Rob Kints / Shutterstock.com

Hacker collectives Anonymous and LulzSec have both been the targets of cyber attacks by UK government spy agency GCHQ, according to a report by NBC News put together by several journalists including Glenn Greenwald.

Evidence of the attacks was discovered in a PowerPoint presentation included in the documents passed to Greenwald by former NSA contractor Edward Snowden. The presentation, which had been prepared for an NSA conference in 2012, showed that a GCHQ unit called the Joint Threat Intelligence Group (JTRIG) launched distributed denial of service (DDoS) attacks to target hackers and political dissidents -- some of whom were not hackers themselves.


Thanks to the actions of GCHQ, the UK is the first western government known to have launched a DDoS attack, says NBC.

Usually it is governments themselves, along with banks and retailers that are the subjects of DDoS attacks. The PowerPoint presentation detailed an operation called "Rolling Thunder", under which it used DDoS attacks and other techniques to scare away 80 per cent of users from Anonymous chatrooms.

Read next You can now make encrypted video calls with Signal You can now make encrypted video calls with Signal

Also included in the documents was evidence that JTRIG targeted individual hackers, some of whom had been stealing confidential data, some of whom had been targeting government websites and some of whom were teengaers never charged with any crime. The presentation showed that GCHQ agents had been posing as hackers in order to gather human intelligence from four hacktivists, including G-Zero, p0ke and Topiary.

In one case, an agent chatting to p0ke sent the hacker a link to a BBC article, which when p0ke clicked on it, allowed JTRIG to find the IP address of the VPN the hacker was using. In order to pull up this information from the VPN, JTRIG would either have had to hack into the network, ask the VPN or ask the local law enforcement to request it from the VPN. NBC reports that a representative from the VPN has said it did not provide GCHQ with any of the hacker's personal information, but said that it had on occasion cooperated with requests from local authorities.


In the end, p0ke was never arrested, unlike fellow Anonymous member and LulzSec spokesperson Topiary. Topiary, whose real name is Jake Davis, spoke at Wired 2013 last October about his arrest.

Nate Lanxon / Canon 5D MkIII

"They flooded my house, grabbed all my electronics, tore down some posters, opened up my fridge and freezer and looked at the food in case I was hiding microSD cards in my fish fingers," he said. Davis was then flown to London in a private jet from his home in the Shetland Islands, held as a Tier 1 threat to national security, banned from the internet for two years, given an electronic tag and then was sentenced to two years in a young offenders institution.


One slide within the presentation also details how JTRIG agents used Facebook, Twitter, email, instant messenger and Skype to contact hackers with the message: "DDOS and hacking is illegal, please cease and desist."

Davis has today responded to the news with an opinion piece in the International Business Times, as well as tweeting: "I plead guilty to two counts of DDoS conspiracy and to my face these GCHQ bastards were doing the exact same thing. "The UK government banned a 16-year-old boy (@musalbas) from the internet for two years while they themselves were launching illegal attacks. "Following latest GCHQ revelations, who are the real criminals?"

A GCHQ spokesperson reiterated to Wired.co.uk the agency's stance that it operates within the law. "It is a long-standing policy that we do not comment on intelligence matters," said the spokesperson. "Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position."