Snowden Docs Show GCHQ Tried To DDoS Anonymous
from the picking-the-wrong-target dept
The latest Snowden revelation is just bizarre. According to a new report at NBC (with help from Glenn Greenwald), UK spies at GCHQ decided to mount a DDoS attack against Anonymous and Lulzsec.
The documents, from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, show that the unit known as the Joint Threat Research Intelligence Group, or JTRIG, boasted of using the DDOS attack – which it dubbed Rolling Thunder — and other techniques to scare away 80 percent of the users of Anonymous internet chat rooms.
As the report notes, this seems like incredible overkill. While it’s true that Anonymous had been somewhat successful in DDoSing some websites, for the most part, those were just basic defacements. They were the equivalent of kids messing around with graffiti — hardly the sort of thing you send in the intelligence community to disrupt. Similarly, there are some quite reasonable arguments that the kind of attacks that Anonymous was doing were the equivalent of a sit-in, making them a form of expression.
“Targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs,” said Gabriella Coleman, an anthropology professor at McGill University and author of an upcoming book about Anonymous. “Some have rallied around the name to engage in digital civil disobedience, but nothing remotely resembling terrorism. The majority of those embrace the idea primarily for ordinary political expression.” Coleman estimated that the number of “Anons” engaged in illegal activity was in the dozens, out of a community of thousands.
NBC News gets former White House cyber security official Jason Healey to point out how ridiculous this kind of attack is:
Jason Healey, a former top White House cyber security official under George W. Bush, called the British government’s DDOS attack on Anonymous “silly,” and said it was a tactic that should only be used against another nation-state.
[….] “This is a slippery slope,” said Healey. “It’s not what you should be doing. It justifies [Anonymous]. Giving them this much attention justifies them and is demeaning to our side.”
Further documents show that GCHQ agents more or less infiltrated Anonymous, trying to buddy up with some key members — and the documents leaked by Snowden show that GCHQ happily explains that the “outcome” of this effort resulted in charges, arrest and conviction against Edward Pearson, who was involved with Anonymous as GZero. Of course, we thought GCHQ was supposed to be focused on non-UK persons. But Pearson is British. The report details a few other UK hackers arrested because of GCHQ spying — including one who notes that in the documents concerning his arrest, it is never detailed how he was found.
What’s not mentioned in the report is that the intelligence community has a history of totally overreacting to Anonymous. Back in 2012, we wrote about NSA boss Keith Alexander’s bizarre attempt to spread FUD by claiming that Anonymous was the equivalent of a terrorist group that might shut down power grids — a move that seems way outside of the kinds of things participants in Anonymous have any interest in. The actions they’ve taken, historically, have been to expose hypocrisy and wrongdoing — not to actually put anyone’s lives in danger. But it seems that kind of overreaction to Anonymous went beyond just the NSA and across the pond to GCHQ, which didn’t just freak out, but actually spent taxpayer funds to launch offensive denial of service attacks on a bunch of mostly innocent teenagers.
Comments on “Snowden Docs Show GCHQ Tried To DDoS Anonymous”
Wondering if this is legal
My first thought about this was whether this was finally clear evidence that GCHQ was acting illegally. I know that there are a few ongoing cases against them, but this seems pretty clear.
From my (far from perfect) understanding of GCHQ’s legal basis, they are limited to two functions:
I don’t see how DDoSing Anonymous, or cosying up to them fits in (b), and while the former might count as “interfering with electromagnetic emissions” I’m not sure the rest will.
Perhaps this time GCHQ has gone too far?
Re: Wondering if this is legal
Re: Re: Wondering if this is legal
Only little people are held to legal standards.
Re: Wondering if this is legal
I was thinking the same, but for different reasons.
I don’t know much about British law, but Techdirt has published several stories about parallel construction. It sounds like GCHQ might have been doing the same thing. It casts doubt over any court cases involving Lulsec and Anonymous.
