GCHQ used DoS attacks against Anonymous, show Snowden documents

UK spy agency GCHQ used denial of service (DoS) attacks against Anonymous, according to documents leaked by NSA whistleblower Edward Snowden

UK spy agency GCHQ used denial-of-service (DoS) attacks against hacktivist group Anonymous, according to documents leaked by US National Security Agency (NSA) whistleblower Edward Snowden.

The leaked documents, published by NBC, show GCHQ used DoS attacks to make a chatroom associated with Anonymous inaccessible to members.

Andrew Miller, chief operating officer at Corero Network Security, said it is not surprising UK cyber spies used a common hacktivist technique against Anonymous.

“We have to remember that cyber spooks in GCHQ are equally if not more skilled than many black-hat hackers, and the tools and techniques they are going to use to fight cyber crime are surely going to be similar to that of the bad guys,” he said.

However, Miller said GCHQ entered a legal grey area, with hacktivists arrested and imprisoned for carrying out DDoS attacks, while government spies use the same technique with impunity.

Privacy International said there is no legislation that clearly authorises GCHQ to conduct cyber attacks.

GCHQ has issued the standard response, that all the agency's activities were authorised and subject to rigorous oversight.

But apart from the legal questions, the latest Snowden revelations have raised concerns about potential collateral damage, reports the BBC.

Using a DoS attack to overwhelm a computer server with traffic would have risked disrupting other services, said Steven Murdoch, a security researcher at the University of Cambridge.

“It's quite possible that the server was used for other purposes, which would have been entirely unrelated to Anonymous,” he said.

Evidence of attack

According to an NBC report, the Snowden documents provide the first evidence of a Western government using DoS attacks and confirm for the first time the existence of a threat research group in GCHQ.

The documents show that a GCHQ unit called the Joint Threat Research Intelligence Group (JTRIG) boasted of using the DoS attack and other techniques in an operation called Rolling Thunder, which it said scared away 80% of the users of Anonymous internet chat rooms.

The leaked documents also show that JTRIG infiltrated chat rooms known as IRCs and identified individual hackers who had taken confidential information from websites.

The hacktivists were contacted by GCHQ agents posing as fellow hackers in internet chat rooms.

In one case JTRIG helped send a hacktivist to prison for stealing data from PayPal, and in another it helped identify hacktivists who attacked government websites.

Read more on Privacy and data protection