JTRIG Tools and Techniques
JTRIG tools
We don’t update this page anymore, it became somewhat of a
Chinese menu for effects operations. Information is now available for
JTRIG staff at [1]
Understanding this page
Tools and techniques are developed by various teams within JTRIG. We
like to let people know when we have something that we can think we
can use, but we also don’t want to oversell our capability.
For this reason, each tool indicates its current status. We may put
up experimental tools or ones that are still in development so you
know what we are working on, and can approach JTRIG with any new
ideas. But experimental tools by their nature will be unreliable, if
you raise expectations or make external commitments before speaking
to us you will probably end up looking stupid.
Most of our tools are fully operational, tested and reliable. We will
indicate when this is the case, however there can be reasons why our
tools won’t work for some operational requirements (eg if it
exploits a provider specific vulnerability). There may also be legal
restrictions.
So please come and speak to JTRIG operational staff early in your
operational planning process.
Engineering
Tool/System | Description | Status | Contacts |
---|---|---|---|
Cerberus Statistics Collection | Collects on-going usage information about how | OPERATIONAL | JTRIG Software Developers |
JTRIG RADIANT SPLENDOUR | is a ‘Data Diode’ connecting the CERBERUS network | OPERATIONAL | JTRIG Software Developers |
ALLIUM ARCH | JTRIG UIA via the Tor network. | OPERATIONAL | JTRIG Infrastructure Team |
ASTRAL PROJECTION | Remote GSM secure covert internet proxy using TOR | OPERATIONAL | JTRIG Infrastructure Team |
TWILIGHT ARROW | Remote GSM secure covert internet proxy using VPN | OPERATIONAL | JTRIG Infrastructure Team |
SPICE ISLAND | JTRIG’s new Infrastructure. FOREST WARRIOR, FRUIT | DEV | JTRIG Infrastructure Team |
POISON ARROW | Safe Malware download capability. | DESIGN | JTRIG Infrastructure Team |
FRUIT BOWL | CERBERUS UIA Replacement and new tools | DESIGN | JTRIG Infrastructure Team |
NUT ALLERGY | JTRIG Tor web browser – Sandbox IE replacement | PILOT | JTRIG Infrastructure Team |
BERRY TWISTER | A sub-system of FRUIT BOWL | PILOT | JTRIG Infrastructure Team |
BERRY TWISTER+ | A sub-system of FRUIT BOWL | PILOT | JTRIG Infrastructure Team |
BRANDY SNAP | JTRIG UIA contingency at Scarborough. | IMPLEMENTATION | JTRIG Infrastructure Team |
WIND FARM | R&D offsite facility. | DESIGN | JTRIG Infrastructure Team |
CERBERUS | JTRIG’s legacy UIA desktop, soon to be replaced | OPERATIONAL | JTRIG Infrastructure Team |
BOMBAYROLL | JTRIG’s legacy UIA standalone capability. | OPERATIONAL | JTRIG Infrastructure Team |
JAZZ FUSION | BOMBAY ROLL Replacement which will also | IMPLEMENTATION | JTRIG Infrastructure Team |
COUNTRY FILE | A sub-system of JAZZ FUSION | OPERATIONAL | JTRIG Infrastructure Team |
TECHNO VIKING | A sub-system of JAZZ FUSION | DESIGN | JTRIG Infrastructure Team |
JAZZ FUSION+ | A sub-system of JAZZ FUSION | DESIGN | JTRIG Infrastructure Team |
BUMBLEBEE DANCE | JTRIG Operational VM/TOR architecture | OPERATIONAL | JTRIG Infrastructure Team |
AIR BAG | JTRIG Laptop capability for field operations. | OPERATIONAL | JTRIG Infrastructure Team |
EXPOW | GCHQ’s UIA capability provided by JTRIG. | OPERATIONAL | JTRIG Infrastructure Team |
AXLE GREASE | The covert banking link for CPG | OPERATIONAL | JTRIG Infrastructure Team |
POD RACE | JTRIG’S MS update farm | DESIGN | JTRIG Infrastructure Team |
WATCHTOWER | GCNET -> CERBERUS Export Gateway Interface | OPERATIONAL | JTRIG Software Developers |
REAPER | CERBERUS -> GCNET Import Gateway Interface | OPERATIONAL | JTRIG Software Developers |
DIALd | External Internet Redial and Monitor Daemon | OPERATIONAL | JTRIG Software Developers |
FOREST WARRIOR | Desktop replacement for CERBERUS | DESIGN | JTRIG Infrastructure Team |
DOG HANDLER | JTRIG’s development network | DESIGN | JTRIG Infrastructure Team |