I wonder, if The UK have the same problem with most cases ending with the defendant pleading guilty. Here in the US they’ll have nice men with badges and guns take family members of the defendant out of work and ask them to call him or her. The threat being that since they also benefited from the alleged crime that they’ll be charged as well. Unless, of course, the defendant agrees to immediately plead guilty to the judge that they have waiting down at the courthouse.
Re: Re: Wondering if this is legal
This doesn’t have anything to do with evidence laundering. This doesn’t even have anything to do with evidence gathering or surveillance at all. This has to do with GCHQ launching offensive attacks on targets based on the fact because they decided the the targets needed to be attacked. There is no legal case. No appeal to a court for authorization. No due process. This is a UK government agency stepping way outside of their mandate to unilaterally punish people that they deemed needed punishing.
Re: Wondering if this is legal
The human body generates an electromagnetic field, and this field can be detected with certain electromagnetic field meters.
Gee one is left to wonder if the things they claim others were doing/could do was based on fear of knowing what they capable of doing.
One wonders how many of the rules governing these spy agencies they have to break before someone finally stops them and asks them what the f__k were they thinking.
But but but terrorism no longer cuts it.
Re: Re:
If Anonymous is capable of shutting down your power grid, then you ought to think through your friggin’ internet security, because it’s ridiculous.
Also, if 133thax0rkidz can hack your infrastructure, then other nations (russia, china, etc) can too, and you have a bigger problems than internet activists.
Re: Re: Re:
I
Then you have made the mistake of connecting its control systems to the Internet.
Re: Re: Re: Re:
I am not certain but I thought that high profile systems, such as the power system control grid, are on a separate network away from the internet.
Re: Re: Re:2 Re:
If they aren’t someone is getting fired retroactively before they were hired if they have idiocy of that magnitude.
Re: Re: Re:
Indeed. If you’re using computer controls for infrastructure, medical devices and such, you need to have both software and hardware safeties. I’ve emphasized this to students in an Ethics in Computing class, and I will again given the opportunity.
If there’s no reason for your generators to run at a sufficient speed to burn out (and there’s not), then you prevent it from being physically able to run that fast. You have one or more operators on site – thus controls should not be even capable of being remotely accessed (remote monitoring isn’t so bad). If a medical device uses radiation to gather information on a patient, it should not be capable of emitting a harmful amount (a real case, that, from a few years back – the hardware relied on the firmware/software for safety, and the software was poorly installed, poorly maintained and poorly operated… leading to, well, microwaving of tender body parts).
It’s basic computer and network security – expose only what needs to be exposed, and make it as physically impossible as possible to access the rest. A bank or business might use a time-locked vault for a very good reason – so that no matter what happens, the vault simply cannot be opened except at the time when it needs to be open to move stuff out. No matter who’s compromised, what information they have, what threats are made, the vault is secure for most of the day or week.
Re: Re: Re:
Any nation can stop power grids, just drop a nuke way high in the skies of multiple cities, BAM, EMP’s everywhere.
Thing is, the real reason nukes exist is that they are never going to be used.
Except for mini-nukes, those were banned in 1968…officially.
If you can’t control it, kill it.
If it wasn’t for the very real problems that the intelligence community is causing or may cause this would be a comedy article. Reminds me of when some lunatics wanted to blow nuclear bombs to speed up the construction of the Panama Canal…
Re: Re:
Did those lunatics have access to a time machine?
The United States took over the project in 1904, and took a decade to complete the canal, which was officially opened on August 15, 1914.
http://en.wikipedia.org/wiki/Panama_Canal
The Manhattan Project was a research and development project that produced the first atomic bombs during World War II. … From 1942 to 1946, …
http://en.wikipedia.org/wiki/Manhattan_Project
Re: Re:
In the early days nuclear fallout wasn’t really understood. If you ignore the radiation, small nukes make handy explosives. Like the ones we use for construction now but larger.
See Also: https://en.wikipedia.org/wiki/Operation_Plowshare
Since that didn’t work out we ended up buying a bunch of old nukes from the Russians to power our reactors.
