Anonymous Million Mask March in London
A protestor poses in a Guy Fawkes mask in front of police protecting Westminster Abbey as part of Anonymous' Million Mask March. IBTimes UK

The UK government's spy wing, GCHQ, has been using distributed denial of service (DDoS) attacks - known as 'Rolling Thunder' - against members of the online hacking collectives such as Anonymous, LulzSec and the Syrian Electronic Army according to leaked documents from Edward Snowden.

The UK government has now been labelled as the first western government to carry out DDoS attacks against its own citizens and faces a lot of criticism for attacking what is seen as free speech.

The attacks, which targeted chat rooms being used by hacktivists, may also have knocked legitimate websites using the same servers offline according to some experts.


One of the members of LulzSec mentioned in the leaked documents was Jake Davis (aka Topiary) who was subsequently arrested and sentenced to 24 months in a young offenders institute.

In response to the revelations, Davis told IBTimes UK:

GCHQ Reuters

"How can they even be permitted to launch these attacks at all? There's no justification for how nonchalant a democratic government can be when they breach the very computer misuse rules they strongly pushed to set in place."

Anonymous rose to prominence in recent years thanks to high profile attacks against law enforcement agencies and companies such as Sony and PayPal.

During that time the group frequently used DDoS attacks to knock websites and systems offline, but it now appears that the very tools it was using against others were being used by GCHQ to thwart the actions of Anonymous.

Rigorous oversight

The leaked documents, obtained by US broadcaster NBC, show that GCHQ used DDoS attacks to shut down communications among hacktivists, which, according to NBC, makes the UK the first Western government known to have conducted such an attack.

In reponse, a statement from GCHQ read: "All of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensure[s] that our activities are authorized, necessary and proportionate, and that there is rigorous oversight."

The leaked Power Point documents were prepared for a 2012 NSA conference called SIGDEV and reveal that a unit called Joint Threat Research Intelligence Group (JTRIG) dubbed the attacks 'Rolling Thunder'.

When you consider some of the victims of Lulzsec's attacks (GCHQ, CIA, SOCA), it makes sense that they themselves would become a target.
- Andrew Miller, Corero

The attacks targeted internet relay chat (IRC) rooms, one of the main ways members of these activist groups communicated with each other.

Andrew Miller, Chief Operating Officer at Corero Network Security, says the revelations shouldn't really come as that much of a surprise: "From a certain aspect it's not the type of attack you would expect a western government to be using, but when you consider some of the victims of Lulzsec's attacks (GCHQ, CIA, SOCA), it makes sense that they themselves would become a target."

Legal minefield

However Miller goes on to say that the revelations do throw up some troubling legal issues:

"Legally, we enter a very grey area here; where members of Lulzsec were arrested and incarcerated for carrying out DDoS attacks, but it seems that JTRIG are taking the same approach with impunity."

The slides list a number of activist groups, including Anonymous, LulzSec and the "Syrian Cyber Army" which likely refers to the Syrian Electronic Army. It also lists the groups' targets which include governments, banks, copyright associations, corporations and political parties.

The leaked slides name three members of Anonymous who were identified through IRC channels - GZero, P0ke and Topiary.


G-Zero was the online persona of Edward Pearson, who was convicted in 2012 of stealing the personal details of 8 million people and information from 200,000 PayPal accounts.

Pearson, from Lendale, York, was sentenced to 26 months in jail.

GCHQ has able to identify the Anonymous member known as P0ke (NBC redacted the hackers' details to protect his/her identity) but the UK authorities were never able to arrest him/her.

However they were able to identify and arrest Topiary - who turned out to be Jake Davis, and 18-year-old member of Anonymous and LulzSec who ran the latter's Twitter account.