Slashdot Mirror

← Back to Stories (view on slashdot.org)

Britain's GCHQ Attacked Anonymous Supporters With DDoS

Posted by Unknown on from the something-about-watching-watchers dept.

An anonymous reader writes "NBC News reports that, during a 2012 NSA conference called SIGDEV, GCHQ's Joint Threat Research Intelligence Group bragged about using Distributed Denial of Service (DDoS) attacks against members of Anonymous during an operation called Rolling Thunder in 2011 (there is evidence that says it was a SYN flood, so technically it was a simple DoS attack). Regular citizens would face 10 years in prison and enormous fines for committing a DoS / DDoS attack. The same applies if they encouraged or assisted in one. But if you work in the government, it seems like you're an exception to the rule."

16 of 133 comments (clear)

  1. In defense of GCHQ... by korbulon · · Score: 4, Funny

    ...No, I got nothing.

    1. Re:In defense of GCHQ... by Anonymous Coward · · Score: 5, Insightful

      But they're trying to stop T E R R O R I S T S ! ! !

      Protesters are not terrorists. Sadly our governments don't make that distinction.

    2. Re:In defense of GCHQ... by Anonymous Coward · · Score: 5, Insightful

      But they're trying to stop T E R R O R I S T S ! ! !

      Protesters are not terrorists. Sadly our governments don't make that distinction.

      No, that's not sad, it's quite terrifying.

      What's sad is that the secret agencies been treating activists like terrorists to maintain the corporate status quo since their inception over a century ago. That's what "national security" is.

    3. Re:In defense of GCHQ... by emagery · · Score: 4, Interesting

      While I understand I am replying to a point of sarcasm, nethertheless we really should invest some time in using words correctly. Terrorists user terror to achieve a goal. Period. Activists use activism to achieve a goal. Vigilanteism may or may not use terror, but it is using directed force (of one form or another) to achieve a goal (in this case, hacking deleterious services in the name of 'justice' as understood by those engaging in it.) Whether justified or not or misdirected or not, it's not terrorism unless the force being applied is terror, and that does not accurately describe anonymous. Tangentially, I wish we'd do the same with words like LIBERAL (to behave permissively) vs. AUTHORITARIAN (to behave restrictively) or CONSERVATIVE (to resist change) vs. PROGRESSIVE (to seek change.) In all cases, the context is what's most important. Are you permissive toward personal in-home nondangerous lifestyles? Well, then you're socially liberal and probably democratic (party) leaning. Are you permissive towards gigantocorporations buying legislation and dumping toxins into water supplies on the cheap? Then you're corporately (neo) liberal. Hell, you have to be both liberal (towards individuals) and authoritarian (toward those arguing to take personal liberties away) to achieve and end... so I guess using D(D)oS against D(D)oSers almost makes sense. MEH! I just wish people would be simple and clear about the labels we through around and understand them in contexts.

  2. In other news... by Anonymous Coward · · Score: 5, Insightful

    In other news, the UK military can drive tanks, fire missiles & carry weapons - but regular citizens cannot.

    It's all about oversight, not an attitude of "why can't we legally do this too?".

    1. Re:In other news... by AmiMoJo · · Score: 3, Insightful

      The military can only use those weapons against other militarys and with direct authorization from the government. GCHQ feels it can use cyberattacks against citizens who had no, at the time, been convicted of or even charged with any sort of crime, with no oversight or authorization.

      At most the Anonymous DDOS attacks were a criminal matter for the police, not national security or warfare.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. The question is: have this been reported? by Megol · · Score: 3, Insightful

    To the police that is? That government agents (no not only the 007 kind) tend to overstep their authorities and commit crimes from time to time isn't that uncommon or even strange (even a government consists of people after all) but the solution to that is to report the event to police and let the legal system handle it. And hope the guilty are punished, sadly that isn't certain...

  4. The Schutzstaffel by pigsycyberbully · · Score: 4, Insightful

    http://pigs-at-gchq.com/ Do laws matter? When all agree to abide by a law it is called a social contract in English. “An agreement among the members of a society to cooperate for mutual social benefits, by safeguarding individual freedom for state protection.” The Oxford dictionary puts it this way: “Agreement among the members of a society or between a society and its rulers about the rights and duties of each.” The U.K. and the U.S. authorities have broken this agreement so badly in so many different ways that the future is not looking very good. Until they agree to keep within this social contract I will simply tell them at every opportunity to fuck off. Hope you do the same.

    1. Re:The Schutzstaffel by gstoddart · · Score: 5, Insightful

      Anonymous had already broken the social contract.

      I believe you'll find Anonymous is breaking the social contract because governments have already done so.

      You've completely missed the part where the GP said:

      "Agreement among the members of a society or between a society and its rulers about the rights and duties of each." The U.K. and the U.S. authorities have broken this agreement so badly in so many different ways that the future is not looking very good.

      I find it difficult to disagree with the notion that the governments have already broken the social contract, and Anonymous is a reaction to that.

      I don't necessarily agree with everything Anonymous does -- but I sure as hell understand the reason for them existing. When your rulers are unjust, you have little recourse except to break the social contract as well.

      That those same unjust governments decide that gives them free reign to continue to be unjust is just more of the same.

      --
      Lost at C:>. Found at C.
    2. Re:The Schutzstaffel by cold+fjord · · Score: 3, Insightful

      I believe you'll find Anonymous is breaking the social contract because governments have already done so.

      Perhaps you could explain then how attacking random people and corporations is a useful reaction? Anonymous aren't out to "enforce" the social contract but for "lulz" or to satisfy their pique. They are cyber vandals, little more. Anonymous is no more justified in most of what they do than most any other vigilante group.