Re: Re: Re:
They foolishly used the maximum strength of nuclear devices allowed by the US/USSR 1976 treaty on Peaceful Nuclear Explosions as autodestruction systems, which were one day used against themselves in their foolishness.
The following picture used on wikipedia in the Nuclear Weapons Testing article, coming from US public domain.
http://en.wikipedia.org/wiki/Nuclear_weapons_testing
https://en.wikipedia.org/wiki/File:Types_of_nuclear_testing.svg
Makes one think…Sometimes I think the NSA are aware of something awful and so thats why they justify spying everything. But probably not, I’m just a pleb who isn’t even american so i’m totally fair game. :3
If DDOS is “like a sit-in”, then what GCHQ did wasn’t so bad, right? It’s just like they’re sitting-in… in someone’s house… hmm… maybe I need to rethink this analogy.
Re: Re:
I live inside your computer.
Re: Re:
DDoS is a form of protest for individuals and groups that lack the power and authority of the state. Protest is important because it can be an effective counter to abuse of that power and authority. If you already have the power and authority, what could you possibly be protesting? The answer is you aren’t protesting at all. You are abusing that power and authority when you engage in such activity. That is the difference and it is a big one.
Re: Re: Re:
Protests are but one of many reasons that are cited as the basis for a DDoS attack, but it must be admitted that a substantial number have been directed at business institutions, government agencies, etc., the disruption of which can cause significant damage to a large segment of the public.
Re: Re: Re: Re:
I was speaking to his assertion that because the argument is made that DDoS is “like a sit-in” (which is used as a form of protest) then it validates it as ok for people to do. He is implying that because it is ok for the people to do as a form of protest then it should be ok for a government to do as well. I was merely pointing out that the error in the logic there as the reason it is ok as a form of protest is that that protest is against the abuse of power and authority. So if you already have the power and authority, you haven’t a valid reason to protest and therefore the use of such action becomes an in and of itself an abuse of that power and authority instead of a protest of such.
Re: Re: Re: Re:
Actually, protest is an important counter for abuses of power and/or authority of ALL types not just the state. So whether it’s a business or the government, it doesn’t matter. When DDoS is used as a form of protest against such abuse, it can be justified, however if the entity engaging in such activity already has the power and/or authority it can’t be a protest and instead becomes an abuse in and of itself. That’s probably a better way to put it.
Yeah, that’s the latest threat to our way of life. Hadn’t you heard?
and remember that DDoSing is illegal as well. also remember that Cameron tried to get the Blackberry network closed down so as to stop people talking to each other during the London riots. as horrendous as they were, it’s hardly the thing to suggest doing from a nations Prime Minister. having said that though, he’s using the fictitious ‘Internet crimes’ as the reason censorship has to take place in the UK! the man is losing the plot! it does seem, however, that the UK is using the most ridiculous excuses to achieve it’s ends.
i heard this morning about the ‘tube strike’ in London. the government is now trying to bring in new laws to stop it happening. it’s anything to undermine and remove the rights of the people. Cameron is trying to back peddal the UK to the days when only the rich and famous had the right to anything. he needs to mind he doesn’t get hauled up before the EUCHR!
Re: Re:
Or hauled up anything else, for that matter.
I know DDoS attacks against IRC servers aren’t uncommon…
But we’re talking about an IRC server being DDoS’d by a security agency.
A place where people go to talk (regardless of how affiliated they are with Anonymous or not.)
So I’m guessing this means that Freedom of Speech no longer means shit the fascists in charge.
"The latest Snowden revelation is just bizarre." -- And essentially pointless.
Again, nothing new or breathtaking here, no more than ginning up the netwits — who’ll soon be exhausted by these little leaks, and ignore anything major — IF were anything major in the alleged Snowden pile, which I doubt.
