Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for March 14th, 2012

TH3J35T3R: Don’t Dox The Man, Dox The Actions….

with 9 comments

Preamble:

Over the last few years, Jester has been out there making waves and headlines. I have been watching all of this with a jaundiced eye and think that its once again time I sit down and put my thoughts on paper, so to speak, about his antics. Recently, he had been pretty quiet until I posted another piece about him prompted by a SANS report on him and Asymmetric Warfare Approximately 2-3 days after this post, Jester suddenly released a tale about his QR code exploit and dumped a PGP file as alleged proof of his exploits worthiness.

To me this just smacked of a positive response to his negative press that I perhaps helped put out there with my post. It all just seemed a bit too coincidental to me that someone just came along and noticed his QR code, thus foiling his plan. He could have just said it was a lark.. Instead he released the “details” and suddenly he was in the press again as a hero or a novelty. So I had a sit down and a think about it all…

And this is the result.

Operational History:

Upon reflection I should probably call this section “Operational Hysteria” but meh, I will go with it this way. Since Jester showed up on the internet with his DDoS attacks I have been calling into question the “why” and not caring as much about the “who” As others went on (anonymous and others) to try and “dox” him it became apparent that it would not work because he had allegedly covered his tracks. I too attempted to look into who it may be and got pretty much nowhere and gave up as he was more an annoyance than anything else in my book.

But, back to the issue at hand. Jester’s operational history is much more interesting in that you hear a lot about his “exploits” but you really don’t hear about the effects that they bring about. As such, I would call you all to pay attention to the facts of what has happened thus far.

  • DDoS: He claims to have DDoS’d jihadi sites and Anonymous sites.
  • DOX-ing: He alleges that he dox’d Sabu
  • Tampering Exploits: He alleges that he uploaded a tainted LOIC version for the Anonytards to use and thus pwn themselves
  • QR Code Exploits: Lastly, he alleges that he created a QRC exploit kit using his Twitter account and pwnd a bunch of phones, downloading pertinent data on the “villains” that he had on a list

This post is being put forth to separate the wheat from the chaff on his stories and to demystify, hopefully, for some the myth versus the reality of just what has been going on. I do this because I think that all too many people are just buying into the stories by accepting “trust me, I did it” instead of real proof of actions and outcomes. Some will say that I just have it in for him after his “blue on blue” attacks on me, and yes, I will cop to that too, but, it’s become more of a debunking thing instead of as some have said “sour grapes” I say this because those who think that it’s all about sour grapes aren’t actually taking into account that there is any real proof of his exploits being effective or in fact really having happened (case in point the QRcode thing recently, we just have his story on a blog and an encrypted file that no one can decrypt as proof)

People should question things a bit more in today’s world of Anonymous, and cyber warfare. In this case, I not only question the motivations of the Jester, but also his modus operandi as well. There, to me, seems to be a pattern of talk about operations, press releases if you like, and then very little actual proof that anything has been really done nor any real net effects being captured to lend credence to his operations being effective.

Proof Of Operations:

So, on the proof side lets take a look at the op’s that he has alleged he has carried out and just what we can cobble together as to real outcomes:

  • DDoS: He did indeed DDoS sites offline for short periods of time. In the case of Jihadi’s as well as Anonymous targets, it did little to stop them from operating online. In the case of the Jihad, he had made claims that he was “driving them” into actions that he did not elaborate on. In the case of the jihad, I have been intimately involved in monitoring these sites and the players out there. In my estimation, he has done little at all other than annoy the jihadis. I have made this point many times in the past in fact. The online jihad is carried out on multitudinous sites that are mirrored and have quite a high availability factor to start.
  • DOX-ing: Jester alleges that he dox’d Sabu, which he does lay out the name and some other data but, this has been born out to be after the fact. Backtracesec were the first to put out the name as well as others inside the Anonymous collective who were unhappy with the way things were going. It was Backtrace though, who had the real background data and dossier that was quickly removed from the internet at the behest of the FBI. So, any claims to doxing Sabu are circumspect at best because the Backtrace release was pretty well know. I in fact wrote a post backing up their findings using Maltego on their data.
  • Tampering Exploits: Jester alleges that he uploaded a tainted LOIC version for the Anonytards to use and thus pwn themselves. This is hard to prove as there was no real release of data from compromised systems. As jester is “anonymous” he cannot lay out the data (he claims) so there is no way to verify that it is indeed code he created but, the code and the tainted files were available for download. So, it may or may not have been him doing all of this as well as there “may” have been some who downloaded it and used it. There is however, no proof that anyone did and in fact any data was used to make arrests of anyone using this version of LOIC. In fact, the release of the exploit on jester’s blog only really served jester as publicity. Operationally, it compromised the op… If there was indeed one.
  • QR Code Exploits: Jester alleges that he created a QRC exploit kit using his Twitter account and pwnd a bunch of phones, downloading pertinent data on the “villains” that he had on a list. This exploit, according to him, netted data of users who actually scanned the QR code on their smart phones and as an exploit is already being questioned by certain people (here and here) The questions concern the outdated nature of the exploit code that Jester is claiming to use as well as the operational issues over the use of netcat and other means he claims he did. According to some, these would in fact not work or could not work.

