UK Government accused of launching DDoS attacks

News by Steve Gold

Previously unknown UK Government secret service operation allegedly staging its own DDoS attacks against hacktivist groups

The latest files from former NSA Security Analyst Edward Snowden claim to show that an apparently top secret division of the Joint Intelligence Committee (JIC) - the effective parent to GCHQ, MI5 and MI6 in the UK - has been using cyberwarfare techniques since 2011 against the likes of Anonymous, LulzSec and other hacktivist groups.

NBC News, which seems to have a hotline to Edward Snowden of late, claims to have a classified document from the JIC that details the activities of fourth JIC division called JTRIG (the Joint Threat Research Intelligence Group).

The broadcaster makes the bold claim that JTRIG is an intelligence unit that is not constrained by domestic or international laws.

NBC also claims that JTRIG has been launching `Rolling Thunder' attacks – a type of distributed denial of service (DDoS) cyber-attacks - as well as planting malware on breached systems that reveals the identities of hackers.

The broadcaster says the document includes a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, which Edward Snowden last month mentioned when talking about the NSA's alleged programme to tap metadata from smartphone and tablet apps.

The document alleges that JTRIG orchestrated a DDoS attack on IRC (Internet Relay Chat) channels used by Anonymous - and which reportedly resulted in 80 percent of the users quitting the Internet chat rooms.

The key question about the document's claims - if true - is which DDoS methodology that the JIC division used against the hacktivists, and whether - like many hacker groups - JTRIG used cloud-based resources to stage its attacks.

“While there must of course be limitations,” said Michael Leiter, the former head of the US government's National Counter-terrorism Centre and now an NBC News analyst, “law enforcement and intelligence officials must be able to pursue individuals who are going far beyond speech and into the realm of breaking the law: defacing and stealing private property that happens to be online.”

“No-one should be targeted for speech or thoughts, but there is no reason law enforcement officials should unilaterally declare law breakers safe in the online environment,” he said.

GCHQ's press office has refused comment on the reports.

Andrew Miller, COO with security vendor Corero Network Security, said that reports that the UK Government is launching its own DDoS attacks is a very interesting development.

"It would appear that the coin has been flipped and the staple attack of hacktivists has been used against them.  Security experts have long said that these types of attacks are far more than just another tool in the bedroom hackers arsenal, and with this news that the Joint Threat Research Intelligence Group (JTRIG) have used DDoS attacks, this has essentially been validated," he said.

Miller went on to say that we should remember that cyber-spooks within GCHQ are equally - if not more skilled than many black hat hackers - and the tools and techniques they are going to use to fight cybercrime are surely going to be similar to that of the bad guys.

"Legally, we enter a very grey area here: where members of LulzSec were arrested and incarcerated for carrying out DDoS attacks, but it seems that JTRIG are taking the same approach with impunity," he noted.

Miller also asked a rhetorical question as to whether it is a surprise that we find out this has taken place.

"Yes and no. From a certain aspect it's not the type of attack you would expect a western government to be using, but when you consider some of the victims of LulzSec's attacks (GCHQ, CIA, SOCA), it makes sense that they themselves would become a target," he concluded.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews