British secret service used DDoS attacks against hacktivists, says report

5 Feb 2014

GCHQ building photo via Wikimedia Commons

A team of UK tech spies launched cyberattacks against groups like Anonymous and other hacktivists using direct denial of service (DDoS) attacks, according to documents obtained by former CIA contractor Edward Snowden from the US National Security Agency (NSA).

NBC reported the attacks has been orchestrated by the UK’s equivalent of the NSA, the Government Communications Headquarters (GCHQ), using DDoS attacks which flood a user with connection requests to the point of overload which effectively shuts down their internet capabilities.

The tactic is used by hackers across the world as a means of shutting down major websites and governments and now it appears the UK is the first Western government with acknowledged use of the tactic.

The GCHQ is not commenting on the matter but has released a statement saying it follows all UK laws, according to its spokesperson.

“All of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensure[s] that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee.”

The documents show that in 2012, the GCHQ team compiled a report in PowerPoint for the NSA detailing how the British unit, known as the Joint Threat Research Intelligence Group (JTRIG), organised the series of DDoS attacks under its Rolling Thunder operation that targeted more than 80 individual users involved in activities with groups like Anonymous, as well as other internet chat rooms.

Undercover operations

The tactic was part of a plan to scare off those it saw as the most troublesome hacktivists and members of the organisation in the UK.

The PowerPoint slides obtained by NBC show a transcribed conversation on an IRC chat room involving a hacktivist going by the name of ‘P0ke’ with another user on the site, ‘Topiary’, and how he was targeted under Rolling Thunder.

One piece of the conversation shows p0ke saying: “Topiary: I has [sic] list of email: phonenumber: name of 700 FBI tards”, before later saying, “it was dumped from another government db [database]”.

The JTRIG team also detailed how they posed as a hacker going under the name of ‘GZero’ looking to obtain access to hacking codes and was able to use it as evidence in a case to arrest a man under the online name of ‘CHIS’.

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com