According to documents stolen by National Security Agency whistleblower Edward Snowden and published by NBC News, the United Kingdom has engaged in distributed denial of service attacks and other traffic-blocking online tactics against non-belligerents. This represents the first time a Western nation has been caught using cyber-terrorism tactics.
The documents — a leaked PowerPoint presentation from the NSA’s 2012 Signals Development Conference — illustrate that a division within the British Government Communications Headquarters, the Joint Threat Research Intelligence Group, or JTRIG, admitted to shutting down communications among members of the “hacktivist” group Anonymous.
The group used a “denial of service,” or DDOS attack, which is a blanket attack that floods a server with more requests for a resource or web page than the server can address or has bandwidth for, subsequently forcing the server to ignore all requests. DDOS attacks have been utilized by hackers to attack government websites, banks and businesses. In 2012, Anonymous attempted a DDOS attack on British government websites — including the home office and GCHQ — at least three times, causing intermittent site blockages.
Anonymous was protesting the announcement of a new extradition treaty between the U.S and the U.K., which would allow Gary McKinnon — an Asperger’s syndrome-inflicted computer hacker accused of hacking into NASA’s and the U.S. military computers — to face trial in America.
The use of such an attack is considered crude, at best. As many websites could be hosted on a single server, and many servers could share a single Internet service provider’s bandwidth, an attack on a hosted website would effectively take out innocent adjacent websites. The possibility that a government agency could launch a deliberate attack against a non-target has given many pause in reflection of this situation.
There is no evidence currently that suggests that any non-Anonymous websites were attacked collaterally by JTRIG.
Playing dirty
JTRIG targeted Internet relay chat rooms known to be frequented by Anonymous members. In an operation dubbed “Rolling Thunder,” JTRIG was able to use its infiltration to identify individual hackers, including a hacktivist accused of stealing personal data from PayPal, and hacktivists who were allegedly involved in the attacks on the government websites.
In 2011, Anonymous participated in “Operation Payback,” a protest to denounce the prosecution of Chelsea Manning — who stolen thousands of classified diplomatic communiques and leaked them to WikiLeaks. Along with striking back at U.S. and British intelligence websites, the “hacktivists” also took on the banks and financial organizations that refused to process donations to WikiLeaks — including PayPal.
However, JTRIG also boasted it scared away 80 percent of the buyers of the Anonymous IRC rooms. As most of these users were teenagers and not involved in any hacking activity, there is a fear that the GCHQ’s actions were an affront to free speech.
“Targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs,” said Gabriella Coleman, an anthropology professor at McGill University. “Some have rallied around the name to engage in digital civil disobedience, but nothing remotely resembling terrorism. The majority of those embrace the idea primarily for ordinary political expression.”
In another Snowden-leaked document that was secured by NBC News, JTRIG’s mission has been described to include computer network attacks, disruption — including telephone and email jamming, computer hacking and “false-flag operations,” which are attacks on friendly targets, masquerading as a cyber-terrorist — “active covert Internet operations,” and “covert technical operations.”
“White hats” and “black hats”
While the GCHQ may see all of this as “white hat” hacking — ethical hacking meant to boost the security of a computer system — many are not so sure.
“The governments see this type of action as sending out a strong signal, and not necessarily an ‘eye-for-an-eye’ scenario,” remarked Michael Gurnow, the author of “The Edward Snowden Affair: The Media, the NSA and the One that Got Away,” to MintPress.
“The government agencies — be it be GCHQ or the NSA — will substantiate their actions as being ‘for the greater good,’ while we have these denial of service attacks taking down innocent service providers, crippling countless users worldwide. The agencies will see this as ‘we preempted this attack by Anonymous,’ or that they discouraged this type of behavior from other groups; but they do not see ‘the great heck’ their actions have sown.”
Of great concern in this situation, according to Gurnow, is the sense of parallelism between the British intelligence apparatus and that of the other members of the “Five Eyes” — signatory nations to the U.K. – U.S. Agreement, which divided global signal intelligence into five zones, each monitored by one of the “eyes”: the U.S., the U.K., Canada, Australia and New Zealand.
As all of the Snowden documents — so far — have been marked for disclosure to the “Five Eyes” intelligence agencies, the NSA knew of Britain’s hacking of Anonymous, possibly, at the same time it was happening.
While there is no evidence to suggest that the NSA engaged in similar cyber-terrorism, conventional wisdom based on previous revelations from Snowden’s leaks suggest that there is a valid reason to be concerned in the U.S.
Ultimately, this case — in its purest form — represents a government willing to attack many to get to a few. In the harshest terms possible, this represents gross endangerment and an aggressive attack on the personal liberties and property of the innocent extralegally.
“It is hard to put a number on Anonymous, but at the time of those events, there were thousands of supporters and probably a dozen or two individuals who were breaking the law,” said Gabriella Coleman, an expert on Anonymous, to NBC News. “Punishing thousands of people, who are engaging in their democratic right to protest, because a couple people committed vandalism is … an appalling example of overreacting in order to squash dissent.”
Government heavy-handedness as a learning lesson
Despite the near-universal panning of the GCHQ’s action, some see a silver lining behind all of this.
“Did the Joint Threat Research Intelligence Group take drastic measures? Yes, and yes — the cyberattack wrongly targeted those mistaken as cyber criminals,” Olivier Amar, co-founder and CEO of MyPermissions, a technology company involved in the conversation regarding online privacy, told MintPress. “However, I think people are overreacting to this incident. Instead of harping on how the government is trying to identify cyber-criminals, people should focus on protecting their own personal information online.
“I’m hopeful that the silver lining from this news is that people are now even more aware of cyber security threats, and will take the necessary precautions to protect themselves from being vulnerable to cyber-attacks.”
In a statement to NBC News, the GCHQ stated that the group acted within legal boundaries.
“All of GCHQ’s work is carried out in accordance with a strict legal and policy framework,” said the statement, “which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the Interception and Intelligence Services Commissioners, and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position.”