BRITISH INTELLIGENCE established its own URL shortening service in a bid to track activists during the recent-ish 'Arab Spring' and as a way to distribute nasty malware to people they wanted to hack.
GCHQ's covert Joint Threat Research Intelligence Group (JTRIG) created lurl.me in 2009 as a way to disseminate propaganda during the presidential elections in Iran that year. This allowed them to identify and track activists clicking on the links.
It also proved to be a handy 'campaign management' tool for tracking the success, or otherwise, of links to articles and other propaganda published via GCHQ's many shonky social media accounts.
The suggestion was made by Mustafa al-Bassam, aka 'tFlow', co-founder of the LulzSec hacking 'crew'. JTRIG, according to Al-Bassam, attempted to influence the presidential elections in Iran in 2009 and boost the revolutionary movement in Syria in 2011.
His claims are based on first-hand experience at the sharp end of a JTRIG operation as a member of LulzSec, as well as information contained in documents leaked by NSA whistleblower Edward Snowden.
The lurl.me service was started in 2009 and discontinued in 2013 after the Snowden disclosures blew the gaffe on many of GCHQ's iffier activities. Al-Bassam, meanwhile, shifted in March from hacking to the rather more highly remunerated pastures of consulting.
Al-Bassam also claimed that GCHQ used the lurl.me service in a variety of covert operations, typically as a hook to mask links to malicious sites that exploited flaws in web browsers and other software to download malware onto targets' PCs.
The hacker-turned-consultant claimed that a fellow hacker going by the name of 'P0ke' was compromised in this way.
However, its initial focus was the Iran elections in 2009 and the early stages of the uprising in Syria in 2011.
GCHQ used a number of Twitter accounts to disseminate information via the lurl.me URL shortener, Aaccording to al-Bassam's research, the Twitter accounts typically tweeted only between 9am and 5.30pm UK time.
Presumably, it didn't tweet during weekends, bank holidays or between 24 December and 2 January either, and knocked off early on Friday afternoon at around 'beer o'clock'.
The Twitter account and associated lurl.me links promoted, in particular, two booby-trapped proxies for Syrians to use when the country's government blocked the internet.
"Al-Bassam makes the connection between these proxies and the GCHQ Molten-Magma hacking tool, a CGI HTTP proxy with the ability to log all traffic and perform HTTPS man-in-the-middle attacks, snooping on encrypted traffic," according to one report.
The Arab Spring broke out in Tunisia in 2010 and spread rapidly to other countries in the Middle East, including Libya, Egypt and Syria.
The protests focused initially on corruption and the erosion of democracy, but the instigator was rising food prices in 2009 and 2010 that dramatically eroded many people's real earnings. µ
You're not the voice, try and understand it
Not 'Appy bunnies
News reaches us, per Plex