"The Joint Threat Research Intelligence Group (JTRIG), a unit in one of Britain's intelligence agencies, is tasked with creating sock puppet accounts and fake content on social media in order to use ‘dirty tricks' to ‘destroy, deny, degrade [and] disrupt' enemies by ‘discrediting' them," Mustafa al-Bassam, a security researcher pursuing a Ph.D. in London and former member of the LulzSec hacktivist group, said in a December 27 talk at the 34th Chaos Communication Congress.
Bassam was selected for Forbes' 2016 "30 Under 30" list for up and coming leaders in the European tech sector.
On December 28, protests erupted in Tehran, Mashhad, Isfahan and Rasht, with demonstrators calling for better economic opportunities and lower living costs. At least 22 people have been killed since the demonstrations started.
JTRIG has also gotten its hands dirty in "social manipulation operations" targeting hacktivists like LulzSec and Anonymous, according to Bassam. Until former National Security Agency contractor Edward Snowden released documents in 2014 showing that JTRIG used "distributed denial of service" (DDoS) attacks to target Anonymous and LulzSec, the British unit's existence remained a secret.
Using information from the leaked materials as well as his first-hand experience in being targeted by covert UK cyberintelligence agents, Bassam found out that London's Government Communications Headquarters (GCHQ) made use of a URL shortening service to unmask the identities of Anonymous activists. "Using this key detail, I was able to discover a network of sock puppet Twitter accounts and websites set up by GCHQ," he said.
The accounts and websites feigned the appearance of being "activists during the Arab spring of 2011 and the Iranian revolution of 2009," the researcher told the Chaos Communication Congress. JTRIG carried out social manipulation operations concerning protests in Syria and Bahrain, he noted.
Leaked GCHQ slides labelled "top secret" and related to the US, Australia, Canada, Great Britain and New Zealand show that by sending a link through hacker chat rooms, the agency could deanonymize the person who clicked on it. The URL shortening service "lurl.me" appeared online in 2009 and tweeted links about the Iran protests in 2009, according to Bassam's research.
JTRIG's techniques include "uploading YouTube videos containing persuasive messages; establishing online aliases with Facebook and Twitter accounts, blogs and forum memberships for conducting [human intelligence] or encouraging discussion on specific issues; sending spoof emails and text messages as well as providing online resources; and setting up spoof trade sites," according to a GCHQ document subtitled "Behavioral Science Support for JTRIG's Effects and Online HUMINT [Human Intelligence] Operations."
The targets of the operations "may cover all areas of the globe," the document reads. "Staff described operations that are currently targeted at, for example, Iran," it said, noting that operations can target whole populations "e.g., Iranians," a group of roughly 80 million people.
JTRIG's goals in Iran were "discrediting the Iranian leadership and its nuclear programme," "delaying and disrupting online access to materials used in the nuclear programme," "conducting online HUMINT" and "counter-censorship," Bassam noted, citing GCHQ documents.
"It might sound great, it might sound like GCHQ is aligned with the motives of the internet freedom community by helping these Iranian people to avoid censorship," he noted. The GCHQ was ostensibly helping Iranians avoid censorship with certain IP addresses and websites that could maneuver around internet blockades to access accurate information.
"In this context, the GCHQ is acting like the big bad wolf from the Little Red Riding Hood" fairy tale, Bassam said. "They may seem like they are helping you, but they are also harming you in the process."
While "providing online access to uncensored material" was one goal, the GCHQ killed two birds with one stone by "hosting targets' online communications/websites for collecting signals intelligence" and surveilling Iranians who clicked on shortened links provided by the GCHQ.
Power struggles
The idea that Western governments are guiding and fueling the protests, however, may not paint a complete picture of the story.
Martin Mahdavi, an Iranian-American businessman, told Sputnik News the protests may have been started by conservatives seeking to loosen Iranian President Hassan Rouhani's grip on power.
The Iranian Revolutionary Guard Corps and Rouhani's government "are having disagreements about what's the best way to dominate the Middle East after their success since 2003. But conservatives lost the election in 2017 — as well as Supreme Leader Ali Khamenei's unconditional support — and their base is shrinking heavily. So conservatives need mayhem and leverage. I think it was started by conservatives to gain the leverage and ultimately force Khamenei to get closer to them again and now it's gotten violent and is being heavily encouraged by the US and its allies," Mahdavi said in an interview with Sputnik News on Tuesday.
The floods of headlines about protests in Iran "make it likely" that observers in Washington and London will see "a good opportunity to damage Iran's international status," Mahdavi said.
If the conservative plan was to draw Western ire as a means to curry Khamenei's favor, US President Donald Trump took the bait right on cue. "The people of Iran are finally acting against the brutal and corrupt Iranian regime… The people have little food, big inflation and no human rights," Trump tweeted January 2.
Shaming Iran's government internationally, though, may wind up backfiring. Once the Iranian people uncover organized attempts like the GCHQ's operation aiming to promote disruption and population-level deception, the people will be more likely to end the protests, "like in 2009," Mahdavi says.
"Overall it's part of a bad strategy to weaken Iran," since fundamental change can only emerge from the unmanipulated sovereign will of the Iranian populace, he said. "It won't work."
The early stages of an uprising often form the basis of future assessments about the conflict particularly which actors deserve blame. We saw this with the Syria war. #Iran won't follow the same violent trajectory. But pay attention to the same early-narrative creation dynamics.
— Max Abrahms (@MaxAbrahms) January 2, 2018
"It's frustrating to see the Iran protests knowing the best thing you can do to help them is absolutely nothing," Max Abrahms of the Council on Foreign Relations tweeted December 31.