British spooks launched DDoS attacks on Anonymous hacktivists

DDOS attacksIt’s not only the bad guys who carry out distributed-denial-of-service (DDoS) attacks on their targets. Oh no, sometimes the ‘good guys’ will get up to the same old tricks.

According to new documents released from former NSA contractor Ed Snowden and obtained by NBC News, British spy agency GCHQ launched a secret war against the infamous hacktivist collective Anonymous and a splinter group known as LulzSec several years ago, at a time when certain members of those organizations were targeting various UK companies and government websites.

The documents reveal that GCHQ carried out seemingly illegal DDoS attacks against the collective, flooding their chatrooms with so much traffic that they would become inaccessible – and all with the approval of the British government.

The revelations come less than a year after several LulzSec activists were jailed by a British court for carrying out similar DDoS attacks against targets including the CIA, the UK’s Serious Organized Crime Agency (SOCA), News International, Sony and the Westboro Baptist Church, among others.

Throughout its war against the British authorities, LulzSec gathered huge media attention thanks to their spokesperson Jake Davis, aka “Topiary”, who would routinely report each attack made by the group on Twitter.

Initially unable to identify who was behind the LulzSec collective, British authorities instead opted to carry out retaliatory cyberwarfare against the group. The Snowden documents show that GCHQ’s Joint Threat Research Intelligence Group (JTRIG) used a variety of common hacking techniques, including DDoS attacks, to disrupt the activities and communications of LulzSec’s operatives.

JTRIG’s DDoS attack was part of an operation called “Rolling Thunder” that targeted chat rooms known to be used by LulzSec and Anonymous members. But the legality of this operation is questionable – while these chat rooms may have been valid targets, GiagaOM notes that any such attack would almost certainly take out servers that are hosting other websites too. Moreover, it’s just as likely that many of the targets were innocent too. Whilst some LulzSec members were engaged in illegal activity, it’s likely that many more were just casual supporters of their cause.

Davis, who has since been released from jail, made it clear that he wasn’t at all impressed with their actions on Twitter:

However, GCHQ insisted that it’s operations were lawful, giving the following statement to NBC News:

“All of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position.”