Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

TH3J35T3R: Don’t Dox The Man, Dox The Actions….

with 9 comments

Preamble:

Over the last few years, Jester has been out there making waves and headlines. I have been watching all of this with a jaundiced eye and think that its once again time I sit down and put my thoughts on paper, so to speak, about his antics. Recently, he had been pretty quiet until I posted another piece about him prompted by a SANS report on him and Asymmetric Warfare Approximately 2-3 days after this post, Jester suddenly released a tale about his QR code exploit and dumped a PGP file as alleged proof of his exploits worthiness.

To me this just smacked of a positive response to his negative press that I perhaps helped put out there with my post. It all just seemed a bit too coincidental to me that someone just came along and noticed his QR code, thus foiling his plan. He could have just said it was a lark.. Instead he released the “details” and suddenly he was in the press again as a hero or a novelty. So I had a sit down and a think about it all…

And this is the result.

Operational History:

Upon reflection I should probably call this section “Operational Hysteria” but meh, I will go with it this way. Since Jester showed up on the internet with his DDoS attacks I have been calling into question the “why” and not caring as much about the “who” As others went on (anonymous and others) to try and “dox” him it became apparent that it would not work because he had allegedly covered his tracks. I too attempted to look into who it may be and got pretty much nowhere and gave up as he was more an annoyance than anything else in my book.

But, back to the issue at hand. Jester’s operational history is much more interesting in that you hear a lot about his “exploits” but you really don’t hear about the effects that they bring about. As such, I would call you all to pay attention to the facts of what has happened thus far.

  • DDoS: He claims to have DDoS’d jihadi sites and Anonymous sites.
  • DOX-ing: He alleges that he dox’d Sabu
  • Tampering Exploits: He alleges that he uploaded a tainted LOIC version for the Anonytards to use and thus pwn themselves
  • QR Code Exploits: Lastly, he alleges that he created a QRC exploit kit using his Twitter account and pwnd a bunch of phones, downloading pertinent data on the “villains” that he had on a list

This post is being put forth to separate the wheat from the chaff on his stories and to demystify, hopefully, for some the myth versus the reality of just what has been going on. I do this because I think that all too many people are just buying into the stories by accepting “trust me, I did it” instead of real proof of actions and outcomes. Some will say that I just have it in for him after his “blue on blue” attacks on me, and yes, I will cop to that too, but, it’s become more of a debunking thing instead of as some have said “sour grapes” I say this because those who think that it’s all about sour grapes aren’t actually taking into account that there is any real proof of his exploits being effective or in fact really having happened (case in point the QRcode thing recently, we just have his story on a blog and an encrypted file that no one can decrypt as proof)

People should question things a bit more in today’s world of Anonymous, and cyber warfare. In this case, I not only question the motivations of the Jester, but also his modus operandi as well. There, to me, seems to be a pattern of talk about operations, press releases if you like, and then very little actual proof that anything has been really done nor any real net effects being captured to lend credence to his operations being effective.

Proof Of Operations:

So, on the proof side lets take a look at the op’s that he has alleged he has carried out and just what we can cobble together as to real outcomes:

  • DDoS: He did indeed DDoS sites offline for short periods of time. In the case of Jihadi’s as well as Anonymous targets, it did little to stop them from operating online. In the case of the Jihad, he had made claims that he was “driving them” into actions that he did not elaborate on. In the case of the jihad, I have been intimately involved in monitoring these sites and the players out there. In my estimation, he has done little at all other than annoy the jihadis. I have made this point many times in the past in fact. The online jihad is carried out on multitudinous sites that are mirrored and have quite a high availability factor to start.
  • DOX-ing: Jester alleges that he dox’d Sabu, which he does lay out the name and some other data but, this has been born out to be after the fact. Backtracesec were the first to put out the name as well as others inside the Anonymous collective who were unhappy with the way things were going. It was Backtrace though, who had the real background data and dossier that was quickly removed from the internet at the behest of the FBI. So, any claims to doxing Sabu are circumspect at best because the Backtrace release was pretty well know. I in fact wrote a post backing up their findings using Maltego on their data.
  • Tampering Exploits: Jester alleges that he uploaded a tainted LOIC version for the Anonytards to use and thus pwn themselves. This is hard to prove as there was no real release of data from compromised systems. As jester is “anonymous” he cannot lay out the data (he claims) so there is no way to verify that it is indeed code he created but, the code and the tainted files were available for download. So, it may or may not have been him doing all of this as well as there “may” have been some who downloaded it and used it. There is however, no proof that anyone did and in fact any data was used to make arrests of anyone using this version of LOIC. In fact, the release of the exploit on jester’s blog only really served jester as publicity. Operationally, it compromised the op… If there was indeed one.
  • QR Code Exploits: Jester alleges that he created a QRC exploit kit using his Twitter account and pwnd a bunch of phones, downloading pertinent data on the “villains” that he had on a list. This exploit, according to him, netted data of users who actually scanned the QR code on their smart phones and as an exploit is already being questioned by certain people (here and here) The questions concern the outdated nature of the exploit code that Jester is claiming to use as well as the operational issues over the use of netcat and other means he claims he did. According to some, these would in fact not work or could not work.

