UK spy agency GCHQ used denial-of-service (DoS) attacks against hacktivist group Anonymous, according to documents...
leaked by US National Security Agency (NSA) whistleblower Edward Snowden.
Andrew Miller, chief operating officer at Corero Network Security, said it is not surprising UK cyber spies used a common hacktivist technique against Anonymous.
“We have to remember that cyber spooks in GCHQ are equally if not more skilled than many black-hat hackers, and the tools and techniques they are going to use to fight cyber crime are surely going to be similar to that of the bad guys,” he said.
However, Miller said GCHQ entered a legal grey area, with hacktivists arrested and imprisoned for carrying out DDoS attacks, while government spies use the same technique with impunity.
Privacy International said there is no legislation that clearly authorises GCHQ to conduct cyber attacks.
Read more about GCHQ
- NSA and GCHQ unlock online privacy encryption
- NSA and GCHQ mass surveillance violates EU law, study finds
- Privacy International challenges GCHQ collaborators including BT and Vodafone
- GCHQ’s use of Prism not illegal, MPs find
- Spies infiltrated online games, Snowden docs show
- GCHQ to share cyber expertise with UK companies
- Angry Birds maker wants industry response to mobile app spying
GCHQ has issued the standard response, that all the agency's activities were authorised and subject to rigorous oversight.
But apart from the legal questions, the latest Snowden revelations have raised concerns about potential collateral damage, reports the BBC.
Using a DoS attack to overwhelm a computer server with traffic would have risked disrupting other services, said Steven Murdoch, a security researcher at the University of Cambridge.
“It's quite possible that the server was used for other purposes, which would have been entirely unrelated to Anonymous,” he said.
Evidence of attack
According to an NBC report, the Snowden documents provide the first evidence of a Western government using DoS attacks and confirm for the first time the existence of a threat research group in GCHQ.
The documents show that a GCHQ unit called the Joint Threat Research Intelligence Group (JTRIG) boasted of using the DoS attack and other techniques in an operation called Rolling Thunder, which it said scared away 80% of the users of Anonymous internet chat rooms.
The leaked documents also show that JTRIG infiltrated chat rooms known as IRCs and identified individual hackers who had taken confidential information from websites.
The hacktivists were contacted by GCHQ agents posing as fellow hackers in internet chat rooms.
In one case JTRIG helped send a hacktivist to prison for stealing data from PayPal, and in another it helped identify hacktivists who attacked government websites.