British Spy Unit Reportedly Hit 'Anonymous' With DDoS Attacks

[Turk]

By Steven Musil February 4, 2014 10:30 PM PST

Unit of the U.K.'s communications intelligence agency used the cyberattack method against hacktivist groups, according to documents supplied to NBC news by Edward Snowden.

A British spy unit turned a cyber attack method favored by Anonymous against it and other hacktivist groups, according to an NBC report based on documents removed from the NSA by Edward Snowden.

A division of the Government Communications Headquarters (GCHQ), the U.K.'s communications intelligence agency, used distributed-denial-of-service attacks to disrupt communications among members of Anonymous, according to the documents. DDoS is the same cyberattack technique used by the hacktivist group to mount online attacks targeting financial institutions, trade groups, and government entities after PayPal and banks refused to process payments for WikiLeaks.

Dubbed Rolling Thunder by the GCHQ unit, known as the Joint Threat Research Intelligence Group, or JTRIG, the attack succeeded in reducing the number of users in Anonymous cat rooms by 80 percent, according to the documents. The NBC report, which was co-authored by Glenn Greenwald, the journalist who published the first NSA stories based on documents obtained by Snowden, indicates that this is the first time the existence of the JTRIG has been revealed.

The unit's infiltration of IRC chat rooms helped identify hackers who had stolen confidential information from Web sites and sent one person to prison for the theft of data from PayPal, according to the documents. The attack on PayPal was part of "Operation Payback," an anti-copyright campaign that began after the 2010 shutdown of The Pirate Bay, a Swedish torrent-tracking site.

In retaliation, the group allegedly launched DDoS attacks against the Motion Picture Association of America, the Recording Industry Association of America, and the U.S. Copyright Office. The campaign was later extended to Bank of America and credit card companies such as Visa and MasterCard for their refusal to process WikiLeaks payments.

According to the documents, among the techniques employed by TRIG in response were attacks on computer networks, disruption, "Active Covert Internet Operations," and "Covert Technical Operations." The documents, from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, detail how agents engaged hactivists by posing as fellow hackers, resulting in one instance in the conviction of a British hacker named Edward Pearson for the theft of 8 million identities from PayPal accounts.

The documents list Anonymous, LulzSec, and the Syrian Cyber Army as hactivist groups that use DDoS attacks against government agencies and corporations.

GCHQ did not immediately respond to a CNET request for comment but told NBC News that the agency operated within the boundaries of British law.

"All of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensure that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee," the agency's statement said. "All of our operational processes rigorously support this position."

http://news.cnet.com/8301-13578_3-57618376-38/british-spy-unit-reportedly-hit-anonymous-with-ddos-attacks