Microsoft Subnet An independent Microsoft community View more

EFF on cyber attack against hacktivists: CFAA for you; impunity for feds

Secret British spy unit JTRIG hit hacktivists with 'Rolling Thunder' cyber attacks, but if a non-G-man had launched an attack to stifle free speech, then they could face prison time.

A secret Government Communications Headquarters (GCHQ) spy unit engaged in online attacks against the hacktivist groups Anonymous and LulzSec. Whether or not you support hacktivisim or believe Anonymous was in the right, one of the most worrying aspects to come out of the Snowden-leaked presentation is that if a non-government person were to have carried out such cyber attacks, then they could face jail time under the flawed Computer Fraud and Abuse Act (CFAA).

According to an NBC investigation:  

The documents, from a PowerPoint presentation prepared for a 2012 NSA conference called SIGDEV, show that the unit known as the Joint Threat Research Intelligence Group, or JTRIG, boasted of using the DDOS attack - which it dubbed Rolling Thunder -- and other techniques to scare away 80 percent of the users of Anonymous internet chat rooms.

JTRIG is not an acronym with which you should be familiar, as the agency "has never been previously disclosed publicly."

After convicted LulzSec hacker Topiary, aka Jake Davis, heard the news, he tweeted:

Chris Weatherhead, founder of the AnonOps IRC network, "didn't directly contribute to a DDoS campaign but ran the communication hub where the protests were coordinated." He "received a whopping 18-month sentence." After reading about Rolling Thunder, Weatherhead was clearly upset and took to Twitter. He "couldn't get his head around" being fed BS by the police "while GCHQ happily attacked my servers." He added, "Server operators weren't involved in an attack either and were punished/terminated by ISP's who got DDoS'ed by GCHQ."

NBC reported that JTRIG "shut down communications among Anonymous hacktivists by launching a 'denial of service' (DDOS) attack - the same technique hackers use to take down bank, retail and government websites - making the British government the first Western government known to have conducted such an attack."

When a government presentation [pdf], which was never intended to be seen by the public, makes a claim, should we believe it? The Rolling Thunder slide above is titled DDoS, and the IRC conversation referred to it the same way, but it was using the term DDoS (distributed denial of service) instead of DoS (denial of service) in the NBC article that set off Errata Security's Robert Graham.

After detailing the difference between the two, Graham took to Twitter to state among other things, "A synflood is just a DoS, and just because some idiot kids call it DDoS doesn't make it so."

F-Secure's Sean Sullivan pointed out that "DDoS is the name on the slide," so it's not just an "idiot kid," but Graham insisted that it would only be correct to call it a DDoS if Greenwald could "vouch for the technical expertise of the doc writer."

After Graham's blog post explaining the difference between DDoS and DoS, he added that he'd created "the world's fastest syn-flood tool" and pointed out the features to show "the vast difference between the 'experts' Greenwald could consult (hackers), and the type of 'experts' he actually consults (anthropology professors)."

The anthropology professor to whom he is referring is Gabriella Coleman, who told NBC, "Targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs. Some have rallied around the name to engage in digital civil disobedience, but nothing remotely resembling terrorism. The majority of those embrace the idea primarily for ordinary political expression."

Coleman, however, is not technically clueless. Instead, she "is the Wolfe Chair in Scientific and Technological Literacy at McGill University." Although trained as anthropologist, "she researches and writes on the intersection of computer hacking and digital activism." On Wired, Coleman wrote:

It's clear that judges consider Anonymous' actions to be serious and punishable. Scores of Anonymous hacktivists have already been arrested or jailed.

Meanwhile, agencies like the GCHQ face no such risks, deterrents, consequences, oversight, or accountability. This scenario is all the more alarming given that some of Anonymous' actions may be illegal and might warrant attention from some law enforcement agencies - but do not even come close to constituting a terrorist threat. And that means we're inching into the same territory as the dictatorial regimes criticized by democratic governments for not respecting internet freedoms.

I encourage you to read the NBC article in full, as well as Graham's DDoS vs DoS rebuttal, to get the "whole" story. This time, JTRIG went after hacktivists and curious people lurking in IRC. Tomorrow it might be another set of people discussing surveillance, religion, or anything else the agencies don't like. It's yet another slippery slope. Or, as the EFF put it: "CFAA for you; impunity for NSA and GCHQ."

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies