The British spy agency GCHQ secretly waged war against the hacker collective Anonymous a few years ago, according to documents taken from the NSA by Edward Snowden and revealed late Tuesday by NBC. At the time, certain members of Anonymous were themselves waging war against British government institutions and various companies.
Judging by a presentation (PDF) put together by GCHQ itself for a 2012 conference, a previously undisclosed unit called the Joint Threat Research Intelligence Group (JTRIG) launched distributed denial-of-service (DDoS) attacks against Anonymous chat rooms and used messaging services such as Facebook(s fb) and Skype(s msft) to individually address and scare off the chatrooms’ users. JTRIG agents also infiltrated the chatrooms in order to gather evidence against certain hacktivists who were subsequently imprisoned.
Although it was a turbulent time for online attacks, many if not most of those affected by JTRIG’s “Rolling Thunder” program would have been guilty of little more than online activism. Perhaps as importantly, this is the first time we have seen DDoS tactics used by a western state actor – this is the sort of tactic one expects to see coming out of China or Russia.
Back to the wars
Anonymous and its sometimes-partner LulzSec were, in the summer of 2011, angry about several things. The first big issue was the prosecution of U.S. soldier Chelsea (then Bradley) Manning for leaking reams of documents to Wikileaks. In an operation called Payback, PayPal(s ebay) and various credit card companies were targeted by Anonymous for refusing to process Wikileaks donations. The other major strand of the hackers’ anger stemmed from copyright issues.
LulzSec hacked major entertainment firms, the U.K. National Health Service, the CIA and the U.S. Senate, and in a joint “AntiSec” operation with Anonymous the group also hacked the British FBI, the Serious Organised Crime Agency (SOCA). GCHQ itself also became a target.
LulzSec was a relatively small outfit — fewer than a dozen core members — and Anonymous a larger but very loose collective, with many “members” who were more interested in activism than attacks. A hard core of members, however, were into DDoS and other malicious methods, and JTRIG appears to have been behind the jailing of a few of them.
One, Edward Pearson of York in northern England, went by the name of GZero. He was sentenced to 26 months for stealing millions of identities and information from 200,000 PayPal accounts (and using stolen credit card identities to buy hotel stays and pay his phone bills, though only to the tune of £2,351).
A teenager called Jake Davis was arrested in Shetland Islands to the north of Scotland. Using the name Topiary, Davis was LulzSec’s spokesman – he was sentenced to 24 months in a youth detention center, though he only served 5.
Crossing the line?
The irony of JTRIG’s activities is that they probably contravene the same legislation used to nail Davis and others, the Computer Misuse Act of 1990. DDoS attacks are illegal, for good reason.
A DDoS attack often involves flooding the target’s systems with connection requests until it simply can’t cope and effectively shuts down. In the case of the Anonymous chatrooms, this would also take out the servers hosting the chatrooms, which were probably hosting other websites too.
Then there’s the targets’ overall nature to consider. While a few were certainly engaged in illegal activity, with one or two crossing into fraudulent territory, many weren’t. Most were probably just kids with a cause.
The NBC piece quotes academic Gabrielle Coleman, an expert on Anonymous, as saying most people in those IRC chatrooms were there “primarily for ordinary political expression.” It also quotes former White House cyber security official Jason Healey as saying DDoS tactics should only be used against other countries, and that for a major intelligence agency to spend this much time chasing teenagers “justifies them and is demeaning to our side.”
Even one of the former LulzSec hackers, Mustafa “T-Flow” Al-Bassam, who was just 16 at the time and only received a suspended sentence and a 2-year internet ban, was taken aback by the new revelations:
As I stated, I strongly suspected that these tactics were used by GCHQ since half a year ago, but GCHQ DDoSing IRC is just something else.
— Mustafa Al-Bassam (@musalbas) February 5, 2014