Government agents can play at hacking too. Image: Steve Rhodes/Flickr
The British government used hacker tactics including denial-of-service (DDoS) attacks against hackers themselves, according to a new report by NBC News which saw journalist Glenn Greenwald as a special contributor.
Based on NSA documents leaked by Edward Snowden, NBC explained that UK spy agency GCHQ (the British version of the NSA) DDoS’d internet chat rooms used by hacktivists associated with Anonymous. That, the US broadcaster said, made them “the first Western government known to have conducted such an attack.”
It’s quite a role reversal, given that DDoS attacks are a weapon of choice for Anonymous, and have previously been used to take down government sites. Now, it seems, both sides are prepared to play dirty.
NBC published redacted versions of the documents, which outline a denial of service attack dubbed “Rolling Thunder” and targeted at IRC chat rooms used by Anonymous-affiliated hacker groups such as LulzSec. The point, of course, was to disrupt the hacktivists’ communications.
This was apparently done by a unit of GCHQ called the Joint Threat Research Intelligence Group (JTRIG), who boast in one slide that, after the DDoS action, many hackers left the targeted chat room. “80% of those messaged where not in the IRC channels 1 month later,” they wrote with characteristically poor grammar.
The whole debacle obviously stinks of hypocrisy, especially as the nature of a DDoS attack means it’s not very closely targeted. NBC points out that an attack on the chat room servers could have affected other websites hosted by the same servers, or other servers operated by the same ISP—it’s unknown if this kind of collateral damage occurred.
I plead guilty to two counts of DDoS conspiracy and to my face these GCHQ bastards were doing the exact same thing - http://t.co/Y4vo1qeN4I— Jake Davis (@DoubleJake) February 5, 2014
Then there’s the issue that those disrupted weren't charged with any offence before they were targeted, and using a chat room isn’t a crime. But according to the government’s own rules, acts like DDoS attacks are. Jake Davis, better known as former LulzSec member Topiary, expressed outrage at these double standards in a post on the International Business Times.
As someone that, as a teenager at the time, had to sit across a table from Scotland Yard detectives while they read me my rights for roughly 90 different computer offences (up to 900 years in prison) and then was later made to stand in front of a police sergeant as he described me as a threat to national security, I was under the impression that the UK government took DDoS attacks (or in my case, just being around people that launched DDoS attacks) very, very seriously.
But when it comes to their own dabbling in this confusingly modern crime, it seems that push doesn't even need to come to shove before they're taking down public chat servers in an effort to halt communication between individuals that may potentially commit the very same crime in the future.
Quite how far the GCHQ’s hack attack compared to those executed by “real” hackers isn’t clear; security researcher Graham Cluley points out on his blog that LulzSec would often build a botnet out of innocent compromised computers to launch a DDoS attack. “We don’t know if GCHQ went that far—or preferred to use computers under their own (legitimate) control to disrupt the hacktivists’ communications,” he wrote.
Another former LulzSec hacker known as T-Flow, real name Mustafa Al-Bassam, seemed as bemused as anyone by the revelations, but said he always suspected the government had used hacking techniques to uncover his identity.
He was arrested for his involvement in LulzSec’s activities and told NBC that after he was caught, “I genuinely felt bad for all those attacks on government organizations I was involved in. But now that I know they partake in the exact same activities, I have no idea what’s right and wrong anymore.”