A new revelation coming from Edward Snowden’s leaked NSA documents, this time reported first by NBC News, points to a secret British division in its GCHQ spy agency. The division was tasked with performing cyber attacks on the hacktivist Anonymous and LulzSec groups.
The unit, known as the Joint Threat Research Intelligence Group (JTRIG), used a DDOS (distributed denial-of-service) attack, a typical hacker weapon, against the groups. The documents, which publicized JTRIG for the first time ever, came from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV.
According to intelligence sources familiar with the operation, JTBIG concentrated DDOS attacks against IRC chat rooms where they believed hackers from those groups — and more — would gather to plan and commiserate.
While a spokesperson for the GCHQ said that any and all of the agency’s activities were authorized and subject to “rigorous oversight.” Not everyone was so confident about the program, though.
Targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs. Some have rallied around the name to engage in digital civil disobedience, but nothing remotely resembling terrorism. The majority of those embrace the idea primarily for ordinary political expression.
Wbile estimating that the Anonymous community in general numbered in the thousands, Coleman said that the number of members involved in criminal activity was in the dozens, a small percentage of the overall hacktivist group.
Dr Steven Murdoch, a security researcher at the University of Cambridge, agreed with Coleman’s belief that the majority of the hacktivist group was law-abiding:
Some have gone into criminality, but many others just go out and organize protests, letter-writing campaigns and other things that are not criminal.
Privacy International’s head of research, Eric King, expressed the organization’s concern.
There is no legislation that clearly authorises GCHQ to conduct cyber-attacks. So, in the absence of any democratic mechanisms, it appears GCHQ has granted itself the power to carry out the very same offensive attacks politicians have criticized other states for conducting.
In addition to these DDOS attacks, JTRIG used covert methods to identify hackers in the chatrooms. In one case, agents reportedly tricked a hacker with the alias P0ke by sending him a link to a BBC article entitled: “Who loves the hacktivists?”
“Sexy,” P0ke allegedly commented, before clicking on the link, which somehow — it’s not clear how — allowed JTRIG to bypass P0ke’s security measures.
P0ke hadclaimed to have stolen data from the US government, but he was never prosecuted, despite JTRIG and GCHQ discovering his true identity.