GCHQ attacked LulzSec, Anonymous: Snowden papers
British spy agency launched denial-of-service attacks on chatrooms, claim leaked documents
Britain's GCHQ launched denial-of-service (DoS) attacks against Internet relay chat (IRC) channels used for communication by cyber collective Anonymous and its elite-hacker offshoot LulzSec, online media reported.
The reports cite an NBC News report, which is based on papers from the cache of leaked documents supplied to media by former NSA contractor Edward Snowden.
A DoS attack uses a single computer to continuously send data packets to another in an effort to take the target machine offline. The Anonymous movement grabbed headlines in 2010 for launching Operation Payback, where it used a distributed DoS (DDoS) attack (using thousands of computers, some using manual flooding tools and others conjoined in botnets) against PayPal and Mastercard. The attack was in retaliation for the payment companies' deactivation of accounts for Julian Assange's Wikileaks.
The Snowden papers reveal that in September 2011, British security operatives from a GCHQ unit known as the Joint Threat Research Intelligence Group (JTRIG) carried out Operation Rolling Thunder, where IRC channels were taken offline. While some confusion exists in the documents over whether this was a DDoS attack or a DoS attack, some disgruntled Anons who controlled botnets have in the past been accused of launching DDoS attacks against Anonymous IRC channels and websites.
The GCHQ revelations have raised concerns among activists and security researchers.
"There is no legislation that clearly authorises GCHQ to conduct cyber attacks," said Eric King, head of research for Privacy International.
"So, in the absence of any democratic mechanisms, it appears GCHQ has granted itself the power to carry out the very same offensive attacks politicians have criticised other states for conducting."
Continues on next page>>
Anonymous' activities culminated in an elaborate hack of US security consultancy firm HBGary Federal after its CEO, Aaron Barr, sought to "dox" (reveal the identities of) what he thought were the ringleaders of the cyber cabal. Elite hackers Sabu (eventually an FBI informant) and Kayla, along with Anonymous' main public voice, Jake "Topiary" Davis, and others, went on to found LulzSec, a group which targeted, among others, London's Serious and Organised Crime Agency (SOCA) and the US Central Intelligence Agency.
GCHQ's attacks occurred just three months after the SOCA attack, but it is unclear whether there is a link between the two.
"We have to remember that cyber-spooks within GCHQ are equally if not more skilled than many black hat hackers, and the tools and techniques they are going to use to fight cybercrime are surely going to be similar to that of the bad guys," said Andrew Miller, chief operating officer at Corero Network Security.
"Legally, we enter a very grey area here, where members of Lulzsec were arrested and incarcerated for carrying out DDoS attacks, but it seems that JTRIG are taking the same approach with impunity."
One of those convicted was LulzSec's Jake Davis who has expressed anger at the Snowden papers' revelations.
"I plead guilty to two counts of DDoS conspiracy and to my face these GCHQ b******s were doing the exact same thing," he tweeted.