Don’t bother commenting here, (hypothetical) visitor! The rabid Techdirt fanboys censor all opposition! Here’s one NOT lying about it:
http://www.techdirt.com/articles/20140204/07522126085/new-zealand-spy-agency-deleted-evidence-about-its-illegal-spying-kim-dotcom.shtml#c341 (198 of 198)
02:43:42[c-850-6]
I have looked at the PP. Because there is virtually no context provided in the presentation as to why the sites were focused upon, it is not at all clear how you came to the conclusion that such a focus was not warranted.
It seems as if it is being advocated that the sites should be free from scrutiny to do as they want because “boys will be boys”. Without knowing what caught the eye of the government, would that be putting the cart before the horse?
Re: Re:
The objection to the action has nothing to do with the government scrutinizing a site, and taken legal action where they have evidence of wrongdoing. Th objection is of a government agency exercising power in an arbitrary fashion to silence critics of governments. Such abuse of power should always to objected to, else you will find that you are forced to agree with the government in everything that it does.
Re: Re: Re:
But this begs the question “What was the motivation underlying the focus?” Maybe they thought the site hosted communications critical of the government, but then again maybe not. My point was essentially to note that information that would clarify why the focus does not seem to be present, so conclusions/opinions drawn from the information presented would be speculative in nature.
Thinlk!
How is exposing hypocrisy and wrongdoing not putting Alexander’s way of life in danger?
Anonymous as Intelligence Target: Positively
As an establishment leader (government official or corporate officer closely allied to government) a “terrorist” is anyone who disagrees with policy or embarrasses the policy makers.
Anonymous does both, and is therefore a “terrorist” organization. Of course you send your intelligence agencies to persecute them.
Re: Anonymous as Intelligence Target: Positively
What a perfect definition of tyranny you have there.
In the last IA class I took, the FIRST thing we had was to learn about and sign a Code of Ethics. One of those good behaviors to learn is that “hacking back” is NOT an ethical thing to do.
Not sure how/if that applies, or would ideally apply to feral government agencies, tough.
Re: Re:
Now see, your first mistake was believing that they follow a ‘Code of Ethics’, or even know what such a thing is.
Re: Re: Re:
There is a reason it’s the FIRST thing they learn.
“Here is the first rule you have to learn. Now that you know that we are going to teach you how to effectively break that rule.”
Question
If GCHQ spooks have time for tailored DDoSs against few kids, how do they sift through copies of tons of internet porn which winds up in their hands daily?
Time until Anonymous DDOSs Britain: 13:37:20.
GCHQ is out of control!
We need a revolution.
They are not overreacting
Anonymous is the ONLY group on Earth that is consistently against the programs that these people are running. Simply put, no other group will do nearly as much to harm the intelligence agencies’ attempts for power as anonymous will.
Re: They are not overreacting
I disagree. I would say groups like the EFF and ACLU are consistently against these programs far more effective at fighting them than Anonymous ever will be.
“Back in 2012, we wrote about NSA boss Keith Alexander’s bizarre attempt to spread FUD by claiming that Anonymous was the equivalent of a terrorist group that might?shut down power grids?– a move that seems way outside of the kinds of things participants in Anonymous have any interest in. The actions they’ve taken, historically, have been to expose hypocrisy and wrongdoing?”
“hypocrisy and wrondoing”
Yeah…….terrorism!?
Love, Cameron
While there’s no specific mandate to do so, I rather wish that my government would object to a foreign government interfering with our residents’ constitutional rights (in this case, freedom of association).
Re: Re:
Speaking of which, my country (Canada) just lost some more of its sovereignty to the US. Not as bad as previously thought, but…
http://www.cbc.ca/news/politics/fatca-tax-deal-with-u-s-takes-some-heat-off-canadian-banks-1.2524444
Revenue Canada will have to report to the IRS whenever it feels like looking at some Canadian bank accounts from now on. At first it was directly without RC acting as in-between but they struck this “deal”. If Canadian banks didn’t accept to divulge info they would be basically raped.
Disgusting.