The Intercept has just released a document filed as top secret outlining the goals and modus operandi of the Joint Threat Research Intelligence Group (JTRIG). JTRIG is one of the more significant, but less referenced, British intelligence operations Snowden made us aware of. In February of 2014, Edward Snowden leaked documents that showed GCHQ was manipulating Internet discourse. The manipulations included denial of service attacks (DoS) against the hacktivist collective Anonymous, as well as a propaganda operation aimed at shaping the way the Latin American public views the Falkland Islands dispute:
The group, first revealed last year by NBC News and The Intercept, has developed various techniques — including “false flag” operations, sexual “honey traps,” and implanting computer viruses — to collect intelligence, plant propaganda and diminish or discredit opponents. As reported in The Intercept last year, JTRIG “has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, ‘amplif[y]’ sanctioned messages on YouTube,” and plant false Facebook wall posts for “entire countries.” According to a study of the group by the U.K.’s Defence Science and Technology Laboratory (DSTL), “the language of JTRIG’s operations is characterized by terms such as ‘discredit,’ promote ‘distrust,’ ‘dissuade,’ ‘deceive,’ ‘disrupt,’ ‘delay,’ ‘deny,’ ‘denigrate/degrade,’ and ‘deter.’”
The documents released today reconfirm that JTRIG was active in “preventing Argentina from taking over the Falkland Islands” and also confirm that JTRIG has been involved in “regime change in Zimbabwe.”
Today The Intercept released a 42 page JTRIG report dated from 2011 and detailing how the intelligence organization functions. Keep in mind that we are looking at a document that is four years old. The JTRIG program may have been expanded by now.
JTRIG, according to the documents, has 120 full time staff. This does not include “integrees” or persons who are not the full time employees of the program. JTRIG is divided into three operational groups: “Rest of the World,” “Counter-Terrorism” and “Support to Military Operations.” Try not to forget that although this is an international intelligence organization, a significant portion of its focus is being used for domestic affairs. According to the new documents, JTRIG is being applied to domestic crime. It is being used for police support. JTRIG is “providing intelligence for judicial outcomes.”
Parallel construction is worth mentioning. Have a look.
Among the domestic crimes listed are illegal immigration, online credit card fraud, and “domestic extremism.” The documents state that JTRIG is working with the Serious Organized Crime Agency (SOCA), HM Revenue & Customs (HMRC), the UK’s tax collection authority, the Metropolitan police, UK Borders, and “15 Psyops” or the 15 Psychological Operations Group, in-theatre.
What we’re primarily interested in here is the way the state is using this team to manipulate public opinion online. This is being done under the banner of combating “extremism.” Extremism, of course, is any position or belief that does not support the current state and its official narrative. The documents list “monitoring Irish Republican groups,” “discrediting extremist sites and individuals/groups,” “far-right activists,” as well as “dissuading criminals, state actors, and hacktivists.”
Here are some excerpts from section 2.5, listing “operation methods/techniques”:
Uploading YouTube videos containing “persuasive” communications (to discredit, promote distrust, dissuade, deter, delay or disrupt).
Setting up Facebook groups, forums, blogs and Twitter accounts that encourage and monitor discussion on a topic (to discredit, promote distrust, dissuade, deter, delay or disrupt).
Establishing online aliases/personalities who support the communications or messages in YouTube videos, Facebook groups, forums, blogs etc.
Establishing online aliases/personalities who support other aliases.
Sending spoof e-mails and text messages from a fake person or mimicking a real person (to discredit, promote distrust, dissuade, deceive, deter, delay or disrupt).
We’re talking about things that have been in the domain of conspiracy theorists. (I do not intend for the term to be pejorative here.) This is evidence of state-sponsored shills. If you’ve ever wondered if shills populate Facebook or YouTube – or if you’ve dismissed the idea as paranoia – now you know. It turns out they are real.
This may be more significant than it seems. More people receive most of their information from social media than ever before. While major news networks could be depended on to provide the state’s narrative without real critique in the past, today states (and corporations, for that matter) must contend with the manufacture of consent via comment-driven media. Reddit, for example, is one of the most popular websites on the Internet. It’s basically a comment farm, where reader opinions on news items subordinate the content of the articles themselves.
