State infiltration and attempted disruption of activist websites

Posted on Posted in Uncategorized

New revelations published in an excellent article in today’s Schnews show police and/or government employees actively disrupting activist websites, posting comments designed to “sow mistrust, demoralise movements and to incite violence and illegality”.

We understand well over one hundred posts have been made to Indymedia UK, the activists open publishing news website, made by anonymous posters hiding behind the ‘303 gateway’ – part of the Government Secure Intranet (GSI). The GSI was set up to provide secure communications between government bodies, but appears also to be used to hide the origin of defamatory, misleading and malicious comments made on a number of activist websites.

Fitwatch has also been the target of posts from IP: 62.25.109.196, gateway-303.energis.gsi.gov.uk, leading to serious questions regarding how many political sites and blogs have been targeted.

Some posts have been deliberately provocative and divisive. One bleated, “Still a bit worried about the FITWATCH policy – is ALL fit activity to be opposed? Or is it only that we disagree with – hence not opposing FIT activity against the EDL?”

Other comments have publicised legal action taken against Fitwatch activists, presumably in an attempt to undermine our support. During one case, three people convicted for obstructing police cameras found the news of the verdict posted before they had even left court. Similarly, a Fitwatch activist deported from Copenhagen after being caught up in the mass (unlawful) preventative arrests during the COP 15 protests, had the news – along with her name – posted on the then unmoderated site from the 303 gateway address. The post was removed by Fitwatch in order to protect her privacy.

The latest comment from gateway 303 on Fitwatch, on 20 December 2010, crows that some of the Ratcliffe defendants – subjects of surveillance by undercover cop, Mark Kennedy – had been found guilty of conspiracy to commit aggravated trespass, and asks people to change/retract their comments.

The content and style of the posts, on both sites, strongly suggests they are part of a campaign of disruption by the police and home office, aimed at protest groups. The three ‘domestic extremism’ units, currently headed up by ACPO, are known to have several ‘disruption’ techniques in their armoury, including the use of undercover police officers. Given much protest organising and discussion now occurs over the internet, it is logical the same tactics of disruption and manipulation used by undercover operatives in activist meetings and communities is extended to internet debates.

Although the exact origin of these posts is unknown, we strongly suspect the ACPO domestic extremism units are behind them – and at least one was signed NETCU. However, given the cloaking nature of the gateway, there may be other police and government units involved in the monitoring and disruption of ‘extremist’ websites like Indymedia and Fitwatch

Clearly the state feels able to act without restraint when dealing with political activism and dissent. Increasingly protest activity is being treated in a similar way to terrorist activity – extremism that must be monitored, and disrupted. We must be vigilant to these attempts at subversion and develop strategies to deal with them. We are still investigating how many sites have been targeted by the gateway – please get in touch if you have further examples and we will collate the information.

We’d love to know the origin of these posts, who wrote them, and what the objectives of the operation were. Anyone from NCDE care to respond?

16 thoughts on “State infiltration and attempted disruption of activist websites

  1. There’s always the possibility that it’s just bored cops trolling the comments on indymedia for a laugh between donuts.

  2. There’s always the possibility that it’s just bored cops trolling the comments on indymedia for a laugh between donuts.

  3. From my understanding, GSI is used by many public services from police to local councils to the criminal justice system to the Health and Safety Exec… It is simply the public service’s ISP. It is more than likely that some bored government employees somewhere are trolling. The police use 3G sticks and normal consumer internet subscriptions for any operational internet work (even stuff on Facebook etc where the end user does not see the IP of a profile).

  4. Yeah, cops who knew the details of convictions within minutes of them happening. Who knew the names and personal details of Fitwatch activists.

    Not suggesting that every cop posting comments on this blog or Indymedia was part of a big conspiracy. Just that someone, somewhere is doing this as part of their day job.

  5. “It is simply the public service’s ISP”

    Not according to the diagram on this page. GSI is for Central Government Departments, and “Criminal Justice organisations” have CJIT. This would strongly suggest that it is a centralised body and most likely NETCU bearing in mind who is targeted.

