Snowden Leak: GCHQ Targeted Anonymous With DoS Attacks

British intelligence agency GCHQ hit Anonymous with one of the hacktivist collective’s traditional attack techniques, a denial of service (DoS), according to a fresh leak from Edward Snowden.

The attacks were carried out by the Joint Threat Research Intelligence Group, as part of an operation called Rolling Thunder, according to NBC News. The leaks suggested agents both took down and infiltrated IRC chat rooms used by Anonymous and LulzSec members.

It’s believed GCHQ would have taken down IRC chat rooms hosted on the same server as those targeted, indicating innocent users would have had their communications disrupted.

GCHQ vs. Anonymous and LulzSec

According to the leaks, the GCHQ unit also helped identify a number of those involved in Operation Payback, which hit financial services including Mastercard and Visa.

Hacktivists including Jake Davis, the convicted LulzSec member known as Topiary, were said to have been contacted by agents.

In one case, when one hacktivist was looking for access to a website with over 10,000 unique visits per day, in an attempt to find machines to infect with malware for future distributed DoS attacks, an agent claimed to have a porn site with over 27,000 visits.

In another, a hacktivist named p0ke was convinced into clicking on a link to a BBC News article, which subsequently revealed the IP address of the VPN he used.

The leaked slides also show agency claims that 80 percent of IRC chat room users were put off returning after being sent notices warning DDoS was illegal.

“All of GCHQ’s work is carried out in accordance with a strict legal and policy framework,” GCHQ said.

It appears GCHQ used SYN flood attacks, which involve having a large number of IP addresses, either real or spoofed, which set up half-open connections, preventing a server from opening up fresh connections with other users.

Convicted member of LulzSec, Mustafa Al-Bassam, who is now a computer science student at King’s College London, said he wasn’t surprised by the leaks.

“I’ve suspected that GCHQ was involved for months given that the indictment contained almost nothing about how the police found the defendants’ identities. It was more a case of ‘arrest them first, find evidence on their computer that links them to their identity to use in court later’,” he told TechWeekEurope over Jabber.

“Plus the police officers in the case informally made snarky comments to me that seemed like they had evidence that they didn’t want to use in court.”

It’s unclear whether GCHQ used DDoS attacks, which would involve use of distributed machines, likely rented or infected, or if it used some other DoS technique.

Think you know security? Test yourself with our quiz!