GCHQ apparently worked on methods to increase website hits, send repeated text messages and find private pictures of targets on Facebook.
According to a release by whistleblower Edward Snowden, some of the schemes are listed as being operational while others are said to be still at the design, development or pilot stages. In a statement, GCHQ told BBC News that it was not at fault, and its policy was not to comment on intelligence matters.
“Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee.”
The tools, which carry names such as Bomb Bay, Glitterball, Spring Bishop and Swamp Donkey, also aid in changing the result of online polls, extract a computer’s wi-fi connection history and collect information from social networks.
Andrey Dulkin, senior director of cyber innovation at CyberArk, said: “The latest revelations from Snowden show the extent and longevity of damage that can be done from compromised privileged accounts. Regardless of whether companies agree with Snowden’s actions or political motivations, they should take notice of this latest revelation, and realise the damage that could be done to their own organisation and customer base, if a privileged account was to be compromised.
“There may only be a few accounts within an organisation that have the level of authority that could wreak the havoc Snowden was able to, but it is absolutely critical that these are protected.”