X

British spy unit reportedly hit Anonymous with DDoS attacks

A UK communications intelligence agency unit used a popular cyberattack method against hacktivist groups, according to documents Edward Snowden supplied to NBC News.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

CNET

A British spy unit turned a cyberattack method favored by Anonymous against it and other hacktivist groups, according to an NBC report based on documents Edward Snowden removed from the National Security Agency.

A division of the Government Communications Headquarters (GCHQ), the UK's communications intelligence agency, used distributed-denial-of-service attacks to disrupt communications among members of Anonymous, according to the documents. DDoS is the same cyberattack technique used by the hacktivist group to mount online attacks targeting financial institutions, trade groups, and government entities after PayPal and banks refused to process payments for WikiLeaks.

Dubbed "Rolling Thunder" by the GCHQ unit, which is known as the Joint Threat Research Intelligence Group (JTRIG), the attack succeeded in reducing the number of users in Anonymous chat rooms by 80 percent, according to the documents. The NBC report, which was co-authored by Glenn Greenwald, the journalist who published the first NSA stories based on documents obtained by Snowden, indicates that this is the first time the existence of the JTRIG has been revealed.

Infiltrating the chat rooms helped identify hackers who had stolen confidential information from Web sites. It also resulted in sending one person to prison for stealing data from PayPal, according to the documents. The attack on PayPal was part of "Operation Payback," an anti-copyright campaign that began after the 2010 shutdown of The Pirate Bay, a Swedish torrent-tracking site.

In retaliation, the group allegedly launched DDoS attacks against the Motion Picture Association of America, the Recording Industry Association of America, and the US Copyright Office. The campaign was later extended to Bank of America and credit card companies, such as Visa and MasterCard, for their refusal to process WikiLeaks payments.

According to the documents, among the techniques JTRIG employed in response were attacks on computer networks, disruption, "Active Covert Internet Operations," and "Covert Technical Operations." The documents -- from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV -- detail how agents engaged hactivists by posing as fellow hackers. In one instance, the tactic resulted in the conviction of British hacker Edward Pearson for stealing 8 million identities from PayPal accounts.

The documents list Anonymous, LulzSec, and the Syrian Cyber Army as hactivist groups that use DDoS attacks against government agencies and corporations.

GCHQ declined to comment on the documents cited in the report, but insisted in a statement to CNET that it operated within the boundaries of British law.

"All of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensure[s] that our activities are authorized, necessary, and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners, and the Parliamentary Intelligence and Security Committee," a GCHQ spokesman said in a statement.

Updated 2/5 at 12:55 a.m. PT with GCHQ comment.