February 6, 2014
Hackers Get A Taste Of Their Own Medicine, Hacked By British Spy Unit
Enid Burns for redOrbit.com - Your Universe Online
A unit of the UK's Government Communications Headquarters (GCHQ), Great Britain's equivalent of the NSA, was discovered to have conducted a cyber-attack against the hacker collectives Anonymous and LulzSec, according to documents revealed by former NSA contractor Edward Snowden, as reported by NBC News.
Details of the attacks were found in documents from a PowerPoint presentation shown at a 2012 NSA conference called SIGDEV. The slideshow discusses activities conducted by the JTRIG, such as using DDoS attacks in an operation the agency unit called Rolling Thunder.
This new revelation is the first time the British spy unit, JTRIG, has been publicly disclosed, reports The Verge.
In addition to DDoS attacks, JTRIG infiltrated IRC clients such as chat rooms to identify individual hackers. The agency unit also contacted members of the group using Facebook, Twitter and other online networks to warn suspected hactivists that "DDoS and hacking is illegal, please cease and desist," The Verge reports.
According to the presentation documents, the dissuasion tactics were effective. The presentation said that 80 percent of people contacted disappeared from IRC rooms within a month of contact.
The controversial operation was responsible for the capture and prosecution of a hacker that stole 8 million identities on PayPal. It also identified members of that group who had staged attacks against government and corporate websites.
The actions taken by the JTRIG are controversial, but the operation's efforts have some justification.
"While there must of course be limitations," said Michael Leiter, the former head of the US government's National Counterterrorism Center and now an NBC News Analyst, quoted in the NBC article. "Law enforcement and intelligence officials must be able to pursue individuals who are going far beyond speech and into the realm of breaking the law: defacing and stealing private property that happens to be online."
"No one should be targeted for speech or thoughts, but there is no reason law enforcement officials should unilaterally declare law breakers safe in the online environment," said Leiter.
Some critics accuse the actions of the JTRIG as going too far. "But critics charge the British government with overkill, noting that many of the individuals targeted were teenagers, and that the agency's assault on communications among hacktivists means the agency infringed the free speech of people never charged with any crime," said the NBC article.
"Targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs," said Gabriella Coleman, an anthropology professor at McGill University and author of an upcoming book about Anonymous, NBC News quoted. "Some have rallied around the name to engage in digital civil disobedience, but nothing remotely resembling terrorism. The majority of those embrace the idea primarily for ordinary political expression."
NBC News said that Coleman estimated that the number of "Anons" engaged in illegal activity is in the dozens, out of a community of thousands.
The "Anons" that were identified and even prosecuted suspected hacking measures had been used against them, NBC News reports.
"A British hacktivist known as T-Flow, who was prosecuted for hacking alongside Topiary, told NBC News he had long suspected that the UK's intelligence agencies had used hacker techniques to catch him, since no evidence of how this identity was discovered ever appeared in court documents. T-Flow, whose real name is Mustafa Al-Bassam, pleaded guilty but did not serve time in an adult facility because he was 16 when he was arrested," the report said.
"When I was going through the legal process," explained Al-Bassam to NBC News, "I genuinely felt bad for all those attacks on government organizations I was involved in. But now that I know they partake in the exact same activities, I have no idea what's right and wrong anymore."