Snowden leak: GCHQ DDoSed Anonymous & LulzSec's chatrooms

'I plead guilty to 2 counts of conspiracy and these b*st*rds were doing the ... same thing?'


British intelligence ran denial-of-service attacks against chatrooms used by Anonymous and LulzSec, according to an investigation by NBC News involving Snowden confidante Glenn Greenwald.

Documents leaked by the NSA whistleblower record how a GCHQ unit known as the Joint Threat Research Intelligence Group, or JTRIG, used a packet flood operation dubbed Rolling Thunder to "scare away 80 per cent of the users of Anonymous internet chat rooms," NBC reports.

Intelligence agents also infiltrated chatrooms in an operation that successfully identified a hacktivist who siphoned off confidential data from PayPal and also picked up another who had participated in attacks on government websites.

The leaked slides from GCHQ boast that the operation allowed the authorities to identify Edward Pearson (aka GZero), 25, from York, who was convicted and sentenced to 26 months in prison for stealing information from 200,000 PayPal accounts. Pearson and his then girlfriend were both convicted of using stolen credit card details to pay for a hotel stay.

Details of how the g-men's evidence against Pearson was put together were among two case studies included in the leaked GCHQ presentation. The other case cited is partially redacted.

The whole GCHQ counter-offensive operation took place in September 2011, around two or three months after malicious activities spearheaded by LulzSec and other hacktivists reached their zenith.

Hacktivists from LulzSec launched DDoS – as distinct from your common or garden denial-of-service attacks – on the website of the Serious and Organised Crime Agency in June 2011. They also ran a DDoS attack against the US Central Intelligence Agency at around the same time. It's hard to believe either of these actions had much of an effect on the agencies concerned beyond possibly slowing the delivery of emails, and even that's a bit improbable.

A greater concern ought to have been boasts by LulzSec that it had hacked into InfraGard chapters' websites, a non-profit organisation affiliated with the FBI. These claims were supported by the leak of InfraGard member emails and a database of local users.

An attack on Senate.gov that reportedly led to the leaks of internal data ought to have also ought to have set off warnings.

Members of the wider Anonymous movement ran DDoS attacks as part of online protests against the WikiLeaks banking blockade against PayPal and Mastercard as part of OpPayback in late 2010.

Responses to DDoS attacks normally involve setting up mitigation technologies on a technical level while using law enforcement to identify and arrest the perpetrators. The GCHQ division seemingly decided to fight fire with fire by launching a packet flood at IRC servers used by Anonymous.

Security experts, such as Robert Graham of Errata Security, have slammed NBC by confusing Distributed Denial of Service attacks with Denial of Service attacks.

"Assuming the target was an IRC server in a colo, then it's trivially easy to DoS with a SYN-flood without effecting nearby machines," Graham writes.

The leaked (partially redacted) slides - put together for a presentation delivered by GCHQ in 2012 - do contain a page about Rolling Thunder headed "DDoS" (page 13 of 15) but Graham's explanation makes more sense from the technical point of view.

"The GCHQ doc admits doing "denial of service", but then later uses the DDoS acronym as a title," Graham said in a Twitter update.

Security advocates had already begun questioned the legality of GCHQ's ops against LulzSec and elements of Anonymous.

Spyblog tweeted:

Andrew Miller, chief operating officer at Corero Network Security, said that since some of the victims of LulzSec’s attacks included the CIA and SOCA, it is not altogether surprising that the hacktivists would themselves become a target.

"We have to remember that cyber-spooks within GCHQ are equally if not more skilled than many black hat hackers, and the tools and techniques they are going to use to fight cybercrime are surely going to be similar to that of the bad guys," Miller said. "Legally, we enter a very grey area here; where members of Lulzsec were arrested and incarcerated for carrying out DDoS attacks, but it seems that JTRIG are taking the same approach with impunity.”

Convicted LulzSec hacker Jake Davis (Topiary) has reacted with disbelief to reports of GCHQ's shenanigans. "I plead guilty to two counts of DDoS conspiracy and to my face these GCHQ bastards were doing the exact same thing," he said in an update to his personal DoubleJake Twitter account.

Security experts, more personally removed from the situation, have used the whole business as an opportunity to crack some funnies, as well as making more serious points questioning the thinking behind the operation.

"This is what happens when you staff your cyber ops group with ex-hackers," wrote thegrugq. "They go back to their old tricks, ddosing IRC channels and doxing."

"Remember how outrageous it was when China used their control over their citizen's Internet infrastructure to stifle dissent?" he later added. ®

Similar topics


Other stories you might like

  • DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers
    Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

    DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.

    Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains.

    Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

    Continue reading
  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading

Biting the hand that feeds IT © 1998–2022