Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website www.alemarah.info, and carried out by infamous patriot hacker The Jester (th3j35t3r).
The video release follows an earlier announcement that The Jester has been working to improve and automate aspects of the attack method, which unlike a DDoS attack, requires only one low spec machine to implement.
(view Fullscreen mode for the best experience)
“This is an early beta version demo of XerXeS from about three weeks ago. I am still developing it, adding more features and safety nets, in fact it's moved on quite a lot since this version. Video of the upgrades to come at a later date,” said The Jester in an IM chat Monday.
Improvements over earlier versions of XerXeS include the ability to monitor feedback from the target server and adjust the attack to counter the network’s defenses.
“There are three aspects to XerXeS: There is the DoS attack, there is the means to carry out the attack undetected, and the means to auto-adapt the attack vectors as the target attempts to fight back.”
Further upgrades will include target identification and selection, with the end goal being a series of random disruptions to militant pro-jihad websites, which could be used for recruitment, propaganda, and even the command to carry out a terrorist attack.
In earlier interviews,The Jester indicated that the attack is not so complicated that it could not be replicated by hackers who may choose to target critical networks vital to our infrastructure and economy, like banks, utilities, and telecom systems.
The Jester claims the XerXeS attack can successfully disable the vast majority of websites.
“This current incarnation is still unstable; I couldn't rely on it to knock out any given site on demand. XerXeS can presently take out 90% of web services.”
The Jester says he has received multiple death threats from terrorist groups and even sovereign entities, and remains apprehensive about his personal security and the effect the release of this video may have on his ability to remain unidentified, and alive.
“Releasing this video is a kind of a scary move for me. Cursory observers will try to brand me as a skiddie still - not realizing I actually designed and coded this thing.”
In the several demonstrations I have witnessed in real time, The Jester is always quick to point out his claim that his attacks produce absolutely no permanent damage to the target site, or any intermediary nodes.
“There is no collateral damage at all. So, no friendly websites were harmed during the making of this video.”
The debate continues as to the ethicality of The Jester’s one-hacker crusade. Currently, the poll at Infosec Island has the majority of security professionals registering their support for The Jester’s exploits.
Watch the video demonstration, and then register your opinion in the comments field below.
Does The Jester’s conditional offer of cooperation warrant the extension of some sort of immunity in exchange for critical information that could be employed both against “enemy” systems and also in defense of our own?
Infosec Island will continue to follow The Jester’s story, with more exclusives on the way.
© 2010 Infosec Island - All rights reserved