Documents obtained by CovertAction Magazine reveal how prolific Western government contractor Torchlight, staffed by British military and intelligence veterans, has covertly trained “commercial and government clients” the world over in Government Communications Headquarters’ (GCHQ) digital espionage and cyberwar strategies.
Cloak-and-dagger techniques to “discredit, disrupt, delay, deny, degrade, and deter” target adversaries and populations, honed for kinetic and psychological warfare and regime change overseas, have become a commodity, open for unregulated use by undisclosed private sector and state actors.
Central to these efforts was GCHQ journeyman Andrew Tremlett. While serving as Torchlight’s head of digital intelligence, he was “responsible for all programmes with a cross-cutting SIGINT [signals intelligence], cyber, electronic warfare or OSINT [open source intelligence] dimension.”
A leaked CV notes he spent more than 18 years toiling for British intelligence, “primarily” GCHQ. One of his key duties during this time was “[working] with international partners to assist in the formation and development of intelligence departments.” In other words, constructing analogs of MI5, MI6 and GCHQ abroad.
This activity reportedly paid a “great dividend not only” to the “host nation” in question, but also the British government, “by establishing an enduring intelligence sharing partnership” between the pair. However, Tremlett “spent a significant portion of his career” within GCHQ’s notorious Joint Threat Research Intelligence Group (JTRIG).
Exposed by NSA leaker Edward Snowden in 2014, this shadowy unit plays a “major part” in GCHQ’s activities, executing the agency’s most depraved operations.
This includes cyberattacks and propaganda efforts, such as pushing “mass messaging” against target countries, organizations, groups and individuals via social media platforms, with an emphasis on “unsavory information.”
“False-flag” connivances, in which JTRIG conducts malign actions designed to appear as if an adversary was responsible, is also a core component of the unit’s remit.
JTRIG was heavily involved in spreading pro-insurrectionary messaging during the Arab Spring, while attempting to overthrow Zimbabwe’s long-time ruler Robert Mugabe, and prevent Argentina taking over the Falklands.
In addition to establishing “strategic enduring relationships with foreign partners thereby expanding GCHQ’s potential delivery platform,” Tremlett provided “direct specialist intelligence support” to British special forces, including the SAS, in “counter-terrorism” and “counter insurgency.”
This placed him in charge of supporting “the most specialized and discreet areas of UK special forces operations.” Tremlett’s experience in these fields was duly harnessed by Torchlight as a major selling point, when pitching its training programs to “commercial and government clients.”
“Device Seizure”
Other leaked Torchlight documents offer candid insights into the firm’s training of “government clients,” clandestinely delivered on London’s dime. For example, from June 2019 to March 2020, the firm sought to enhance “the ability of evidence gathering agencies” by Jordan’s most secretive security and intelligence services, specifically in the field of “digital media exploitation.” Alumni learned “to effectively extract data from digital devices,” assisting domestic surveillance and prosecutions, while “[enabling] the sharing of evidence” between Amman and London.
Andrew Tremlett led the initiative. Project files note he was “instrumental in determining” Jordan’s “requirement” in the desired fields. After visiting the headquarters of Amman’s Public Security Directorate, the GCHQ journeyman “was able, through close collaboration, to review digital forensics documentation, conduct a physical site survey, observe digital forensic practices, and undertake an informal discussion with members of staff to gauge levels of skills [and] training, understanding and awareness.” This insider knowledge, it was forecast, would be “pivotal in delivering real change and capability improvement.”
Tremlett’s key takeout was Jordan’s digital forensics specialists were “satisfactorily equipped in terms of hardware…and software…but were not adequately trained to fully exploit the potential of the equipment they possess,” or utilize these resources “to enable UK-Jordan cooperation or evidence sharing.”
For example, Amman’s spooks use EnCASE, a court-approved digital forensics suite that can analyze, collect and preserve evidence gleaned from digital devices. Likewise, Jordan’s spying apparatus employs FTK, capable of uncovering hidden or deleted data, including browsing history, from hard drives and smartphones.
