New documents leaked by Edward Snowden and obtained by NBC News suggest that the UK's spy agency, GCHQ, launched a DDoS attack on the hacker collectives Anonymous and LulzSec.
A presentation allegedly from a 2012 NSA conference points out that GCHQ's Joint Threat Research Intelligence Group (JTRIG) launched a distributed denial of service (DDoS) attack against the internet relay chat rooms used by Anonymous. The attack was intended to shut down communications between the hackers.
Part of a larger operation codenamed Rolling Thunder, the attack was apparently in response to Anonymous' 2011 DDoS attack on PayPal, which impacted several major credit card companies. The documents suggests that JTRIG agents also posed as Anonymous members to infiltrate the same chat rooms, in order to identify hackers.
[T]he unit's mission included computer network attacks, disruption, "Active Covert Internet Operations," and "Covert Technical Operations." Among the methods listed in the document were jamming phones, computers and email accounts and masquerading as an enemy in a "false flag" operation. The same document said GCHQ was increasing its emphasis on using cyber tools to attack adversaries.
Rolling Thunder made use of Facebook and Twitter to warn hackers that the DDoS attacks they were undertaking were illegal, which was apparently surprisingly successful: 80 percent of those contracted disappeared from the infiltrated IRC chatrooms within a month. Subsequently, the operation identified members who were still performing attacks, and even convicted one hacker who stole 8 million identities on PayPal.
The DDoS attacks waged by JTRIG, however, also "interrupted the web communications of political dissidents who did not engage in any illegal hacking" as well as "shut[ting] down websites with no connection to Anonymous." As NBC points out, labelling it "an appalling example of overreacting in order to squash dissent," it's debatable whether such measures are really justifiable. What do you think? [NBC]