A top British intelligence agency launched cyberattacks against the hacktivist collective Anonymous, according to a NBC News report Tuesday based on a leak from former National Security Agency whistleblower Edward Snowden.
The documents also revealed the existence of the Joint Threat Research Intelligence Group (JTRIG), a covert division of the Government Communications Headquarters Communications (GCHQ), one of Britain’s top intelligence agencies.
In September 2012, JTRIG launched distributed denial of service (DDoS) attacks against Anonymous and LulzSec, the notorious hacker crew responsible for a high-profile hack of Sony Pictures, according to PowerPoint slides provided by NBC News. The slides were reportedly created for a 2012 NSA conference called SIGDEV (or signals intelligence development).
In one slide, JTRIG claims it used DDoS attacks—referred to as “Rolling Thunder”—and other methods to scare away 80 percent of the traffic from the Internet Relay Chat (IRC) used by the groups. A purported screenshot of a chat room conversation shows hacktivists who unwittingly cooperated with the JTRIG. Undercover JTRIG agents reportedly infiltrated IRC chat rooms utilized by Anonymous for planning cyberattacks.
“It’s not what you should be doing,” a former top White House cybersecurity official told NBC News, responding to the use of DDoS attacks. “It justifies [Anonymous]. Giving them this much attention justifies them and is demeaning to our side.”
Indeed, Jake Davis, one of the hackers mentioned by the documents, failed to see the distinction between his actions and those of the GCHQ.
“I plead guilty to two counts of DDoS conspiracy and to my face these GCHQ bastards were doing the exact same thing.”
I plead guilty to two counts of DDoS conspiracy and to my face these GCHQ bastards were doing the exact same thing – https://t.co/Y4vo1qeN4I
— Jake Davis (@DoubleJake) February 5, 2014
Davis, formerly known as topiary, is a former member of LulzSec who pled guilty to computer crimes in 2013. He was released for time served just over a month later.
Chris Weatherhead, another hacker charged with launching DDoS attacks by the British government, also spoke out on Twitter, highlighting the irony of his own conviction. In 2010, Weatherhead, a.k.a. Nerdo, hosted an IRC chat room used during the so-called Operation Payback, a series of Anonymous cyberattacks against PayPal, and other companies, that were responsible for freezing financial donations intended for WikiLeaks—reportedly at the request of the U.S. State Department. In December 2012, Weatherhead was convicted of “conspiracy to impair the operation of computers.”
My Government used a DDoS attack against servers I owned, and then convicted me of conducted DDoS attacks. Seriously what the fucking fuck?
— Chris Weatherhead (@CJFWeatherhead) February 5, 2014
In response to the leak, GCHQ issued its own statement defending the actions of JTRIG: “All of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position.”
“That GCHQ agents were on the chat rooms offering out news links that may have functioned as honeypots is not surprising,” Coleman told the Daily Dot. “Their use of [DDoS] to knock off the entire communication infrastructure which is used for legitimate dissent is unacceptable and a perfect example of government hypocrisy at work.”