      I don't necessarily agree with everything Anonymous does -- but I sure as hell understand the reason for them existing. When your rulers are unjust, you have little recourse except to break the social contract as well.

      Then you basically negate the social contract entirely since there will always be someone or some group that can claim that they have been treated unfairly, and we now move to the realm of vigilantes. I don't see them fighting for noble causes in the case of genuine oppression so much as petty grievances and fringe causes. They vandalize over the irk of the hour despite their noble claims.

      You will notice that they are heavily active in Western democracies which have many rights guarantees, social safety nets, and little or no meaningful political oppression. Perhaps you can tell us, what country would they not vandalize? Where can we find an order so universally just and beyond reproach from every viewpoint, including the insane, juvenile, or foreign, that it cannot be assailed?

      They neither support nor enforce the social contract, they undermine it.

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    3. Re:The Schutzstaffel by Pav · · Score: 3, Insightful

      ...and we all know the vastly less powerful are equally morally culpable. That's why bombing illiterate goat herding religious nuts is also universally accepted as the epitome of Great Justice. Just replace "angry citizen" in this analogy... how could anyone fail to see?

  5. Windows can be also, easily... apk by Anonymous Coward · · Score: 3, Informative

    DDoS/DoS CAN be stopped (Microsoft & Amazon are setup PERFECTLY vs. it in fact, read on below on that note)!

    ---

    Microsoft Windows NT-based OS settings vs. DoS:

    Protect Against SYN Attacks

    FROM -> http://msdn.microsoft.com/en-u...

    A SYN attack exploits a vulnerability in the TCP/IP connection establishment mechanism. To mount a SYN flood attack, an attacker uses a program to send a flood of TCP SYN requests to fill the pending connection queue on the server. This prevents other users from establishing network connections.

    To protect the network against SYN attacks, follow these generalized steps, explained later in this document:

    Enable SYN attack protection
    Set SYN protection thresholds
    Set additional protections

    Enable SYN Attack Protection

    ---

    The named value to enable SYN attack protection is located beneath the registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters.

    Value name: SynAttackProtect

    Recommended value: 2

    Valid values: 0, 1, 2

    Description: Causes TCP to adjust retransmission of SYN-ACKS. When you configure this value the connection responses timeout more quickly in the event of a SYN attack. A SYN attack is triggered when the values of TcpMaxHalfOpen or TcpMaxHalfOpenRetried are exceeded.

    ---

    Set SYN Protection Thresholds

    The following values determine the thresholds for which SYN protection is triggered. All of the keys and values in this section are under the registry key

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters

    These keys and values are:

    Value name: TcpMaxPortsExhausted

    Recommended value: 5

    Valid values: 0?65535

    Description: Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.

    Value name: TcpMaxHalfOpen

    Recommended value data: 500

    Valid values: 100?65535

    Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state. When SynAttackProtect is exceeded, SYN flood protection is triggered.

    Value name: TcpMaxHalfOpenRetried

    Recommended value data: 400

    Valid values: 80?65535

    Description: When SynAttackProtect is enabled, this value specifies the threshold of TCP connections in the SYN_RCVD state for which at least one retransmission has been sent. When SynAttackProtect is exceeded, SYN flood protection is triggered.

    ---

    Set Additional Protections

    All the keys and values in this section are located under the registry key

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters. These keys and values are:

    Value name: TcpMaxConnectResponseRetransmissions

    Recommended value data: 2

    Valid values: 0?255

    Description: Controls how many times a SYN-ACK is retransmitted before canceling the attempt when responding to a SYN request.

    Value name: TcpMaxDataRetransmissions

    Recommended value data: 2

    Valid values: 0?65535

    Description: Specifies the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection.

    Value name: EnablePMTUDiscovery

    Recommended value data: 0

    Valid values: 0, 1

    Description: Setting this value to 1 (the default) forces TCP to discover the maximum transmission unit or largest packet size over the path to a remote host. An attacker can force packet fragmentation, which overworks the stack.

    Specifying 0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.

    Value name: KeepAliveTime

    Recommended value data: 300000

    Valid values: 80?4294967295

    Description: Specifies how often T

  6. Re:Perspective by AHuxley · · Score: 4, Insightful

    There is not 'exception to the rule' under UK law. You have to have some 'ok' from the gov to do this. The GCHQ staff understood that when they first collected all calls (domestic too) via their Intelsat efforts in the 1960's.
    The Intelligence Services Act of 1994 offers a lot of new legal protections, then the Intelligence and Security Committee, SIGMod (sigint modernisation) followed in mid 2000 with more legal backing. Open court use of material is still under GCHQ veto, most is "passed" to other groups, MI5, ~ Special Branch.
    The use of a "packet flood" back up would have been a new step beyond passive logging and longer term infiltrating efforts.

    --
    Domestic spying is now "Benign Information Gathering"
  7. Re:GCHQ: "Hey guys.. DDoS attacks are illegal!" by 16Chapel · · Score: 3, Funny

    That's what she said, WOOOOOOOO

  8. Re:GCHQ: "Hey guys.. DDoS attacks are illegal!" by dreamchaser · · Score: 3, Insightful

    It's illegal in most places for private citizens to lob military grade ordinance around, but not for Governments.

  9. Re:GCHQ: "Hey guys.. DDoS attacks are illegal!" by Patch86 · · Score: 5, Insightful

    If government agents lobbed military-grade ordinance at innocent civilians in the UK, we'd call that unlawful killing and lock the bastards up. And by the same token, if GCHQ had DoS'd targets belonging to legitimate wartime enemies, we wouldn't be criticizing them.

    As a rough rule of thumb, the government isn't allowed to do things to citizens above and beyond what any civilian could do without a court mandate or a valid piece of legislation. Unless GCHQ have such a thing, they did wrong.