The Jester Posts PGP Data File from Webkit Exploit Op

Monday, March 12, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

The Jester has posted a link to the data exfiltrated during last week's Webkit exploit aimed at curious mobile device users who scanned the QR-code posted as an avatar on his Twitter account and then were cross-referenced with a database of targeted jihadi and Anonymous operatives:

"The resulting raw dump of the verbose output log from this exercise can be downloaded using the link below – although it’s encrypted with my PGP Public key. Have fun with that," Jester stated.

The update was followed by The Jester's oft used credo, "There’s an unequal amount of good and bad in most things, the trick is to work out the ratio and act accordingly.

When asked via direct message how the encrypted file could be unlocked, Jester replied "I don't release info to public, that's an Anon tactic. The plaintext raw version is in the correct hands tho. I got only one thing in this life. My integrity. I wont be painted with their brush. Even if I am seen as similar. Peace."

"Again its a multi faceted op. It happened. But not releaing the dump directly to public keeps my integrity and leaves the guilty with work," Jester continued.

The operation was intended to snare targets The Jester had previously identified and aggregated in a database, while leaving non-targets unscathed.

Those who had scanned the QR-Code with any Android or iPhone mobile device and corresponded to the set of previously identified targets ended up having their address books, texts and emails exfiltrated and now posted online via this PGP file.

The full write up of the exploit by The Jester along with screenshots and exploit code samples can be found here:

Source:  http://th3j35t3r.wordpress.com/2012/03/09/curiosity-pwned-the-cat/?utm_source=Jester%27s+Court+Blog&utm_medium=twitter

Possibly Related Articles:
16357
PDAs/Smart Phones
Jester PGP Mobile Devices Exploits th3j35t3r Anonymous Hacktivist Lulzsec jihadist AntiSec Data Dump QR-Code
Post Rating I Like this!
B015b25fe490dc51917e31c791d69236
Matt Hazz Assuming this whole thing wasn't a complete hoax on The Jesters part. I wouldn't put it past him. Exactly the type of thing he would do. I mean no one has come forward with a hacked phone and said "Hey, look at my logs, The Jester hacked me!" The only proof that we have that this elaborate hack occurred is The Jesters word that it happened.

Now I don't doubt his skills that he could pull off this sort of attack, I think it is perfectly within his capability I just don't think it is his style. He would rather scare people so much they screw up and reveal stuff themselves than go on the offense and actively attack people like this.

Until I see independent third party verification of this attack, I'm calling bullshit.

- H4zzmatt
1331586718
6d117b57d55f63febe392e40a478011f
Anthony M. Freed While I agree that third-party confirmation would put to rest the notion of a hoax, I also believe that Jester does not actively act to discredit himself by announcing bogus ops, especially when the target pool was so small and the quantity/usefulness of the data harvested unknown.
1331587312
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.