In the end the QR exploits effectiveness or even actually working on any phone, cannot be proven because once again, we just have Jester’s word that he obtained data. Jester did put out a PGP encrypted file that he claims is some of the data he harvested, but, as usual, no one has the key to open it. So, again, we have claims of operational work but no real proof of any kind of solid outcome from the operation. This means that again, we have to take him at his word and for me, that just doesn’t cut it.

All of these exploits or operations that Jester is laying claim to have little to no proof backing up their worth or their working and this is the crux of the matter. Not who he is.. But what has he really done.. And Why?

Motivations:

So, why would Jester be doing all of this? He would claim that he is just a patriot, a former SPECOPS guy, a man of action. Others might say that he is just a man on a mission with an active imagination. Yet others might wonder if he is a he at all, maybe he is a “they” and perhaps this is all a means to a larger end that is being supported by the military or the government. Personally, I am not too sure that any of these fit the bill. Perhaps it’s a melange of all of these and Jester was a military guy with some hacking skills who is being supported by the DoD as a means to get more people to elist.

Maybe he is just someone seeking attention for himself.

I know, some have said “But wait! He’s anonymous so how can it all be about seeking attention for himself?!” Uhh, yes Virginia, someone CAN in fact get and revel in attention even though “they” are not known by many for who they are so that argument falls quite flat. Out of the multiple choices here though, I lean more toward a single actor seeking attention, but, will fall back on the idea that this is a permissed operation with a wink and a nod to benefit the “Cyber Brigades” of the world. That this guy wraps himself in the flag every time and calls people Ma’am or Sir in IRC just bespeaks the whole patriot angle.

Now, that the operations have been either failures or not proven to have had any effect on their targets becomes immaterial to the outcome of garnering attention by the very nature of the “secret” nature of the program that jester is putting out there as fact. It’s a self fulfilling prophecy for those who wish to idolize him as well as perhaps “fear” his machinations. Though, I don’t see too many people being that afraid of him. Nope, this all boils down to “what has he really done” to show you the “why has he done it” Since there have been no real big wins proven by actual details, I think it’s more about gathering attention or creating a legend, a sort of Sorkh Razil of the internet if you will.

In the end, I cannot say with certitude why Jester is doing what he is doing. All I can say is that he has never been able to present definitive proof that he has really done anything at all.

Inside The Fact Impervious Bubble:

It is this central problem of not really proving having done anything other than some DDoS attacks on hapless jihobbyist sites that has me in awe of the media and public response out there to his antics. Inside the Impervious Fact Bubble or IFB ™ so many have just glommed on to him and his exploits as a rallying call. Someone’s gotta “git er done” and by golly Jester will! Even in the face of the stunning lack of real outcomes from his “operations” the mystique of the “Red Rascal” has played out for him well. There are many people who just eat it up and rally to Jester as if he were the single handed savior to them all on the internet.

So, with every exploit that Jester claims he has perpetrated, the masses who believe in him without critical thinking cheer him on and look up to him. His IRC chat room has been a well of wanna be’s and hangers on as well as a place for trolling but the majority of it seems to be the former and not the latter. Believers get to visit with their hero and the trolls (non believers or anonymous minions who hate him) all the while he puts out his rep that he is the lone soldier in a war on terror, be they Anonymous or Islamic Jihad. All of this though, never seems to include any of the critical thought surrounding proof of his exploits or any real outcomes from them.

Why is this? Are people just that in need of a hero? I have to wonder, but it would seem that this all grants Jester a lot of attention and love from his followers, attention that I believe he revels in.

Conclusions:

Overall, my conclusions are that Jester has never really proven his worthiness to be adulated or looked up to. His swagger and his chutzpa only bedazzle those not willing to do more looking than to his blog or his twitter on his exploits worthiness. If indeed Jester is the sole proprietor of this operation, he has a pretty perfect means to garner attention with minimal output other than some creative writing and claims of grand schemes. Because the operations and their outcomes are super secret, it is the perfect scam really. After all, how can you prove anything didn’t happen? It’s all secret you know.

On the other hand, if this is some sort of condoned or sanctioned operation, what ends would there be? My suspicion would be to generate a buzz around such actions so as to make something like the “cyber brigade” a real attractive thing to the masses of hacker wannabe’s out there. If they all want to be like Jester, then they will sign right up for the brigade. I however have yet to see a real hand in this game from the military side. Nor have I ever been given any proof that these operations have had any real palpable effects on the targets to move them in directions perhaps the military or the government might like.

Thus it leads me back to the first premise. Jester may just be a person or a small group of people with an agenda of their own. An agenda that include a media arm and attention from said media and the populace and not altruism or patriotism. If indeed he/they think that they are doing something greater, then he/they are deluding themselves. Unless Jester can prove to me that there has been substantial action resulting in arrests or breaking up of cells (jihadi or other) by direct response to his/their actions, I just feel that it’s self aggrandizement on a grand scale.

So, J, if you really are doing something.. Prove it and I will take all of this back and support you.

If not.. Then you know where I stand… As you have before.

K.

About these ads

Written by Krypt3ia

2012/03/14 at 20:09

9 Responses

Subscribe to comments with RSS.

  1. Here’s one more brick in the “He’s full of shit” wall. I scanned that QRCode, but with the app I use, I am able to see the address before choosing to visit the site. It went to tinyurl /6wkhk4v. After expanding the url it pointed to entropic dot byethost8 dot com. Now, according to him the javascript trick was there the whole time up until someone contacted him.

    I assure you this isn’t true because I went there long before he was “notified” and viewed the source. It was just the that he lists on his “Tell all” blog update photo.

    Random Observer

    2012/03/14 at 22:34

  2. Kryptia,

    From the perspective of someone who watches young, interested folk drool over the “super-leet” exploits of Anonymous and Lulzsec, I think “his work” would be valuable even *if* it was in part a psyop, provided they don’t do anything provably false.

    So, if “he” is listening, and, if “he” is really a “they”, my advice to “them” is “keep at it.”

    Furthermore, only the most wooden, literal readings of his blog post or almost certainly willful misinterpretations would lead one to flat out dismiss the claims. Other security researches have said that what he claimed was in fact completely possible. And as someone with significant experience coding, I can’t imagine any coder reading the text of that blog post *charitably* and walking away saying it’s just completely impossible.

    Of course, I hope there is a “big reveal” in the near future, but (t)he(y) might have any number of reasons to not share overly specific evidence of his exploits (ethical, op sec, legal, etc.) On the other hand, the claims that *can* be easily checked (the Tango Downs, etc) turn out to be more or less accurate.

    Also, I find it strange that you are now questioning the LOIC op. Your last post on this subject lauded it.

    Finally, I can’t help but raise an eyebrow to your reasoning that seems to be: if an op doesn’t end in 100% success and complete victory it is more or less useless.

    (PS, it seems you’re trying to bait him into doing something that might expose himself. Will be fun to see if he falls for it. A true egomaniac probably couldn’t bear to let this go long unchallenged. After all, he doesn’t *owe* you an answer…)

    —–

    On the other hand,

    One thing I’d ask The Jester about IF he is truly working completely independently of the government is “how can you be certain you won’t compromise an ongoing operation? Are you reasonably sure the positive effects of your actions outweigh the potential negative effects?” I guess anyone running covert operations, including government agencies have to ask that question, but at least there are formal channels set up to help prevent significant damage from occurring.

    —-

    Random,

    What exactly were you trying to communicate. Probably I am just rushing through it impatiently, but maybe you can rephrase? I thought I was following until I made it to the last sentence.

    chucklingabit

    2012/03/15 at 23:07

  3. @chucklingabit:

    Unintentional use of the angle brackets around the word “body” and it was removed by the blog software.

    Last sentence should have read: “It was just the body that he lists on his “Tell all” blog update photo.”

    anotherrandom

    2012/03/16 at 01:17

  4. Bait,
    Ok, so here are my responses…

    1) The coding/explploit wooden interpretation of blog posts: I simply call into question the validity of the operation not only from the coding aspects but also the obscure-ness of it. It would be akin to me putting out a steg’d photo and asking why no one found it. The target audience here, as you are alluding to as am I, are not that technically saavy. How many on his “list” would actually try and scan the code? How many thereafter actually had exploitable phones? It just seems more like an attempt at attention to an agenda (perhaps psyop, which I will get to as well later) than anything worth the time and effort. He also reports that a sentaor scanned the QR and BAM he owned him too.

    Really? A senator? Uhhh, yeah, I know how tecnically engaged the senators are and I highly doubt that happened. Maybe it was a paige with access to the account? In any case, I just don’t see this as anything more than a novel, but obscure attack vector with very limited attack surface and probability of success.

