Th3J35t3r: Don’t Dox The Man, Dox The Actions

Wednesday, March 14, 2012

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

Over the last few years, Jester has been out there making waves and headlines. I have been watching all of this with a jaundiced eye and think that its once again time I sit down and put my thoughts on paper, so to speak, about his antics.

Recently, he had been pretty quiet until I posted another piece about him prompted by a SANS report on him and Asymmetric Warfare.

Approximately 2-3 days after this post, Jester suddenly released a tale about his QR code exploit and dumped a PGP file as alleged proof of his exploits worthiness.

To me this just smacked of a positive response to his negative press that I perhaps helped put out there with my post. It all just seemed a bit too coincidental to me that someone just came along and noticed his QR code, thus foiling his plan. He could have just said it was a lark... Instead he released the “details” and suddenly he was in the press again as a hero or a novelty. So I had a sit down and a think about it all…

And this is the result.

Operational History:

Upon reflection I should probably call this section “Operational Hysteria” but meh, I will go with it this way. Since Jester showed up on the internet with his DDoS attacks I have been calling into question the “why” and not caring as much about the “who”.

As others went on (anonymous and others) to try and “dox” him it became apparent that it would not work because he had allegedly covered his tracks. I too attempted to look into who it may be and got pretty much nowhere and gave up as he was more an annoyance than anything else in my book.

But, back to the issue at hand. Jester’s operational history is much more interesting in that you hear a lot about his “exploits” but you really don’t hear about the effects that they bring about. As such, I would call you all to pay attention to the facts of what has happened thus far.

  • DDoS: He claims to have DDoS’d jihadi sites and Anonymous sites
  • DOX-ing: He alleges that he dox’d Sabu
  • Tampering Exploits: He alleges that he uploaded a tainted LOIC version for the Anonytards to use and thus pwn themselves
  • QR Code Exploits: Lastly, he alleges that he created a QRC exploit kit using his Twitter account and pwnd a bunch of phones, downloading pertinent data on the “villains” that he had on a list

This post is being put forth to separate the wheat from the chaff on his stories and to demystify, hopefully, for some the myth versus the reality of just what has been going on. I do this because I think that all too many people are just buying into the stories by accepting “trust me, I did it” instead of real proof of actions and outcomes.

Some will say that I just have it in for him after his “blue on blue” attacks on me, and yes, I will cop to that too, but, it’s become more of a debunking thing instead of as some have said “sour grapes”. I say this because those who think that it’s all about sour grapes aren’t actually taking into account that there is any real proof of his exploits being effective or in fact really having happened (case in point the QR code thing recently, we just have his story on a blog and an encrypted file that no one can decrypt as proof).

People should question things a bit more in today’s world of Anonymous, and cyber warfare. In this case, I not only question the motivations of the Jester, but also his modus operandi as well. There, to me, seems to be a pattern of talk about operations, press releases if you like, and then very little actual proof that anything has been really done nor any real net effects being captured to lend credence to his operations being effective.

Proof Of Operations:

So, on the proof side lets take a look at the op’s that he has alleged he has carried out and just what we can cobble together as to real outcomes:

  • DDoS: He did indeed DDoS sites offline for short periods of time. In the case of Jihadi’s as well as Anonymous targets, it did little to stop them from operating online. In the case of the Jihad, he had made claims that he was “driving them” into actions that he did not elaborate on. In the case of the jihad, I have been intimately involved in monitoring these sites and the players out there. In my estimation, he has done little at all other than annoy the jihadis. I have made this point many times in the past in fact. The online jihad is carried out on multitudinous sites that are mirrored and have quite a high availability factor to start.
  • DOX-ing: Jester alleges that he dox’d Sabu, which he does lay out the name and some other data but, this has been born out to be after the fact. Backtracesec were the first to put out the name as well as others inside the Anonymous collective who were unhappy with the way things were going. It was Backtrace though, who had the real background data and dossier that was quickly removed from the internet at the behest of the FBI. So, any claims to doxing Sabu are circumspect at best because the Backtrace release was pretty well know. I in fact wrote a post backing up their findings using Maltego on their data.
  • Tampering Exploits: Jester alleges that he uploaded a tainted LOIC version for the Anonytards to use and thus pwn themselves. This is hard to prove as there was no real release of data from compromised systems. As Jester is “anonymous” he cannot lay out the data (he claims) so there is no way to verify that it is indeed code he created but, the code and the tainted files were available for download. So, it may or may not have been him doing all of this as well as there “may” have been some who downloaded it and used it. There is however, no proof that anyone did and in fact any data was used to make arrests of anyone using this version of LOIC. In fact, the release of the exploit on jester’s blog only really served jester as publicity. Operationally, it compromised the op… If there was indeed one.
  • QR Code Exploits: Jester alleges that he created a QRC exploit kit using his Twitter account and pwnd a bunch of phones, downloading pertinent data on the “villains” that he had on a list. This exploit, according to him, netted data of users who actually scanned the QR code on their smart phones and as an exploit is already being questioned by certain people (here and here) The questions concern the outdated nature of the exploit code that Jester is claiming to use as well as the operational issues over the use of netcat and other means he claims he did. According to some, these would in fact not work or could not work.