  6. http://whois.domaintools.com/62.25.109.196

    [Querying whois.ripe.net]
    [whois.ripe.net]
    % This is the RIPE Database query service.
    % The objects are in RPSL format.
    %
    % The RIPE Database is subject to Terms and Conditions.
    % See http://www.ripe.net/db/support/db-terms-conditions.pdf

    % Note: this output has been filtered.
    % To receive output for a database update, use the “-B” flag.

    % Information related to ‘62.25.96.0 – 62.25.111.255′

    inetnum: 62.25.96.0 – 62.25.111.255
    netname: E2-EWFD-WEB1
    descr: Energis UK
    descr: Watford Datacentre
    country: GB
    admin-c: RADM1-RIPE
    tech-c: RADM1-RIPE
    status: ASSIGNED PA
    mnt-by: ENERGIS-MNT
    source: RIPE # Filtered

    role: RIPE Admin
    address: Energis UK
    address: Melbourne Street
    address: Leeds, LS2 7PS
    address: United Kingdom
    phone: +44 113 2345100
    abuse-mailbox: abuse@energis.com
    admin-c: DS3356-RIPE
    admin-c: DOM12-RIPE
    tech-c: DS3356-RIPE
    tech-c: MG10145-RIPE
    tech-c: DOM12-RIPE
    tech-c: JO361-RIPE
    tech-c: AB14382-RIPE
    tech-c: DANV1-RIPE
    nic-hdl: RADM1-RIPE
    remarks: Abuse reports to abuse@energis.com please!
    remarks: No actions are taken on abuse reports sent to RIPE admins.
    mnt-by: ENERGIS-MNT
    source: RIPE # Filtered

    % Information related to ‘62.25.64.0/18AS5388′

    route: 62.25.64.0/18
    descr: Energis UK
    origin: AS5388
    mnt-by: ENERGIS-MNT
    source: RIPE # Filtered

  7. Having done a search of comments posted on a blog I moderate for posts from that IP, I found none. However I did find some for IP addresses close to that (1 to 3 digits different at the end and with similar whis and dns trace info. As it happens, I’m pretty confident that I know the identity of one person posting, that they are a low-level public sector employee based in Scotland, and that they are not a provocateur of any kind (though mildly trollish on occasion). So I conclude that speculation about posts from this domain are probably wide of the mark.

  8. Obviously criminal justice departments have CJIT/Police Network for some stuff yes (i.e. communicating across the UK). They also use GSI…

    The bog standard internet is provided by GSI whilst anything more work related is handled locally (within the organisation) or by national secure networks. Anyone from the cleaner at a police station to an executive at the council goes through GSI’s gateway to look at google.com… The point being it could either be NECTU stirring or just some bored PCSO trolling on their lunch break (or both!)

    What I’m basically saying is that this is a non-story – GSI has been around for ages, it provides real-world IP (internet) services to government. I don’t see how someone posting some troll material from work (anywhere within the public sector) has been turned into ‘Ohhhh noooooos the big evil government…’

  9. I think that as has already been pointed out, anonymous, that some of the information could only have been known by police officers dealing with individual activists at the time posted. In one case the arrests of 4 activists in custody was on Indy'(and was written in a way which would have hindered them greatly if not hidden) before even their lawyers, let alone anyone else, were informed. There are many other examples. News that a certain group were at the G20 protests found its way onto an anti animal rights site (which also uses gsi) and this could only have come from FIT or undercover officers. Of course it is entirely possible that a bored PCSO trolls in her lunch break, disgruntled activists are also known to troll and so are others which muddies the waters a bit BUT the fact is that people are paid to watch certain sites and cause as much disruption as possible. The sheer scale of it would mean that plod would have to spend lots of time watching and posting too much for the odd lunch break. To add in my NPIOU file (obtained under the DPA) there are mant references to what I have posted and commented on Indymedia. Now then multiply that by 2000 and the wide range of activists from animal rights to environmentalists, to students to the EDL and you can make an educated guess that there is enough work there to keep a few cops sat at a desk all day playing silly buggers on the internet (unless I am really special and they only look at me…which I doubt very much).

Leave a Reply

Your email address will not be published. Required fields are marked *