Feeds

Snowden leak: GCHQ DDoSed Anonymous & LulzSec's chatrooms

'I plead guilty to 2 counts of conspiracy and these b*st*rds were doing the ... same thing?'

Seven Steps to Software Security

British intelligence ran denial-of-service attacks against chatrooms used by Anonymous and LulzSec, according to an investigation by NBC News involving Snowden confidante Glenn Greenwald.

Documents leaked by the NSA whistleblower record how a GCHQ unit known as the Joint Threat Research Intelligence Group, or JTRIG, used a packet flood operation dubbed Rolling Thunder to "scare away 80 per cent of the users of Anonymous internet chat rooms," NBC reports.

Intelligence agents also infiltrated chatrooms in an operation that successfully identified a hacktivist who siphoned off confidential data from PayPal and also picked up another who had participated in attacks on government websites.

The leaked slides from GCHQ boast that the operation allowed the authorities to identify Edward Pearson (aka GZero), 25, from York, who was convicted and sentenced to 26 months in prison for stealing information from 200,000 PayPal accounts. Pearson and his then girlfriend were both convicted of using stolen credit card details to pay for a hotel stay.

Details of how the g-men's evidence against Pearson was put together were among two case studies included in the leaked GCHQ presentation. The other case cited is partially redacted.

The whole GCHQ counter-offensive operation took place in September 2011, around two or three months after malicious activities spearheaded by LulzSec and other hacktivists reached their zenith.

Hacktivists from LulzSec launched DDoS – as distinct from your common or garden denial-of-service attacks – on the website of the Serious and Organised Crime Agency in June 2011. They also ran a DDoS attack against the US Central Intelligence Agency at around the same time. It's hard to believe either of these actions had much of an effect on the agencies concerned beyond possibly slowing the delivery of emails, and even that's a bit improbable.

A greater concern ought to have been boasts by LulzSec that it had hacked into InfraGard chapters' websites, a non-profit organisation affiliated with the FBI. These claims were supported by the leak of InfraGard member emails and a database of local users.

An attack on Senate.gov that reportedly led to the leaks of internal data ought to have also ought to have set off warnings.

Members of the wider Anonymous movement ran DDoS attacks as part of online protests against the WikiLeaks banking blockade against PayPal and Mastercard as part of OpPayback in late 2010.

Responses to DDoS attacks normally involve setting up mitigation technologies on a technical level while using law enforcement to identify and arrest the perpetrators. The GCHQ division seemingly decided to fight fire with fire by launching a packet flood at IRC servers used by Anonymous.

Security experts, such as Robert Graham of Errata Security, have slammed NBC by confusing Distributed Denial of Service attacks with Denial of Service attacks.

"Assuming the target was an IRC server in a colo, then it's trivially easy to DoS with a SYN-flood without effecting nearby machines," Graham writes.

The leaked (partially redacted) slides - put together for a presentation delivered by GCHQ in 2012 - do contain a page about Rolling Thunder headed "DDoS" (page 13 of 15) but Graham's explanation makes more sense from the technical point of view.

"The GCHQ doc admits doing "denial of service", but then later uses the DDoS acronym as a title," Graham said in a Twitter update.

Security advocates had already begun questioned the legality of GCHQ's ops against LulzSec and elements of Anonymous.

Spyblog tweeted:

Andrew Miller, chief operating officer at Corero Network Security, said that since some of the victims of LulzSec’s attacks included the CIA and SOCA, it is not altogether surprising that the hacktivists would themselves become a target.

"We have to remember that cyber-spooks within GCHQ are equally if not more skilled than many black hat hackers, and the tools and techniques they are going to use to fight cybercrime are surely going to be similar to that of the bad guys," Miller said. "Legally, we enter a very grey area here; where members of Lulzsec were arrested and incarcerated for carrying out DDoS attacks, but it seems that JTRIG are taking the same approach with impunity.”

Convicted LulzSec hacker Jake Davis (Topiary) has reacted with disbelief to reports of GCHQ's shenanigans. "I plead guilty to two counts of DDoS conspiracy and to my face these GCHQ bastards were doing the exact same thing," he said in an update to his personal DoubleJake Twitter account.

Security experts, more personally removed from the situation, have used the whole business as an opportunity to crack some funnies, as well as making more serious points questioning the thinking behind the operation.

"This is what happens when you staff your cyber ops group with ex-hackers," wrote thegrugq. "They go back to their old tricks, ddosing IRC channels and doxing."

"Remember how outrageous it was when China used their control over their citizen's Internet infrastructure to stifle dissent?" he later added. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.