DIRTY DEVIL | JTRIG’S research network | DESIGN | JTRIG Infrastructure Team |
Collection
Tool | Description | Contacts | Status |
---|---|---|---|
AIRWOLF | YouTube profile, comment and video collection. | ████████ | Beta release. |
ANCESTRY | Tool for discovering the creation date of yahoo | JTRIG Software Developers | Fully Operational. |
BEARTRAP | Bulk retrieval of public BEBO profiles from | JTRIG Software Developers | Fully Operational. |
BIRDSONG | Automated posting of Twitter updates. | JTRIG Software Developers | Decommissioned. Replaced by SYLVESTER. |
BIRDSTRIKE | Twitter monitoring and profile collection. Click | JTRIG Software Developers | Fully Operational. |
BUGSY | Google+ collection (circles, profiles etc.) | Tech Leads: █████████████ | In early development. |
DANCING BEAR | obtains the locations of WiFi access points. | [Tech Lead: ███████ | Fully Operational. |
DEVIL’S HANDSHAKE | ECI Data Technique. | [Tech Lead: ███████ | Fully Operational. |
DRAGON’S SNOUT | Paltalk group chat collection. | Tech Leads: ████████████████████████████████ | Beta release. |
EXCALIBUR | acquires a Paltalk UID and/or email address from | JTRIG Software Developers | Fully Operational (against current Paltalk |
FATYAK | Public data collection from Linkedln. | [Tech Lead: ████████████████ | In Development. |
FUSEWIRE | Provides 24/7 monitoring of Vbulliten forums for | JTRIG Software Developers |
|
GLASSBACK | Technique of getting a targets IP address by | JTRIG Software Developers | Fully Operational. |
GODFATHER | Public data collection from Facebook. | [Tech Lead: ████████████████ | Fully Operational. |
GOODFELLA | Generic framework for public data collection from | [Tech Lead: ████████████████ | In Development (Supports RenRen and Xing). |
HACIENDA | is a port scanning tool designed to scan an | NAC HACIENDA Taskers | Fully Operational. |
ICE | is an advanced IP harvesting technique. | JTRIG Software Developers |
|
INSPECTOR | Tool for monitoring domain information and site | JTRIG Software Developers | Fully Operational. |
LANDING PARTY | Tool for auditing dissemination of VIKING PILLAGE | JTRIG Software Developers | Fully Operational. |
MINIATURE HERO | Active skype capability. Provision of real time | JTRIG Software Developers | Fully operational, but note usage restrictions. |
MOUTH | Tool for collection for downloading a user’s | JTRIG Software Developers | Fully Operational. |
MUSTANG | provides covert access to the locations of GSM | [Tech Lead: ███████ | Fully Operational. |
PHOTON TORPEDO | A technique to actively grab the IP address of | Tech Lead: █████████████ | Operational, but usage restrictions. |
RESERVOIR | Facebook application allowing collection of | JTRIG Software Developers | Fully operational, but note operational |
SEBACIUM | An ICTR developed system to identify P2P file | [Tech Lead: ███████ |
|
SILVER SPECTER | Allows batch Nmap scanning over Tor. | JTRIG Software Developers | In Development. |
SODAWATER | A tool for regularly downloading gmail messages | JTRIG Software Developers | Fully Operational. |
SPRING BISHOP | Find private photographs of targets on Facebook. | Tech Lead: ████████████████████████ |
|
SYLVESTER | Framework for automated interaction / alias | Tech Lead: ████████████████████████ | In Development. |
TANNER | A technical programme allowing operators to log | JTRIG OSO | Replaced by HAVOK. |
TRACER FIRE | An Office Document that grabs the targets Machine | █████████████ | In Development. |
VIEWER | A programme that (hopefully) provides advance tip |
| Operational, but awaiting field trial. |
VIKING PILLAGE | Distributed network for the automatic collection | PILLAGE JTRIG Software Developers | Operational. |
TOP HAT | A version of the MUSTANG and DANCING BEAR | [Tech Lead: ████████████████████████ | In Development. |
Effects Capability
JTRIG develop the majority of effects capability in GCHQ. A lot of
this capability is developed on demand for specific operations and
then further developed to provide weaponised capability.
Don’t treat this like a catalogue. If you don’t see it
here, it doesn’t mean we can’t build it. If you involve
the JTRIG operational teams at the start of your operation, you have
more of a chance that we will build something for you.
For each of our tools we have indicated the state of the tool. We
only advertise tools here that are either ready to fire or very close
to being ready (operational requirements would re-prioritise our
development). Once again, involve the JTRIG operational teams early.
Tool | Description | Status | Contacts |
---|---|---|---|
ANGRY PIRATE | is a tool that will permanently disable a | Ready to fire (but see target restrictions). | [Tech Lead: █████████████ |
ARSON SAM | is a tool to test the effect of certain types of | Ready to fire (Not against live targets, this is | [Tech Lead: █████████████ |
BUMPERCAR+ | is an automated system developed by JTRIG CITD to | Ready to fire. | JTRIG Software Developers |
BOMB BAY | is the capability to increase website | In Development. | [Tech Lead: █████████████ |
BADGER | mass delivery of email messaging to support an | Ready to fire. | JTRIG OSO |
BURLESQUE | is the capabiltiy to send spoofed SMS text | Ready to fire. | JTRIG OSO |
CANNONBALL | is the capability to send repeated text messages | Ready to fire. | JTRIG OSO |
CLEAN SWEEP | Masquerade Facebook Wall Posts for individuals or | Ready to fire (SIGINT sources required) | [Tech Lead: █████████████ |
CLUMSY BEEKEPER | Some work in progress to investigate IRC effects. | NOT READY TO FIRE. | [Tech Lead: █████████████ |
CHINESE FIRECRACKER | Overt brute login attempts against online forums | Ready to fire. | FIRECRACKER |
CONCRETE DONKEY | is the capability to scatter an audio message to | In development. | ████████████ |
DEER STALKER | Ability to aid-geolocation of Sat Phones / GSM | Ready to fire. | [Tech Lead: █████████████ |
GATEWAY | Ability to artificially increase traffic to a | Ready to fire. | JTRIG OSO |
GAMBIT | Deployable pocket-sized proxy server | In-development | JTRIG OSO |
GESTATOR | amplification of a given message, normally video, |
| [Tech Lead: ?, Expert User: ████████████████ |
GLITTERBALL | Online Gaming Capabilities for Sensitive | In development. |
|
IMPERIAL BARGE | For connecting two target phone together in a | Tested. | [Tech Lead: ████████████ |
PITBULL | Capability, under development, enabling large | In development. |
|
POISONED DAGGER | Effects against Gigatribe. Built by ICTR, |
| Tech Lead: ████████████████ |
PREDATORS FACE | Targeted Denial Of Service against Web Servers. |
| Tech Lead: ████████████████ |
ROLLING THUNDER | Distributed denial of service using P2P. Built by |
| Tech Lead: ████████████████ |
SCARLET EMPEROR | Targeted denial of service against targets phones | Ready to fire. | JTRIG Software Developers |
SCRAPHEAP CHALLENGE | Perfect spoofing of emails from Blackberry | Ready to fire, but see constraints. | ██████████████████████████ |
SERPENTS TONGUE | for fax message broadcasting to multiple numbers. | In redevelopment. | [Tech Lead: ████████████ |
SILENT MOVIE | Targeted denial of service against SSH services. | Ready to fire. | Tech Lead: ███████████████████ |
SILVERBLADE | Reporting of extremist material on DAILYMOTION. | Ready to fire. | [Tech Lead: ██████████ |
SILVERFOX | List provided to industry of live extremist | Ready to fire. | [Tech Lead: ██████████ |
SILVERLORD | Disruption of video-based websites hosting | Ready to fire. | [Tech Lead: ██████████ |
SKYSCRAPER | Production and dissemination of multimedia via | Ready to fire. | [Tech Lead: Section X; Expert Users: Language |
SLIPSTREAM | Ability to inflate page views on websites | Ready to fire. | JTRIG OSO |
STEALTH MOOSE | is a tool that will Disrupt target’s Window’s | Ready to fire (but see target restrictions). | [Tech Lead: ██████████ |
SUNBLOCK | Ability to deny functionality to send/receive | Tested, but operational limitations. | [Tech Lead: Section X; Expert User |
