Skip to content

GCHQ’s Cyber Offensive: Online Covert Action

Edward Snowden’s revelations have rocked the intelligence and security establishment. So far, the majority of the whistle-blower’s leaked documents have focussed on mass surveillance. This is an incredibly important topic and has ignited a global debate (although strangely muted in the UK) about the relationship between security and liberty.

Surveillance, or information-gathering, is, however, only one aspect of the intelligence community’s work. The other is the active, but deniable, shaping of international events – known as covert action.

American broadcaster NBC recently published two fascinating documents about GCHQ’s covert action in cyberspace. These shed new light on British approaches to covert action today and yet commentators, as with much of Snowden’s revelations, stop short of placing the details in their broader and historical context.

The first document, from 2012, describes GCHQ’s cyber operations. It offers a riveting “how to” guide to certain covert actions which reads more like the pages of a modern day espionage thriller. To give just one example:

‘How to discredit a target:

  • Set-up a honey-trap
  • Change their photos on social networking sites
  • Write a blog purporting to be one of their victims
  • Email/text their colleagues, neighbours, friends etc.’

 Meanwhile to prevent a target from communicating, it recommends sending text messages every 10 seconds or so, bombarding the targets with phone calls, and deleting their online presence.

The second document, from 2010, covers proposals for operations, including how to monitor diplomats in SIGINT-friendly hotels and how to ‘push’ certain stories on social media.

 How do these documents relate to British approaches to covert action more broadly?

 1)      They show simply that Britain does covert action. This has long been seen as a predominantly American preserve. Moreover, they tell us that Britain uses the term “covert action”. Traditionally, this has been seen as an American phrase for which the British translation is “special operations” or “special political action”. Clearly this is no longer the case. This is not simply an instance of recent Americanisation, however. Top secret British documents have referred to “covert action” since the end of the Second World War.

 2)      They reveal that GCHQ has moved into covert action – traditionally the realm of MI6. Indeed, the documents reveal how online covert action, or ‘effects’, constitutes 5% of GCHQ’s activity. This idea ties in with Defence Secretary Philip Hammond’s recent announcement of a cyber-strike force.

 3)      The leak shows that traditional espionage tradecraft remains alive and well in the twenty-first century – but has been given a cyber-twist. Honey-traps, for example, are still being used (apparently to good effect). As are false flag operations – where an intelligence agency conducts an action purporting to be someone else (see bullet 3 above). Similarly, intelligence agencies have long sought to discredit targets. In the early Cold War, MI6 discussed ways to discredit communist leaders behind the Iron Curtain by spreading rumours, planting evidence, or even using stink bombs! The essence of intelligence is not changing, just the means of execution.

 4)      Disruption remains an important part of Britain’s approach to covert action. Throughout much of the second half of the twentieth century, British covert action involved discrediting Communist and nationalist leaders, undermining loyalty to unfavourable regimes, and the odd attempt at a Middle Eastern coup. Since the 1970s (in Northern Ireland), but especially the 1990s, however, covert action has moved towards disruption operations aimed at disrupting both terrorist movements and the proliferation of weapons of mass destruction. Nowadays, disruption takes the form of viruses, Denial of Service attacks, and blitzing Taleban mobile phones.

5)      The documents imply GCHQ is going on the cyber offensive. Traditionally, British covert action has been framed in terms of counter-attack. This is not mentioned in these documents, but Hammond emphasised the importance of a ‘dedicated capability to counter-attack in cyber space’. The first wave of covert action authorised against the Soviets was wrapped up as a ‘counter-attack’. Efforts to hold back the rise of nationalism in the Middle East were deemed ‘counter-subversion’. Psychological operations against the IRA were seen as ‘counter-action’.

GCHQ’s action is simply the latest in a long line of British secret activity.

 Rory Cormac is currently working on projects examining the relationship between Prime Ministers and covert action as well as British approaches to covert action since 1945.

 Follow Rory on Twitter: @RoryCormac

Published inIntelligenceSecret Intelligence and Covert Action


  1. Pretty section of content. I just stumbled upon your blog and in accession capital to assert that I get in fact enjoyed account your blog posts. Any way I’ll be subscribing to your feeds and even I achievement you access consistently fast.|

  2. Frankly, I guess such articles should be printed more and more because of the current
    circumstance and contemporary demands of the Millenials.
    I read them to find some fresh info that will correspond to your own requirements.

Leave a Reply

Your email address will not be published.