The British spy agency GCHQ used hacking techniques, including distributed denial of service (DDoS) attacks, against the hacking collective Anonymous, according to new documents leaked by Edward Snowden.
Anonymous hackers were attacking websites with their own DDoS attacks in 2011 while authorities in the UK and the U.S. were scrambling for a response — it turns out GCHQ's answer was to turn the hackers' weapons against them.
The new documents reveal that a GCHQ unit dubbed the Joint Threat Research Intelligence Group, or JTRIG, launched an operation called Rolling Thunder against the hacker collective in 2011. That operation included using DDoS attacks as well as malware to slow down the hackers and later identify them, as first reported by as reported by NBC News on Wednesday.
As part of the operation, GCHQ agents infiltrated the chat rooms where hackers were gathering, and flooded the servers hosting those chat rooms with excessive traffic — a DDoS attack — to prevent them from logging on.
This is the first time the GCHQ, which is the British equivalent of the NSA, has been directly accused of using hacking techniques in its operations to fight crime, and it's the first time a government agency has been accused of a DDoS attack specifically.
But it is not uncommon for other law enforcement agencies to use hacking techniques. The FBI uses malware to hack into and spy on suspects' computers. It has also using phishing to install custom-made malware to track down a suspected bomber.
For critics, the latest revelations highlight a double standard: It's a crime when Anonymous shuts down websites using DDoS attacks, but not when GCHQ does it.
It's also an overreaction that may stifle the freedom of expression rights of innocent netizens, argues Gabriella Coleman, an anthropology professor at McGill University who has extensively studied and written about Anonymous, who explained that only a few Anonymous hackers were actually engaged in illegal activities.
Jake Davis, a.k.a. Topiary, one of the hackers mentioned in the leaked documents, reacted to the revelations by accusing the GCHQ of breaking the law. Davis was arrested in 2012, and later pleaded guilty for participating in two DDoS attacks.
He later doubled-down in an op-ed titled "Who are the real criminals?" published on The International Business Times on Wednesday.
"There's no justification for how nonchalant a democratic government can be when they breach the very computer misuse rules they strongly pushed to set in place," he wrote.
The British spy agency, however, defended itself and the legality of its actions.
110 Reykjavik, Iceland