In the end the QR exploits effectiveness or even actually working on any phone, cannot be proven because once again, we just have Jester’s word that he obtained data. Jester did put out a PGP encrypted file that he claims is some of the data he harvested, but, as usual, no one has the key to open it. So, again, we have claims of operational work but no real proof of any kind of solid outcome from the operation. This means that again, we have to take him at his word and for me, that just doesn’t cut it.

All of these exploits or operations that Jester is laying claim to have little to no proof backing up their worth or their working and this is the crux of the matter. Not who he is.. But what has he really done... And Why?

Motivations:

So, why would Jester be doing all of this? He would claim that he is just a patriot, a former SPECOPS guy, a man of action. Others might say that he is just a man on a mission with an active imagination. Yet others might wonder if he is a he at all, maybe he is a “they” and perhaps this is all a means to a larger end that is being supported by the military or the government.

Personally, I am not too sure that any of these fit the bill. Perhaps it’s a melange of all of these and Jester was a military guy with some hacking skills who is being supported by the DoD as a means to get more people to elist. Maybe he is just someone seeking attention for himself.

I know, some have said “But wait! He’s anonymous so how can it all be about seeking attention for himself?!” Uhh, yes Virginia, someone CAN in fact get and revel in attention even though “they” are not known by many for who they are so that argument falls quite flat.

Out of the multiple choices here though, I lean more toward a single actor seeking attention, but, will fall back on the idea that this is a permissed operation with a wink and a nod to benefit the “Cyber Brigades” of the world. That this guy wraps himself in the flag every time and calls people Ma’am or Sir in IRC just bespeaks the whole patriot angle.

Now, that the operations have been either failures or not proven to have had any effect on their targets becomes immaterial to the outcome of garnering attention by the very nature of the “secret” nature of the program that jester is putting out there as fact. It’s a self fulfilling prophecy for those who wish to idolize him as well as perhaps “fear” his machinations.

Though, I don’t see too many people being that afraid of him. Nope, this all boils down to “what has he really done” to show you the “why has he done it” Since there have been no real big wins proven by actual details, I think it’s more about gathering attention or creating a legend, a sort of Sorkh Razil of the internet if you will.

In the end, I cannot say with certitude why Jester is doing what he is doing. All I can say is that he has never been able to present definitive proof that he has really done anything at all.

Inside The Fact Impervious Bubble:

It is this central problem of not really proving having done anything other than some DDoS attacks on hapless jihobbyist sites that has me in awe of the media and public response out there to his antics. Inside the Impervious Fact Bubble or IFB ™ so many have just glommed on to him and his exploits as a rallying call. Someone’s gotta “git er done” and by golly Jester will!

Even in the face of the stunning lack of real outcomes from his “operations” the mystique of the “Red Rascal” has played out for him well. There are many people who just eat it up and rally to Jester as if he were the single handed savior to them all on the internet.

So, with every exploit that Jester claims he has perpetrated, the masses who believe in him without critical thinking cheer him on and look up to him. His IRC chat room has been a well of wanna be’s and hangers on as well as a place for trolling but the majority of it seems to be the former and not the latter.

Believers get to visit with their hero and the trolls (non believers or anonymous minions who hate him) all the while he puts out his rep that he is the lone soldier in a war on terror, be they Anonymous or Islamic Jihad. All of this though, never seems to include any of the critical thought surrounding proof of his exploits or any real outcomes from them.

Why is this? Are people just that in need of a hero? I have to wonder, but it would seem that this all grants Jester a lot of attention and love from his followers, attention that I believe he revels in.

Conclusions:

Overall, my conclusions are that Jester has never really proven his worthiness to be adulated or looked up to. His swagger and his chutzpa only bedazzle those not willing to do more looking than to his blog or his twitter on his exploits worthiness.

If indeed Jester is the sole proprietor of this operation, he has a pretty perfect means to garner attention with minimal output other than some creative writing and claims of grand schemes. Because the operations and their outcomes are super secret, it is the perfect scam really. After all, how can you prove anything didn’t happen? It’s all secret you know.

On the other hand, if this is some sort of condoned or sanctioned operation, what ends would there be? My suspicion would be to generate a buzz around such actions so as to make something like the “cyber brigade” a real attractive thing to the masses of hacker wannabe’s out there. If they all want to be like Jester, then they will sign right up for the brigade.

I however have yet to see a real hand in this game from the military side. Nor have I ever been given any proof that these operations have had any real palpable effects on the targets to move them in directions perhaps the military or the government might like.

