The latest in the series of Snowden revelations include attacks of British spies on hacktivists of Anonymous and LulzSec. According to NBC news, who obtained the leaked classified documents from Snowden, the spy unit used questionable practices not just against the hackers but also against web communications of political dissidents.
A division (Joint Threat Research Intelligence Group (JTRIG)) of Government Communications Headquarters Communications (GCHQ), the British counterpart of the NSA, launched a ‘denial of service’ (DDOS) attack to prevent communication among the Anonymous hacktivists, the documents revealed. DDOS are used by hackers also to bring down bank, retail, and government websites. However, UK becomes the first Western country to have carried out such an attack.
JTRIG is beyond domestic and international laws and finds no mention in any of the reports before. Its existence was revealed through a 2012 power point presentation for NSA conference called SIGDEV.
The presentations records Roller Thunder operations against anonymous organized by JTRIG through DDoS attack on the internet relay chat used by Anonymous.
The documents also reveal that JTRIG targeted individual hackers who obtained confidential information from websites; in one case a hacker was sent to prison for stealing data from PayPal and in another it helped in identifying an hacktivist who attacked government websites.
A DDoS attack is a criminal offence in most countries, especially US and UK. In UK a person found guilty of cyber attack could be charged under Computer Misuse Act whereas in the US, he could be prosecuted with Computer Fraud and Abuse Act.
Besides, a DDoS attack brings down an entire server with all websites hosted on it, which would mean that when Anonymous chat rooms were attacked, there were many other web resources that were possibly affected although they had no connection to the Anonymous whatsoever.
But, Michael Leiter, the former head of the US National Counterterrorism Centre and now an NBC analyst, contends:
- There must, of course, be limitations. Law enforcement and intelligence officials must be able to pursue individuals who are going far beyond speech and into the realm of breaking the law: defacing and stealing private property that happens to be online.
- No one should be targeted for speech or thoughts, but there is no reason law enforcement officials should unilaterally declare law breakers safe in the online environment, he added.
This has met with criticisms. Gabriella Coleman, an anthropology professor at the McGill University commented that:
- Targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs.
Some have rallied around the name to engage in digital civil disobedience, but nothing remotely resembling terrorism. The majority of those embrace the idea primarily for ordinary political expression,” she explained.
A convicted member of Lulzsec, Mustafa Al-Bassam, now a computer science student at King’s College London wasn’t surprised at all with the leaks.
- I’ve suspected that GCHQ was involved for months given that the indictment contained almost nothing about how the police found the defendants’ identities. It was more a case of ‘arrest them first, find evidence on their computer that links them to their identity to use in court later,” said Mustafa quoted in Techweek Europe.
- Plus the police officers in the case informally made snarky comments to me that seemed like they had evidence that they didn’t want to use in court,” he told.