Top Secret GCHQ Hacker Team Engaged in Nefarious Web Attacks
Among the methods used by the British spy agency were jamming communication lines and masquerading as an enemy in "false flag" operations
In his latest reporting based on leaked documents by Edward Snowden, journalist Glenn Greenwald, along with colleagues at NBC News, revealed Wednesday that British intelligence officials at GCHQ used a top secret team of government hackers to infiltrate hacktivist groups like Anonymous and Lulzsec and went so far as to level a 'denial of service' (DDOS) attack in order to disrupt their operations.
The revelations, which the GCHQ did not deny, would make "the British government the first Western government known to have conducted such an attack" against a rogue, non-state actor.
While the GCHQ and government officials defend the practice, critics say that the government's use of the very tactics they claim to being trying to stop creates a "slippery slope" for law enforcement and that shutting down networks with DDOS style assaults punishes thousands of people for the alleged misbehavior of a few.
Anonymous, Lulzsec, and a handful of other hacker collectives have promoted the idea of challenging government and corporate wrongdoing in recent years by infiltrating the digital networks of agencies and companies they accuse of abusive practices or anti-democratic inclinations. While some of their acts of digital dissidence are clearly protest oriented, the government has lumped the behavior of criminal hackers in with the larger groups as the shadowy—and yes, anonymous—world of hacking blurs the lines of who is who in the online world.
The documents obtained by NBC revealed the existence of GCHQ's Joint Threat Research Intelligence Group (or JTRIG), the existence of which had never been previously disclosed publicly, and that this group "boasted of using the DDOS attack – which it dubbed Rolling Thunder" in 2011 against chat rooms thought to be frequented by the hacking community.
According to NBC: "Intelligence sources familiar with the operation say that the British directed the DDOS attack against IRC chat rooms where they believed criminal hackers were concentrated. Other intelligence sources also noted that in 2011, authorities were alarmed by a rash of attacks on government and corporate websites and were scrambling for means to respond."
The report continues:
In 2011, members of the loose global collective called Anonymous organized an online campaign called “Operation Payback” targeting the pay service PayPal and several credit card companies. Some hacktivists also targeted U.S. and British government websites, including the FBI, CIA and GCHQ sites. The hacktivists were protesting the prosecution of Chelsea Manning, who took thousands of classified documents from U.S. government computers, and punishing companies that refused to process donations to WikiLeaks, the website that published the Manning documents.
The division of GCHQ known as JTRIG responded to the surge in hacktivism. In another document taken from the NSA by Snowden and obtained by NBC News, a JTRIG official said the unit’s mission included computer network attacks, disruption, “Active Covert Internet Operations,” and “Covert Technical Operations.” Among the methods listed in the document were jamming phones, computers and email accounts and masquerading as an enemy in a "false flag" operation. The same document said GCHQ was increasing its emphasis on using cyber tools to attack adversaries.
In the presentation on hacktivism that was prepared for the 2012 SIGDEV conference, one official working for JTRIG described the techniques the unit used to disrupt the communications of Anonymous and identify individual hacktivists, including some involved in Operation Payback. Called “Pushing the Boundaries and Action Against Hacktivism,” the presentation lists Anonymous, Lulzsec and the Syrian Cyber Army among “Hacktivist Groups,” says the hacktivists’ targets include corporations and governments, and says their techniques include DDOS and data theft.
Under “Hacktivism: Online Covert Action,” the presentation refers to “Effects Operations.” According to other Snowden documents obtained by NBC News, “Effects” campaigns are offensive operations intended to “destroy” and “disrupt” adversaries.
But critics interviewed by NBC said the use of such tactics is an example of government overreach and overkill.
“Targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs,” said Gabriella Coleman, an anthropology professor at McGill University and author of an upcoming book about Anonymous. “Some have rallied around the name to engage in digital civil disobedience, but nothing remotely resembling terrorism. The majority of those embrace the idea primarily for ordinary political expression.” Coleman told NBC that he estimated that the number of Anonymous hackers engaged in "illegal activity was in the dozens, out of a community of thousands."
Coleman added, “Punishing thousands of people, who are engaging in their democratic right to protest, because a couple people committed vandalism is … an appalling example of overreacting in order to squash dissent.”
And Jason Healey, a former top White House cyber security official under George W. Bush, called the British government’s DDOS attack on Anonymous “silly" as he questioned both the time and energy spent by government agencies chasing hackers.
“This is a slippery slope,” said Healey. “It’s not what you should be doing. It justifies [Anonymous]. Giving them this much attention justifies them and is demeaning to our side.”