All the latest UK technology news, reviews and analysis

PRISM: GCHQ spies used phishing and DoS attacks against Anonymous hackers

05 Feb 2014
Anonymous news site

A secret spy unit linked to the UK Government Communications Headquarters (GCHQ) proactively attacked hackers related to the Anonymous collective, according to leaked NSA documents.

NBC published documents leaked by whistleblower Edward Snowden showing that the group, codenamed the Joint Threat Research Intelligence Group (JTRIG), attempted to shut down and spread information throughout the Anonymous collective.

The document alleged the unit attempted to phish Anonymous members and launched attacks designed to disrupt and infiltrate its networks as part of an operation called Rolling Thunder.

The documents show the spies mounted a sophisticated espionage campaign that let intelligence officers phish a number of Anonymous members to extrapolate key bits of information.

The leaked documents include conversations between intelligence officers and the GZero, Topiary and pOke Anonymous members in 2011.

One log shows a GCHQ spy duped pOke into clicking on a malicious link dressed up to look like a news article about Anonymous. The link used an unspecified method to extract data from the virtual private network (VPN) being used by pOke.

The documents allege pOke was not arrested, but that the information gathered during the phishing attack was used in the arrest of Jake Davis (Topiary) in July 2011.

Davis' arrest was taken as a key victory for law enforcement. Davis, a British citizen, was believed to have acted as a spokesman for many Anonymous cells and is credited as the author of several of the group's statements.

Intelligence officers also attempted to sabotage and hinder Anonymous members' communications, though it is unclear how they did this as the leaked slides refer to both distributed denial of service (DDoS) and denial of service (DoS) attacks. F-Secure analyst Sean Sullivan told V3 that while it is hard to know which was used, evidence suggests that the spies used DoS attacks.

"The Rolling Thunder slide has 'DDoS' at the top, the slide previous to that states  ‘Denial of Service on Key Communications outlets’,” he told V3.

“I’m of the opinion that the Rolling Thunder slide is mislabeled – thus, the GCHQ performed a DoS on Anonymous, not a DDoS. There’s a difference in scale, and if the GCHQ had engaged in a DDoS in the summer of 2011 we would have learned about it then, not now.”

A GCHQ spokesman declined V3's request for comment on NBC's report, but reiterated the agency's previous insistence that all its operations are carried out within the letter of the law.

"It is a longstanding policy that we do not comment on intelligence matters. Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework," read the statement.

Experts within the security community have questioned the GCHQ's argument. Chief operating officer at Corero Network Security Andrew Miller said the secret unit's use of black hat tactics is at the very least morally questionable.

"We have to remember that cyber spooks within GCHQ are equally if not more skilled than many black hat hackers, and the tools and techniques they are going to use to fight cybercrime are surely going to be similar to those of the bad guys," he said.

"Legally, we enter a very grey area here; where members of Lulzsec were arrested and incarcerated for carrying out DDoS attacks, but it seems that JTRIG are taking the same approach with impunity."

The campaign against Anonymous is one of many revelations to stem from the leaked Snowden files.

The files were originally leaked to the press in 2013 and detail several intelligence operations carried out by the UK GCHQ and US National Security Agency (NSA). Documents emerged alleging that the GCHQ and NSA were using mobile applications such as Angry Birds to spy on citizens earlier in January.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Privacy
What do you think?
blog comments powered by Disqus

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?

Popular Threads

Powered by Disqus
Galaxy S5 vs iPhone 5S vs Nexus 5 showdown

Galaxy S5 vs iPhone 5S vs Nexus 5

We speed test three of the most popular smartphones

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery


iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

IT Systems Administrator

Abscissa.Com Limited trades as Jokers’ Masquerade, a...

PHP Team Lead

Holmes Media is seeking an experienced and highly motivated...

Network Engineer

Our Company: CGG ( is a fully...
To send to more than one email address, simply separate each address with a comma.