in this BBC article]
The NBC News investigation reports on the GCHQ leaked documents:
Both PowerPoint presentations describe “Effects” campaigns that are broadly divided into two categories: cyber attacks and propaganda operations. The propaganda campaigns use deception, mass messaging and “pushing stories” via Twitter, Flickr, Facebook and YouTube. JTRIG [Joint Threat Research and Intelligence Group] also uses “false flag” operations, in which British agents carry out online actions that are designed to look like they were performed by one of Britain’s adversaries.
The documents indicate well planned efforts to manipulate journalists and spread misinformation through the news media.
The 2010 presentation also describes another potential operation that would utilize a technique called “credential harvesting” to select journalists who could be used to spread information. According to intelligence sources, spies considered using electronic snooping to identify non-British journalists who would then be manipulated to feed information to the target of a covert campaign. Apparently, the journalist’s job would provide access to the targeted individual, perhaps for an interview. The documents do not specify whether the journalists would be aware or unaware that they were being used to funnel information.
The executive director of the Committee to Protect Journalists, Joel Simon, said that the revelation about “credential harvesting” should serve as a “wake up call” to journalists that intelligence agencies can monitor their communications. Simon also said that governments put all journalists at risk when they use even one for an intelligence operation.
“All journalists generally are then vulnerable to the charge that they work at the behest of an intelligence agency,” said Simon.
The journalist operation was never put into action, according to sources, but other techniques described in the documents, like the Ambassadors Reception computer virus and the jamming of phones and computers, have definitely been used to attack adversaries.
Most of the targets seem to be those outside the 5 Eyes countries (although it does make it look like English language countries targeting the rest of the world). However, given the shift in the GCSB’s focus from physical threats to “economic” threats, there’s no telling where such methods have been used since the slideshows of 2010 and 2012.