It’s not just hackers who launch denial-of-service attacks. Sometimes it’s the people who catch the hackers who launch them too.
New documents revealed by NSA whistleblower Edward Snowden have revealed not only that UK law enforcement agencies have engaged in denial-of-service attacks which can flood websites with so much traffic that they become effectively inaccessible, but that they have attempted to disrupt hacktivists by using the same technology.
One group of denial-of-service attackers get caught and sent to jail. The other group seemingly gets away with it, because they have the approval of the British government.
In May 2013, members of the notorious LulzSec hacking gang – a splinter group from the Anonymous hacktivist movement – were imprisoned by a British court after they were found guilty of launching distributed denial-of-service (DDoS) attacks, amongst other computer-related crimes.
Victims of the LulzSec DDoS attacks included the CIA, the UK’s Serious Organised Crime Agency, Sony, News International and the controversial Westboro Baptist Church.
LulzSec’s activities have been well documented – not least because their spokesman “Topiary” was courting the world’s media on Twitter, providing a running commentary on each and every denial-of-service attack launched from the group’s “Lulz Cannon”.
However, as NBC News reports, a division of the UK’s GCHQ surveillance agency known as the Joint Threat Research Intelligence Group (JTRIG) used hacking techniques to disrupt the communications and activities of Anonymous and LulzSec hackers.
This included a denial-of-service attack dubbed “Rolling Thunder” designed to disrupt internet chat rooms being used by LulzSec.
NBC News says that this makes the British government “the first Western government known to have conducted such an attack.”
What’s unclear is whether GCHQ completely followed in LulzSec’s footsteps. After all, the hackers often used a botnet of innocent compromised computers to launch their attacks. We don’t know if GCHQ went that far – or preferred to use computers under their own (legitimate) control to disrupt the hacktivists’ communications.
Jake Davis, the real identity of LulzSec’s “Topiary”, who was found guilty for his involvement in LulzSec DDoS attacks was less than impressed by the news, posting the following tweet this morning:
For its part, GCHQ asserted to NBC News that it operates within the law:
“All of GCHQ’s work is carried out in accordance with a strict legal and policy framework,” said the statement, “which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position.”
So now you know. GCHQ launched a denial-of-service attack, and it was overseen by the British government.
You can find out much more by reading the NBC News report: “War on Anonymous: British Spies Attacked Hackers, Snowden Docs Show”
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.