In the end the QR exploits effectiveness or even actually working on any phone, cannot be proven because once again, we just have Jester’s word that he obtained data. Jester did put out a PGP encrypted file that he claims is some of the data he harvested, but, as usual, no one has the key to open it. So, again, we have claims of operational work but no real proof of any kind of solid outcome from the operation. This means that again, we have to take him at his word and for me, that just doesn’t cut it.

All of these exploits or operations that Jester is laying claim to have little to no proof backing up their worth or their working and this is the crux of the matter. Not who he is.. But what has he really done.. And Why?

Motivations:

So, why would Jester be doing all of this? He would claim that he is just a patriot, a former SPECOPS guy, a man of action. Others might say that he is just a man on a mission with an active imagination. Yet others might wonder if he is a he at all, maybe he is a “they” and perhaps this is all a means to a larger end that is being supported by the military or the government. Personally, I am not too sure that any of these fit the bill. Perhaps it’s a melange of all of these and Jester was a military guy with some hacking skills who is being supported by the DoD as a means to get more people to elist.

Maybe he is just someone seeking attention for himself.

I know, some have said “But wait! He’s anonymous so how can it all be about seeking attention for himself?!” Uhh, yes Virginia, someone CAN in fact get and revel in attention even though “they” are not known by many for who they are so that argument falls quite flat. Out of the multiple choices here though, I lean more toward a single actor seeking attention, but, will fall back on the idea that this is a permissed operation with a wink and a nod to benefit the “Cyber Brigades” of the world. That this guy wraps himself in the flag every time and calls people Ma’am or Sir in IRC just bespeaks the whole patriot angle.

Now, that the operations have been either failures or not proven to have had any effect on their targets becomes immaterial to the outcome of garnering attention by the very nature of the “secret” nature of the program that jester is putting out there as fact. It’s a self fulfilling prophecy for those who wish to idolize him as well as perhaps “fear” his machinations. Though, I don’t see too many people being that afraid of him. Nope, this all boils down to “what has he really done” to show you the “why has he done it” Since there have been no real big wins proven by actual details, I think it’s more about gathering attention or creating a legend, a sort of Sorkh Razil of the internet if you will.

In the end, I cannot say with certitude why Jester is doing what he is doing. All I can say is that he has never been able to present definitive proof that he has really done anything at all.

Inside The Fact Impervious Bubble:

It is this central problem of not really proving having done anything other than some DDoS attacks on hapless jihobbyist sites that has me in awe of the media and public response out there to his antics. Inside the Impervious Fact Bubble or IFB ™ so many have just glommed on to him and his exploits as a rallying call. Someone’s gotta “git er done” and by golly Jester will! Even in the face of the stunning lack of real outcomes from his “operations” the mystique of the “Red Rascal” has played out for him well. There are many people who just eat it up and rally to Jester as if he were the single handed savior to them all on the internet.

So, with every exploit that Jester claims he has perpetrated, the masses who believe in him without critical thinking cheer him on and look up to him. His IRC chat room has been a well of wanna be’s and hangers on as well as a place for trolling but the majority of it seems to be the former and not the latter. Believers get to visit with their hero and the trolls (non believers or anonymous minions who hate him) all the while he puts out his rep that he is the lone soldier in a war on terror, be they Anonymous or Islamic Jihad. All of this though, never seems to include any of the critical thought surrounding proof of his exploits or any real outcomes from them.

Why is this? Are people just that in need of a hero? I have to wonder, but it would seem that this all grants Jester a lot of attention and love from his followers, attention that I believe he revels in.

Conclusions:

Overall, my conclusions are that Jester has never really proven his worthiness to be adulated or looked up to. His swagger and his chutzpa only bedazzle those not willing to do more looking than to his blog or his twitter on his exploits worthiness. If indeed Jester is the sole proprietor of this operation, he has a pretty perfect means to garner attention with minimal output other than some creative writing and claims of grand schemes. Because the operations and their outcomes are super secret, it is the perfect scam really. After all, how can you prove anything didn’t happen? It’s all secret you know.

On the other hand, if this is some sort of condoned or sanctioned operation, what ends would there be? My suspicion would be to generate a buzz around such actions so as to make something like the “cyber brigade” a real attractive thing to the masses of hacker wannabe’s out there. If they all want to be like Jester, then they will sign right up for the brigade. I however have yet to see a real hand in this game from the military side. Nor have I ever been given any proof that these operations have had any real palpable effects on the targets to move them in directions perhaps the military or the government might like.

Thus it leads me back to the first premise. Jester may just be a person or a small group of people with an agenda of their own. An agenda that include a media arm and attention from said media and the populace and not altruism or patriotism. If indeed he/they think that they are doing something greater, then he/they are deluding themselves. Unless Jester can prove to me that there has been substantial action resulting in arrests or breaking up of cells (jihadi or other) by direct response to his/their actions, I just feel that it’s self aggrandizement on a grand scale.

So, J, if you really are doing something.. Prove it and I will take all of this back and support you.

If not.. Then you know where I stand… As you have before.

K.

Written by Krypt3ia

2012/03/14 at 20:09

Follow

Get every new post delivered to your Inbox.

Join 135 other followers