Swamp donkey | is a tool that will silently locate all | Ready to fire (but see target restrictions). | [Tech Lead: █████████████ |
TORNADO ALLEY | is a delivery method (Excel Spreadsheet) that | Ready to fire (but see target restrictions). | [Tech Lead: █████████████ |
UNDERPASS | Change outcome of online polls (previously known | In development. | [Tech Lead: Section X; Expert User |
VIPERS TONGUE | is a tool that will silently Denial of Service | Ready to fire (but see target restrictions). | [Tech Lead: Section X; Expert User |
WARPATH | Mass delivery of SMS messages to support an | Ready to fire. | JTRIG OSO |
Work Flow Management
Tool | Description | Contacts |
---|---|---|
HOME PORTAL | A central hub for all JTRIG Cerberus Tools | JTRIG Software Developers |
CYBER COMMAND CONSOLE | A centralised suite of tools, statistics and | JTRIG Software Developers |
NAMEJACKER | A web service and admin console for the | JTRIG Software Developers |
Analysis Tools
Tool | Description | Contacts |
---|---|---|
BABYLON | is a tool that bulk queries web mail addresses | JTRIG Software Developers |
CRYOSTAT | is a JTRIG tool that runs against data held in | JTRIG Software Developers |
ELATE | is a suite of tools for monitoring target use of | JTRIG Software Developers |
PRIMATE | is a JTRIG tool that aims to provides the | JTRIG Software Developers |
JEDI | JTRIG will shortly be rolling out a JEDI pod to | [Tech Lead: ██████████ |
JILES | is a JTRIG bespoke web browser. | [Tech Lead: ██████████ |
MIDDLEMAN | is a distributed real-time event aggregation, | JTRIG Software Developers |
OUTWARD | is a collection of DNS lookup, WHOIS Lookup and | JTRIG Software Developers |
TANGLEFOOT | is a bulk search tool which queries a set of | JTRIG Software Developers |
SCREAMING EAGLE | is a tool that processes kismet data into |
|
SLAMMER | is a data index and repository that provides | JTRIG Software Developers |
Databases
Tool | Description | Contacts |
---|---|---|
BYSTANDER | is a categorisation database accessed via web | JTRIG Software Developers |
CONDUIT | is a database of C2C identifiers for Intelligence | JTRIG Software Developers |
NEWPIN | is a database of C2C identifiers obtained from a | JTRIG Software Developers |
QUINCY | is an enterprise level suite of tools for the | [Tech Lead: ███████ |
Forensic Exploitation
Tool | Description | Contacts |
---|---|---|
BEARSCRAPE | can extract WiFi connection history (MAC and | [Tech Lead: ████████ |
SFL | The Sigint Forensics Laboratory was developed | [Tech Lead: ███████████████████████ |
Snoopy | is a tool to extract mobile phone data from a | [Tech Lead: ████████████ |
MobileHoover | is a tool to extract data from field forensics’ | [Tech Lead: ███████████████████████ |
Nevis | is a tool developed by NTAC to search disk images | [Tech Lead: ███████████████████████ |
Techniques
Tool | Description | Contacts |
---|---|---|
CHANGELING | Ability to spoof any email address and send email | JTRIG OSO |
HAVOK | Real-time website cloning techniques allowing | JTRIG OSO |
MIRAGE |
| JTRIG OSO |
SHADOWCAT | End-toEnd encrypted access to a VPS over SSH | JTRIG OSO |
SPACE ROCKET | is a programme covering insertion of media into | Tech Lead: ███████████████████████ |
RANA | is a system developed by ICTR-CISA providing | Tech Lead: ███████████████████████ |
LUMP | A system that finds the avatar name from a | JTRIG Software Developers |
GURKHAS SWORD | Beaconed Microsoft Office Documents to elicite a | JTRIG Software Developers |
Shaping and Honeypots
Tool | Description | Contacts |
---|---|---|
DEADPOOL | URL shortening service | JTRIG OSO |
HUSK | Secure one-on-one web based dead-drop messaging | JTRIG OSO |
LONGSHOT | File-upload and sharing website | JTRIG OSO |
MOLTEN-MAGMA | CGI HTTP Proxy with ability to log all traffic | JTRIG OSO |
NIGHTCRAWLER | Public online group against dodgy websites | JTRIG OSO |
PISTRIX | Image hosting and sharing website | JTRIG OSO |
WURLITZER | Distribute a file to multiple file hosting | █████████████████ |
Sidebar photo of Bruce Schneier by Joe MacInnis.