An environment like Reddit is especially susceptible to “establishing online aliases/personalities who support communications” and “establishing online aliases/personalities who support other aliases.” This is a form of media where votes determine which comments rise to the top – thus which comments are seen first. It’s easy to exploit the bandwagon effect and this can be used to shape opinions or develop a consensus.
A major goal of JTRIG, presented as the general thesis of the leaked documents, is exploiting psychological and cognitive biases. The documents refer to “stressing the importance of social validation (e.g. via highlighting that others have also complied)” and “conformity [as] an indirect form of social influence whereby an individual’s beliefs, feelings and behaviors yield to those (norms) of a social group.” They refer to the low-ball and high-ball techniques, the door-in-the-face and the foot-in-the-door techniques. Robert Cialdini’s book Influence: The Psychology of Persuasion is cited in the references. Many of the references are similar in nature. Few, however, have anything to do with actual terrorism.
The documents list “being blocked from the website” as a risk element for a JTRIG operation to avoid. Many social media websites, Reddit again as an example, do ban users who game the voting system or shill. The generation of multiple accounts is a fast way to be banned. Inclusion of “being blocked” as a risk reconfirms the kind of operations JTRIG is involving itself in. It may also provide some additional clues as to where JTRIG is operating. Twitter, Facebook and YouTube are mentioned by name, but the documents also refer to “forums” and “social media” in general.
While the documents admit that “it was difficult to measure operational success,” this element of consent-building on social media may seem familiar to you:
Check online and/or collect SIGINT to see if a message has been attended to, understood, accepted, remembered, and changed behaviour (e.g., people have spread the message and communicate support for it, people lack trust in the discredited individual/group/regime, people are delayed or deterred from an activity or interaction).
Now, you might say “that’s fine, they’re just making arguments.” (Or maybe that’s an excuse you’ll begin to hear online in the near future in JTRIG-influenced spaces.) Don’t forget that JTRIG is just a modern reworking of the same old propaganda tactics. The leak leaves no doubt of that. It says as much:
Propaganda techniques include: Using stereotypes; substituting names/labels for neutral ones; censorship or systematic selection of information; repetition; assertions without arguments; and presenting a message for and against a subject.
Psychological “persuasion” is on the table. And so are dirty tricks. Consider this: those dirty tricks aren’t ideal for stopping terrorism. They aren’t even ideal for solving a crime or gathering evidence. What they are really designed for is winning arguments. They’re ideal for politics. They’re ideal for consensus-manufacturing. And, specifically, for marginalizing the opposition.
Section 3.12 explains how Internet dialogue can be manipulated and what kind of personalities should be maintained:
Of particular relevance to the cyber-based effects and online HUMINT operations conducted by JTRIG is that researches have begun to study behaviour in cyberspace, including social influence. For instance, studies have found that anonymous groups may be more susceptible to influence than identifiable groups (Postmes, Spears, Sakhel, & de Groot, 2001). People in online social networks make new links with those whom they perceive to be similar (Crandall et al., 2008), and they are more likely to view a YouTube video if they believe others similar to them have viewed and liked it (Marcus & Perez, 2007). Neighbours/friends in online social networks are also more powerful than strangers in persuading a user to join an online group (Hui & Buchegger, 2009). The ability to trigger replies from others, create conversations between others, and induce similarity of language among users is more likely to be found in “online leaders” who demonstrate high communication activity, longer group membership, expansive and reciprocal social networks, and language use characterised by talkativeness, diversity, assertiveness, and emotion (Huffaker, 2010). High numbers of chat room contributions and words, as well as high levels of assertiveness and exaggeration can have a significant influencing effect during anonymous computer-mediated discourse (Miller & Brunner, 2008). Finally, during computer-mediated interaction, females are more likely to conform when the other party expresses confidence in their expertise verbally, whereas males are more likely to be influenced by quantitative expressions of confidence (Lee, 2005). Male online characters are also more likely to induce informational influence than female ones.
Maybe that sounds like someone you know.
In any case, individuals involved in radical or anti-authoritarian politics in online spaces should take heed. You don’t need to be a terrorist. You don’t need to be a criminal. It is sufficient that you fall into the ill-defined category of “hacktivist” or “extremist.”