Thus it leads me back to the first premise. Jester may just be a person or a small group of people with an agenda of their own. An agenda that include a media arm and attention from said media and the populace and not altruism or patriotism. If indeed he/they think that they are doing something greater, then he/they are deluding themselves.

Unless Jester can prove to me that there has been substantial action resulting in arrests or breaking up of cells (jihadi or other) by direct response to his/their actions, I just feel that it’s self aggrandizement on a grand scale.

So, J, if you really are doing something. prove it and I will take all of this back and support you. If not... Then you know where I stand… As you have before.

K.

Cross-posted from Krypt3ia

Possibly Related Articles:
9010
Network->General
Information Security
Denial of Service Jester Attacks Exploits th3j35t3r Anonymous Hacktivist Doxing jihadist Sabu QR-Code
Post Rating I Like this!
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Some of Jester's tactics may include purely psyop actions that could incorporate an element of bluffing, but all in all I think there is plenty of proof of his conducting authentic ops.

The XerXeS DoS attacks are well documented - sure, he has not single handedly brought down all the online jihadists, but then again them most powerful military in the world has been in Afghanistan for ten years and is still having a tough go at ridding the nation of the Taliban, so perhaps gauging effectiveness in absolutes is not the best measure.

While the legitimacy of the QR-code exploit may be in question to some extent, no doubt more will come out on it before long.

Of all the Jester ops you cited, you failed to mention the Libyan psyops campaign where he injected faux stories of Qaddafi loyalists deserting their ranks - again, he did not bring down the regime, but similarly dropping propaganda leaflets never won a war either - but the tactic is nonetheless still valuable on the whole.

Perhaps looking at how these kinds of tactics contribute in the big picture is a better way to judge their success.

In America's revolutionary efforts against the British Crown, it was the aggregate of actions by individuals which collectively had an impact on the outcome of the war. Would anyone want to discount Thomas Paine's "Common Sense" (for example) as a trivial effort with no value? OK - that's a weighty comparison, but mostly because we have 236 years of hindsight.

Just saying, I think there is value in Jester's mission.
1331764160
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia Ever the optimist Anthony. I will grant you I missed the Libyan thing, but still, not that much of a psyop in my opinion.
K.
1331776132
0b8d1c9dc5f4a80e6646d8d18b8683fe
Ben Keeley 'In the end the QR exploits effectiveness or even actually working on any phone, cannot be proven because once again, we just have Jester’s word that he obtained data. Jester did put out a PGP encrypted file that he claims is some of the data he harvested, but, as usual, no one has the key to open it. So, again, we have claims of operational work but no real proof of any kind of solid outcome from the operation. This means that again, we have to take him at his word and for me, that just doesn’t cut it'

Are you suggesting then that the Jester should release information to the public, which may affect any evidence law enforcement offices could seize? (presuming the hack was real of course) i.e. release information regarding who has been co-operating with undesirables and those individuals then have a chance to trash incriminating evidence all to satisfy certain members within the infosec community?

If by the Jester's actions he/she/they encourage some to think twice before doing something dumb/stupid or inconvenient for us in the industry then I say fair play to him/her/them (even if we all have technical questions as to how).
1331824275
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia Ben,
Good point, but, this is if you believe in actuality he/she/they is working with any federal entities and or dropping data to them. So far, I am unaware of any such drops.
K.
1331845191
296634767383f056e82787fcb3b94864
Jeffrey Carr Let's be consistent. Either cyber vigilantes are good things to have or not. Anonymous took down child porn sites. Jester took down Libyan sites. You can't endorse the one while vilifying the other when the actions are the same.
1331912339
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia Jeff, I don't think I have ever endorsed jester. On the Anonymous thing with the darknet, yeah, I agreed with what they did there as opposed to the anime site. My opinion there as when I spoke to FBI they said there wasn't much they could do. Now, lets extend this further shall we?

Is Jester really a vigilante or the pet project of the military?

Riddle me this.

If he is indeed the tip of the spear as he might want you to believe, then, where do we stand as a country and a military force?

The point of this article was not about the vigilante but the fact that inasmuch as what is out there, his actions have been minimal and un-provable.

K.
1331913856
296634767383f056e82787fcb3b94864
Jeffrey Carr Sorry, Scot. I should have specified that my comment was directed at Anthony's comment. :-)
1331915771
6d117b57d55f63febe392e40a478011f
Anthony M. Freed My comment was not intended to do anything other than give the discussion a larger, more historical context. From that point of view, even some Anon actions like facilitating communications for opposition groups during the Arab uprisings after the internet blackouts could be viewed as having value. As with any vigilante activity, each act must be evaluated on a case by case basis, and opinions will vary greatly based on one's relative point of view.
1331919494
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia Jeff, It's all good. I thought the streams were crossed but I still have so many questions here and contentions.
1331920307
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.