The British spy agency GCHQ used hacking techniques, including distributed denial of service (DDoS) attacks, against the hacking collective Anonymous, according to new documents leaked by Edward Snowden.
Anonymous hackers were attacking websites with their own DDoS attacks in 2011 while authorities in the UK and the U.S. were scrambling for a response — it turns out GCHQ's answer was to turn the hackers' weapons against them.
See also: 4 Things You Need to Know About Future NSA Director Michael Rogers
The new documents reveal that a GCHQ unit dubbed the Joint Threat Research Intelligence Group, or JTRIG, launched an operation called Rolling Thunder against the hacker collective in 2011. That operation included using DDoS attacks as well as malware to slow down the hackers and later identify them, as first reported by as reported by NBC News on Wednesday.
As part of the operation, GCHQ agents infiltrated the chat rooms where hackers were gathering, and flooded the servers hosting those chat rooms with excessive traffic — a DDoS attack — to prevent them from logging on.
This is the first time the GCHQ, which is the British equivalent of the NSA, has been directly accused of using hacking techniques in its operations to fight crime, and it's the first time a government agency has been accused of a DDoS attack specifically.
But it is not uncommon for other law enforcement agencies to use hacking techniques. The FBI uses malware to hack into and spy on suspects' computers. It has also using phishing to install custom-made malware to track down a suspected bomber.
For critics, the latest revelations highlight a double standard: It's a crime when Anonymous shuts down websites using DDoS attacks, but not when GCHQ does it.
It's also an overreaction that may stifle the freedom of expression rights of innocent netizens, argues Gabriella Coleman, an anthropology professor at McGill University who has extensively studied and written about Anonymous, who explained that only a few Anonymous hackers were actually engaged in illegal activities.
"The real concern here is a shotgun approach to justice that sprays its punishment over thousands of people who are engaged in their democratic right to protest simply because a small handful of people committed digital vandalism," she wrote in an op-ed on Wired. "This is the kind of overreaction that usually occurs when a government is trying to squash dissent; it’s not unlike what happens in other, more oppressive countries."
Jake Davis, a.k.a. Topiary, one of the hackers mentioned in the leaked documents, reacted to the revelations by accusing the GCHQ of breaking the law. Davis was arrested in 2012, and later pleaded guilty for participating in two DDoS attacks.
I plead guilty to two counts of DDoS conspiracy and to my face these GCHQ bastards were doing the exact same thing - http://t.co/Y4vo1qeN4I
— Jake Davis (@DoubleJake) February 5, 2014
The UK government banned a 16-year-old boy (@musalbas) from the Internet for 2 years while they themselves were launching illegal attacks.
— Jake Davis (@DoubleJake) February 5, 2014
He later doubled-down in an op-ed titled "Who are the real criminals?" published on The International Business Times on Wednesday.
"There's no justification for how nonchalant a democratic government can be when they breach the very computer misuse rules they strongly pushed to set in place," he wrote.
The British spy agency, however, defended itself and the legality of its actions.
"All of GCHQ's work is carried out in accordance with a strict legal and policy framework," a spokesperson said in a statement to NBC News, "which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All of our operational processes rigorously support this position."
Have something to add to this story? Share it in the comments.