Most disquietingly, Amman’s intelligence apparatus also enjoy access to Cellebrite. Controversies surrounding the Israeli-created “forensics” tool have abounded ever since its 2007 launch. The firm has dispatched representatives to Saudi Arabia to hack into smartphones.
Cellebrite’s technology frequently supports prosecutions of dissidents in Bahrain, presaging their detentions, torture, and extended imprisonment on political charges. In 2017 and 2018, Cellebrite assisted the Western-backed government of Myanmar’s persecution of Reuters reporters, who revealed state-directed genocidal attacks on the country’s Rohingya population.
Such scandals have been no deterrent to Western governments widely adopting the company’s technology. It is evident British police, security and intelligence agencies are no exception. The leaks record how Tremlett is an expert in Cellebrite’s use. His “significant” experience in the field would purportedly provide Jordan “additional perspective of digital exploitation and how intelligence gained from device seizure and analysis can enhance and drive the intelligence cycle and enrich other intelligence sources,” such as “open source” spying.
That Amman was covertly taught GCHQ’s darkest arts is disturbing. It is an imprisonable offense to criticize the country’s ruler, King Abdullah II—a member of the Hashemite dynasty installed by the British following World War I, and British Army veteran—or state officials and institutions. Countless individuals rot in jail for mild condemnation of Amman’s ruling elite online. Journalists at home and abroad perpetually walk on eggshells, liable for arrest and imprisonment if they publish “fake news” about Jordan’s government.
Repression in Jordan ratcheted up significantly in the wake of the Gaza genocide’s eruption. By April 2024, at least 1,500 people had been arrested for participating in Palestine solidarity protests. Many activists were targeted under Amman’s widely criticized Cybercrime Law, which criminalizes political speech on social media. In 2021 alone, the year after Torchlight’s training ended, there were 6,605 separate prosecutions under the sweeping legislation. More recent figures are unavailable.
“Online Behaviour”
In this context, it is noteworthy that Tremlett’s GCHQ position focused heavily on “counter-terrorism” and “counter insurgency.” Leaked slides of a 2012 JTRIG presentation offer some examples of how the unit targeted overseas opponents in this manner.
Indeterminate “Iran work” was opaquely cited as a successful example of “blog-writing” efforts. “Significantly disrupting” the Taliban by bombarding the group with a “blizzard” of text messages, calls and faxes, while deleting its members’ “online presence,” was likewise venerated. The latter approach was praised as “very annoying!!”
Tremlett’s expertise in “seized media exploitation” as a result of his JTRIG service also raises questions about what “commercial and government clients” are truly being taught by Torchlight.
The leaked JTRIG presentation makes repeated references to planting information on “compromised” target devices, including “potential ‘damming’ [sic] information, where appropriate.” Cellebrite of course allows end users to break open captured smartphones and computers. The ease with which falsely incriminating data could be placed in seized devices is evident.
Elsewhere, the presentation sets out methods to “discredit a target.” First and foremost: “set up a honey trap…a great option…very successful when it works…get someone to go somewhere on the internet, or a physical location to be met by a ‘friendly face.’”
JTRIG has the ability to “shape” the environment on occasion. Other options included changing a target’s “photos on social networking sites,” writing a blog post “purporting to be one of their victims,” and emailing or texting “their colleagues, neighbours, friends etc.”
A separate leaked document on JTRIG’s operations notes the unit is engaged in “uploading YouTube videos containing ‘persuasive’ communications…setting up Facebook groups, forums, blogs and Twitter accounts that encourage and monitor discussion on a topic…Establishing online aliases/personalities who support the communications or messages in YouTube videos, Facebook groups, forums, blogs etc…Establishing online aliases/personalities who support other aliases.” JTRIG also sets up “spoof trade sites…that may take a customer’s money and/or send customers degraded or spoof products.”
