GCHQ DDOS hacktivist group Anonymous

Pot, kettle?

In a document published by NBC here, whistle-blower Edward Snowden has revealed in his latest leak that the UK’s NSA counterpart GCHQ had used one of Anonymous’ own illegal tactics against them and performed a Denial Of Service Attack against their IRC server in 2011.

SONY DSC

GCHQ agents infiltrated various hacktivist groups who were baited into disclosing information over IRC on various cyber attacks they had performed.  This information was later used against them aiding prosecution.  But what is of further significance is the DDOS attacks the GCHQ performed against the hacktivists’ servers.

slide1

silde2As you can see, a planned DDOS attack was carried out against the servers and resulted in a downtime of at least 30 hours.  No matter which way you look at it, this action by GCHQ is illegal, and it would have risked disruption to other services with no connection to Anonymous or its allies.

Dr Steven Murdoch, a security researcher at the University of Cambridge, said:

It’s quite possible that the server was used for other purposes which would have been entirely unrelated to Anonymous.

It’s also likely that most of the chat that was going on about Anonymous was not to do with hacking because the people who join Anonymous are fairly wide-ranging in what they think it is legitimate to do.

Some have gone into criminality but many others just go out and organise protests, letter-writing campaigns and other things that are not criminal.

But what of the legal implications?

Eric King, head of research at Privacy International commented:

There is no legislation that clearly authorises GCHQ to conduct cyber-attacks, so, in the absence of any democratic mechanisms, it appears GCHQ has granted itself the power to carry out the very same offensive attacks politicians have criticised other states for conducting.

The UK government’s Cyber Security Strategy document, (here) says officials should take “proactive measures to disrupt threats to our information security”, but also notes that any such action should be consistent with freedom of expression and privacy rights.

It seems evident to me that GCHQ are in clear violation of laws concerning freedom of expression and privacy, let alone the Computer Misuse Act 1990 which states:

Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.

(1)A person is guilty of an offence if—

(a)he does any unauthorised act in relation to a computer;

(b)at the time when he does the act he knows that it is unauthorised; and

(c)either subsection (2) or subsection (3) below applies.

(2)This subsection applies if the person intends by doing the act—

(a)to impair the operation of any computer;

(b)to prevent or hinder access to any program or data held in any computer;

(c)to impair the operation of any such program or the reliability of any such data; or

(d)to enable any of the things mentioned in paragraphs (a) to (c) above to be done.

(3)This subsection applies if the person is reckless as to whether the act will do any of the things mentioned in paragraphs (a) to (d) of subsection (2) above.

(4)The intention referred to in subsection (2) above, or the recklessness referred to in subsection (3) above, need not relate to—

(a)any particular computer;

(b)any particular program or data; or

(c)a program or data of any particular kind.

(5)In this section—

(a)a reference to doing an act includes a reference to causing an act to be done;

(b)“act” includes a series of acts;

(c)a reference to impairing, preventing or hindering something includes a reference to doing so temporarily.

(6)A person guilty of an offence under this section shall be liable—

(a)on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;

(b)on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;

(c)on conviction on indictment, to imprisonment for a term not exceeding ten years or to a fine or to both.F1]

I wonder if GCHQ are going to receive the same treatment that LulzSec did for carrying out DDOS attacks.  Somehow I doubt it.

UPDATE: Quakenet have released a statement here

Advertisements

Obama ‘reforms’ NSA & Private smartphone to preview

President Obama is currently preparing a reform package in relation to the spying activities of his National Security Agency.  His aim is to legitimatise the NSA’s currently illegal spying programs, and protect them from future whistle-blowers like Edward Snowden.

Barack Obama

President Obama is set to unveil his erosion of freedom reform plans at the US Justice Department later in the week, so watch this space.

Some people may see it as a good job then, that smartphone producer Geeksphone have teamed up with the encryption boffins at Silent Circle to offer the Blackphone.  A new smartphone that boasts secure and encrypted communications and web browsing and has been described as:

The world’s first smartphone placing privacy and control directly in the hands of its usersblackphone

Blackphone is unlocked and works with any GSM carrier. Performance benchmarks put it among the top performers from any manufacturer.

It has the features necessary to do all the things you need, as well as all the things you want, while maintaining your privacy and security and giving you the freedom to choose your carrier, your apps, and your location.

The tools installed on Blackphone give you everything you need to take ownership of your mobile presence and digital footprints, and ensure nobody else can watch you without your knowledge.

You can make and receive secure phone calls; exchange secure texts; exchange and store secure files; have secure video chat; browse privately; and anonymize your activity through a VPN.

The phone is due to be previewed next month in Barcelona at the Mobile World Congress tradeshow. Phil Zimmerman the company’s co-founder and inventor of PGP said:

I have spent my whole career working towards the launch of secure telephony products. Blackphone provides users with everything they need to ensure privacy and control of their communications, along with all the other high-end smartphone features they have come to expect.

I’m on the fence with this one to be honest, whilst in principal the concept is good, there are a couple of caveats, Firstly is the nature of the encryption, in order for it to work, you must be connected to the user of another Blackphone, so if you don’t know anybody else that’s going to get one, its pretty much useless to you.  I’m also not so sure that people may want to purchase a product that begs the question “Do you have something to hide?”.

Its a tricky situation, Obama cannot go on to continue eroding personal freedoms unchecked, yet it seems that encrypted communications may not be the answer.  How secure can these encryptions be, when the NSA is already talking of quantum computers capable of smashing today’s greatest privacy techniques within minutes?