    2) Big reveals… So far, none have ever happened. Please go back and check to see if there have been any other than his re-hash of the Backtrace data.

    3) The less than 100% Success = Failure scenario: I think that you are mistaking this in my writing. I do not consider a 100% or nothing here to be the issue. I consider the bigger picture as well as I am not really a big believer that this is an “operation” more than someone looking for attention using veiled threats of data being obtained. Could it all be psyops, sure, but in the end what would the psyops be?

    a) Jihadist sites being DoS’d has not stopped nor directed them anywhere offline or other.

    b) As you saw yesterday with the release of the so called AnonOS, 26k people downloaded it and said they liked it etc. Now many of them likely were infosec and LE looking to see what the deal was but many likely were the skids. So, if J is s psyop, I would say overall, he has not made an impression.

    4) On the J being an operator, he said as much to me in threats. He claimed to have been working for people (i.e. DoD) so by his own admission he made that claim. Whether or not it’s true is another matter altogether. So far, asking people I know has gotten mixed results. So, meh. In the case of me, he actually did get in the way and admits to a “blue on blue” incident in my case. Generally though, his DoS attacks have not caused any great problems with operations as far as I am aware of, just annoyance.

    So, in the end, you ask what I am trying to get across.. I am trying to get across that I do not believe this is a good “operation” in that it is at all effective nor do I really believe at this point, 2 years in, that it is a “real” one either.

    K.

    Krypt3ia

    2012/03/16 at 15:03

  5. ‘On the J being an operator, he said as much to me in threats. He claimed to have been working for people (i.e. DoD) so by his own admission he made that claim.’

    I have been following Jester’ exploits for over a year now and he/she has always maintained he works alone. I too have found this hard to believe given the frequency of his/her attacks, and kept a lookout for evidence to the contrary. I have as yet seen none.

    However ‘Krypt3ia’, if you can show us where he/she said what you mention above I would like to see it, or are you refererring to the tweet he/she directed to you a while ago which read:

    ‘@krypt3ia Don’t dox the actions. Dox the boats. It’s all about u? How bout this – When I report to u I’ll answer to u. Until then speculate.’

    Because that isn’t saying he/she works for some secret departmental entity, it’s saying he doesn’t work for you.

    Please show us where he admitted he this, it’s been riddling away in my brain for months now.

    What did I miss?

    John P Menendez

    2012/03/16 at 17:21

  6. It was a discussion via email we had post his initial dos attacks on me.

    Krypt3ia

    2012/03/16 at 17:48

  7. Thank you very much for the detailed answer. All more or less sensible from my perspective, even if we disagree on some bits.

    “b) As you saw yesterday with the release of the so called AnonOS, 26k people downloaded it and said they liked it etc. Now many of them likely were infosec and LE looking to see what the deal was but many likely were the skids. So, if J is s psyop, I would say overall, he has not made an impression.”

    IF, it’s a psyop (and pls bear in mind that — psyop or not — some of the attacks could still be real), whether officially sanctioned or not, it would require significant media attention, to ever “compete” in any real way with Anonymous / achieve what would presumably be its other goals. I guess my point is (and it seems, both of our guesses are — for the moment — basically unfalsifiable), if I am right, I wouldn’t be surprised to see him actively cultivating media attention (eg, revealing exploits after deploying them.) Even before thinking about this in any detail, it was pretty clear to me that it is almost certainly at least part psyop. He’d be better off (almost, at least) never saying a word if the direct effect of the ops themselves were his one and only goal.

    I guess the question becomes: how do we tell the difference between a campaign designed to (perhaps among other things) have psychological impact on the targets and observers for some nontrivial purpose (we could iterate these in detail later, but there are certainly many, many potential goals), and a series of ops meant to have the psychological impact on targets and observers for the sake of gaining attention?

    “4) On the J being an operator, he said as much to me in threats. He claimed to have been working for people (i.e. DoD) so by his own admission he made that claim. Whether or not it’s true is another matter altogether. So far, asking people I know has gotten mixed results.[...]”

    I hadn’t realized this. I wish there was a better resource somewhere that collated everything that is known or at least rationally suspected about him (the wikipedia page is useless.)

    Thanks again for a great site and great conversation.

    chucklingabit

    2012/03/16 at 20:48

  8. i was in the old country

    Frank Mason

    2012/03/24 at 05:01

  9. just for the record. when he claimed pawning Anons and sharing the info he found openly but crypted. FAIL, After trying his public PGP. I inquired with his twitter account to share the right public PGP, no response back. at that point i got dubious too.
    p.s. no affiliated to any


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 132 other followers

%d bloggers like this: