Monday, February 10, 2014

GCHQ's dirty tricks brigade

The weekend's NSALeak: GCHQ has a specialised "dirty tricks" department:

British spies have developed “dirty tricks” for use against nations, hackers, terror groups, suspected criminals and arms dealers that include releasing computer viruses, spying on journalists and diplomats, jamming phones and computers, and using sex to lure targets into “honey traps.”

Documents taken from the National Security Agency by Edward Snowden and exclusively obtained by NBC News describe techniques developed by a secret British spy unit called the Joint Threat Research and Intelligence Group (JTRIG) as part of a growing mission to go on offense and attack adversaries ranging from Iran to the hacktivists of Anonymous. According to the documents, which come from presentations prepped in 2010 and 2012 for NSA cyber spy conferences, the agency’s goal was to “destroy, deny, degrade [and] disrupt” enemies by “discrediting” them, planting misinformation and shutting down their communications.

Both PowerPoint presentations describe “Effects” campaigns that are broadly divided into two categories: cyber attacks and propaganda operations. The propaganda campaigns use deception, mass messaging and “pushing stories” via Twitter, Flickr, Facebook and YouTube. JTRIG also uses “false flag” operations, in which British agents carry out online actions that are designed to look like they were performed by one of Britain’s adversaries.

To some extent this is unsurprising - spies have always played their silly little spy games against each other. The problem is that their targets aren't just spies, but also include the media and hackers. The first is no business of any government agency in any democratic society. As for the second, quite apart from intruding on the territory of law enforcement (and thus raising some nasty totalitarian spectres), there are also problems of proportionality and discrimination. Their method of attacking Anonymous, for example, involved a DDOS attack which
also interrupted the web communications of political dissidents who did not engage in any illegal hacking. It may also have shut down websites with no connection to Anonymous.

This is the internet equivalent of carpet-bombing an entire neighbourhood, with the freedom of speech of innocent bystanders as collateral damage.

But apart form that, its also simply illegal - as the original article notes, "GCHQ has no clear authority to send a virus or conduct cyber attacks". When hackers do this, they go to jail. Shouldn't the same apply to the spies? Or is the law really only to keep the peasants in line?