Skip to main content

British spies launched cyberattack on Anonymous, according to leaked documents

British spies launched cyberattack on Anonymous, according to leaked documents


Operation 'Rolling Thunder' led to arrests and convictions, but some say the government's tactics went too far

Share this story

Gallery Photo:
Gallery Photo:

The UK's spy agency launched a cyberattack against the hacker collectives Anonymous and LulzSec, according to documents leaked by former NSA contractor Edward Snowden and obtained by NBC News. The operations were carried out by the Joint Threat Research Intelligence Group (JTRIG), a division of the Government Communications Headquarters Communications (GCHQ), Britain's NSA-equivalent.

A PowerPoint presentation for a 2012 NSA conference reveals that JTRIG launched a distributed denial of service (DDoS) attack against the internet relay chat (IRC) rooms used by members of Anonymous. The attack was part of an operation called "Rolling Thunder," and was reportedly launched following Anonymous' 2011 DDoS attack on PayPal and major credit card companies. Some so-called "hacktivists" targeted the websites of the FBI, CIA, and GCHQ as part of Anonymous' "Operation Payback," staged in protest against the prosecution of Chelsea Manning.

"an appalling example of overreacting in order to squash dissent."

JTRIG agents, posing as Anonymous members, also infiltrated IRC rooms to identify hackers who had stolen personal data or attacked government websites. This week's report marks the first time that JTRIG's existence has been publicly disclosed. The documents obtained by NBC News reveal that it was created to execute covert computer attacks, and that the division's tactics include phone jamming and undercover ploys. A presentation titled "Pushing the Boundaries and Action Against Hacktivism" lists Anonymous, LulzSec, and the Syrian Electronic Army as major hacktivist groups.

Under Rolling Thunder, JTRIG operatives used Facebook, Twitter, and other online networks to warn suspected hacktivists that "DDOS and hacking is illegal, please cease and desist." The presentation claims that the dissuasion tactics were effective, noting that 80 percent of those contacted disappeared from IRC rooms within one month. The operation identified members who had staged attacks against government or corporate websites, and led to the conviction of one hacker who stole 8 million identities on PayPal.

"officials must be able to pursue individuals who are going far beyond speech."

Gabriella Coleman, author of a forthcoming book on Anonymous, says the GCHQ went too far, telling NBC News that the operation amounted to a crackdown on civil disobedience rather than suspected terrorists, implicating a handful of criminals at the expense of thousands. "Punishing thousands of people, who are engaging in their democratic right to protest, because a couple people committed vandalism is … an appalling example of overreacting in order to squash dissent," Coleman said.

Michael Leiter, former head of the US National Counterterrorism Center, agrees that groups shouldn't be targeted for their political beliefs, but doesn't think that should negate the government's ability to identify cybercriminals online.

"While there must of course be limitations, law enforcement and intelligence officials must be able to pursue individuals who are going far beyond speech and into the realm of breaking the law: defacing and stealing private property that happens to be online," Leiter told NBC News. "No one should be targeted for speech or thoughts, but there is no reason law enforcement officials should unilaterally declare law-breakers safe in the online environment."