Furthermore, the document provides examples of JTRIG’s online human intelligence endeavors. Such initiatives “typically involve establishing an online alias/personality who has a Facebook page, and membership of relevant web forums.”
These false personae then “befriend” a target in order to spy on them, or influence their behavior. “Interactions with the target may be informed” by a combination of signals intelligence, “monitoring of the target’s online behaviour,” and intelligence gathered by MI6 “on-the-ground.” Online interactions can in turn “facilitate [MI6] contact” in real life.
In detailing JTRIG’s “counter-terror” initiatives targeting Muslims at home and abroad, and Irish republicans, the unit was reportedly involved in “disrupting the dissemination of extremist material over the internet; discrediting extremist sites and individuals/groups; conducting online [human intelligence]; and hosting extremist sites” in order to entrap individuals in an astroturf dragnet. Tremlett’s role in tutoring Torchlight’s corporate and governmental clients in tricks of the “electronic warfare” trade suggests these strategies are now far from JTRIG’s unique preserve.
In the process, untold parties now possess the technology and insight to replicate JTRIG’s chaos-wreaking specialties on their own rivals, adversaries and populations, without oversight or public cognizance.
It is all but inevitable that countries such as Jordan, if not many others, have employed the unit’s techniques to ensnare Palestine solidarity activists, and other troublesome “enemies within.” Little will victims know the trail of their repression leads straight back to London, courtesy of Torchlight.
CovertAction Magazine is made possible by subscriptions, orders and donations from readers like you.
Blow the Whistle on U.S. Imperialism
Click the whistle and donate
When you donate to CovertAction Magazine, you are supporting investigative journalism. Your contributions go directly to supporting the development, production, editing, and dissemination of the Magazine.
CovertAction Magazine does not receive corporate or government sponsorship. Yet, we hold a steadfast commitment to providing compensation for writers, editorial and technical support. Your support helps facilitate this compensation as well as increase the caliber of this work.
Please make a donation by clicking on the donate logo above and enter the amount and your credit or debit card information.
CovertAction Institute, Inc. (CAI) is a 501(c)(3) non-profit organization and your gift is tax-deductible for federal income purposes. CAI’s tax-exempt ID number is 87-2461683.
We sincerely thank you for your support.
Disclaimer: The contents of this article are the sole responsibility of the author(s). CovertAction Institute, Inc. (CAI), including its Board of Directors (BD), Editorial Board (EB), Advisory Board (AB), staff, volunteers and its projects (including CovertAction Magazine) are not responsible for any inaccurate or incorrect statement in this article. This article also does not necessarily represent the views the BD, the EB, the AB, staff, volunteers, or any members of its projects.
Differing viewpoints: CAM publishes articles with differing viewpoints in an effort to nurture vibrant debate and thoughtful critical analysis. Feel free to comment on the articles in the comment section and/or send your letters to the Editors, which we will publish in the Letters column.
Copyrighted Material: This web site may contain copyrighted material the use of which has not always been specifically authorized by the copyright owner. As a not-for-profit charitable organization incorporated in the State of New York, we are making such material available in an effort to advance the understanding of humanity’s problems and hopefully to help find solutions for those problems. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. You can read more about ‘fair use’ and US Copyright Law at the Legal Information Institute of Cornell Law School.
Republishing: CovertAction Magazine (CAM) grants permission to cross-post CAM articles on not-for-profit community internet sites as long as the source is acknowledged together with a hyperlink to the original CovertAction Magazine article. Also, kindly let us know at info@CovertActionMagazine.com. For publication of CAM articles in print or other forms including commercial internet sites, contact: info@CovertActionMagazine.com.
By using this site, you agree to these terms above.
About the Author
Kit Klarenberg is an investigative journalist exploring the role of intelligence services in shaping politics and perceptions.
Follow him on Twitter @KitKlarenberg.
