Britain’s GCHQ victimized Anonymous supporters with DDoS attack

The latest news to come from the trove of classified documents leaked by Edward Snowden, a former NSA contractor, should outrage anyone who has ever taken to the Internet in order to express their opinions or protest a cause. According to NBC News, Britain’s GCHQ has no problem using DDoS to silence your speech and limit your access to the Internet. But, if you do the same, you’re going to pay fines and face possible jail time.

Say hello to hypocrisy, its name is JTRIG.

The NBC News report says that during a 2012 NSA conference called SIGDEV, the GCHQ’s Joint Threat Research Intelligence Group (JTRIG) bragged about using Distributed Denial of Service (DDoS)* during an operation called Rolling Thunder to target Anonymous. Because of this attack, JTRIG says they scared away 80 percent of the server’s users. (* See update below.)

In addition, JTRIG also visited chat rooms on AnonOps (one of the Anonymous IRC servers) and interacted with users, sometimes spreading malware, in order to collect additional intelligence. Such intelligence allowed JTRIG to help “send a hacktivist to prison for stealing data from PayPal and in another [case] it helped identify hacktivists who attacked government websites,” NBC’s report explains.

Anonymous: An idea that often takes a collective shape in the form of people, both on and offline; a chaotic collection of opinions that can flip in an instant, and come from nowhere to do good things as well as bad, sometimes both at once; is legendary for their use of DDoS as a form of protest.

To them, DDoS is a tool that can be used to call attention to something, nothing more, nothing less.

As a journalist, I started following Anonymous during Operation Payback in late 2010. I stuck with them, lurking publicly on their IRC channels for years. I still do, from time to time. I spent countless hours speaking with those who supported the idea that is Anonymous in order to learn why, and in some cases I got to know the Anon personally. I watched Anonymous do acts of good. I watched them troll and harass anyone and everyone. I watched them organize operations, some of them successful. I also watched as they launched operations that were complete failures.

At the end of the day, Anonymous is an idea supported by people with opinions, hopes, fears, and ambitions. Some do what they do for the chaos that’s created, while others honestly believe in the “cause” so to speak.

I remember the FBI and Scotland Yard raiding Anons because launching a DDoS attack is a crime, no matter the reason. And so, given law enforcement’s stance, after a while many of the people I spoke to and interacted with on IRC were arrested for their participation in a DDoS attack on PayPal.

Anonymous targeted PayPal because of what they did on December 3, 2010. This is when PayPal permanently restricted the account used by Wikileaks to collect donations. Their reasoning, according to a statement at the time, was Wikileaks’ “…violation of the PayPal Acceptable Use Policy, which states that our payment service cannot be used for any activities that encourage, promote, facilitate or instruct others to engage in illegal activity.”

Anonymous took serious issue with Wikileaks being accused of criminal acts without any official charges or convictions. After PayPal’s statement, Operation Payback pushed forward. On December 4, 2010, PayPal’s blog was hit with a massive DDoS attack, and subsequently removed from the Internet.

While Operation Payback targeted several organizations during its run, the DDoS on PayPal was the criminal act cited in the arrest warrant for 14 individuals, collectively called the PayPal 14. As 2013 ended, those 14 people were still fighting to keep their freedom, and are struggling to pay hefty fines imposed by the court. However, other Anons have been arrested and charged for DDoS related offenses, which put them in jail and into debt thanks to heavy fines.

Update:

Shortly after this post went live, images started to circulate that suggest the GCHQ used a SYN flood to attack the IRC servers. If so, then it isn’t a DDoS attack, the correct technical term for what happened is a DOS attack. See the blog by Robert Graham for his opinion on the matter. I’ve left the use of DDoS stand, as that is what NBC is reporting. However, the technical distinction should be noted if that’s something you’re concerned about.

Nevertheless, when it comes to the law, DOS is just as bad as DDoS. The topic of SYN flooding is noteworthy as well, because a SYN flood can limit collateral damage, having no impact to servers around the target. In this case, the SYN flood caused the AnonOps server to crash, which took all of the other hosted websites and IRCd instances with it.

There were several DDoS (or DOS) attacks on various Anonymous IRC servers between the end of 2010 and 2012. There’s no way to know what attack(s) the GCHQ were behind. Some of the attacks took out only the single IRCd, while others dropped the entire server, including everything hosted on it in addition to the IRCd.

Do as I say, not as I do:

The NBC News story bothers me. You can’t have it both ways. DDoS is either illegal, worthy of jail time and fines, or it isn’t – as it’s considered a valid form of protest and it can be used selectively by the government to disrupt adversaries. What’s good for one side should be good for the other.

The GCHQ has broken their own nation’s laws, in order to target people gathered in a single location to express themselves and communicate their thoughts. Many of the people targeted on the attacked servers, the passive, non-participating group, were high schoolers. Kids who were lurking just to watch what happens. None of them were criminals or terrorists. But for Rolling Thunder, all of them were valid targets.

The GCHQ used DDoS as a disruptive measure, and were admittedly successful. However, the same level of disruption was used against PayPal, but the success wasn’t as big, because PayPal recovered quickly and moved on.

It’s an established fact in the security community that DDoS is disruptive. If a business relies on uptime, DDoS attacks can be costly too. Even if uptime isn’t an issue, mitigating a sustained DDoS attack can get expensive. The costs associated with DDoS related outages and mitigation is largely responsible for the justice system calling it a crime.

Another fact about DDoS revolves around the collateral damage. During a DDoS attack, not only is the target taken offline, but other websites on the same server are also impacted. In the case of IRC hosting, it is entirely likely that other domains are housed on the same server. So when the DDoS hits, the IRCd and the hosted websites go offline too. This is exactly what happened during the DDoS attacks on AnonOps.

I’m not arguing that DDoS should be made legal. My complaint is the fact that the GCHQ broke the law.

Their actions are reprehensible.

In an editorial on Wired, Gabriella Coleman, an Anonymous expert and anthropology professor at McGill University, shows me that I’m not alone in my outrage and frustration:

“… while those involved in Anonymous can and have faced their day in court for those tactics, the British government has not. When Anonymous engages in lawbreaking, they are always taking a huge risk in doing so.

“But with unlimited resources and no oversight, organizations like the GCHQ (and theoretically the NSA) can do as they please. And it’s this power differential that makes all the difference.”

Again, the issue is that Anons who use DDoS as a tool know they’re at risk. They know they could go to jail for it, and they do it anyway. But the agents involved with Rolling Thunder will face no charges or jail time, and they’ll certainly pay no fines.

Regular citizens will face 10 years in prison and enormous fines for committing a DDoS attack. The same applies if they encourage it or assist in one. But if you work in the government, it seems like you’re an exception to the rule.

You don’t need to agree with thought that DDoS is a valid tool for protest. You don’t need to agree with the idea that is Anonymous. But if you’re a law abiding citizen, what the GCHQ did should bother you greatly, these are your Internet freedoms they’re playing with.