Patriot Hacker Hits Jihad With DDoS Attacks
Follow Up Article: Q & A With Anti-Jihadi Hacker The Jester
By Richard Stiennon, Chief Research Analyst, IT-Harvest
I had an interesting demonstration this evening from a hacker who goes by the handle “The Jester” or in so-called l33t speak, th3j35t3r which is his Twitter ID.
Since January 1, The Jester has been systematically wreaking havoc with several websites he associates with Al Quiada and Jihadists via a Denial of Service attack delivered over the web through a Swedish anonimizer service (www.anonine.com).
The Jester has been documenting his attacks against www.alemarah.info, www.radicalislam.org, islamicpoint.net, www.almaghrib.org, www.as-ansar.com, www.islamicnetwork.com, www.islamicawakening.com, www.ansarnet.info, since the beginning of 2010.
Early today he posted:
Official Presidency Website of Iran (www.president.ir) will be unavailable for the next 40 minutes, due to their oppresive Islamic regime.
I approached The Jester through DM and provided my email address. I wanted to understand his(?) motivations and intentions. These are still not completely clear but this post sums it up.
The Jester is taking on radical Islam through the web.
Via email he told me:
Hi again Richard,
Forgive me if I may sound vague on any of the following, as you can probably understand I need to protect my oewn identity for the moment.
I am an ex-soldier with a rather famous unit, country purposely not specifed. I was involved with supporting Special Forces, I have served in (and around) Afghanistan amongst other places. Since ‘leaving’ the governments payroll, it has occured to me that the bad-guys are in fact starting to utilize the web more and more as a recruitment, communication, and propaganda medium.
I have been and continue to develop methods and tools to disrupt, mis-inform and obstruct this kind of terrorist activity. Kinda like taking them down from the inside, and using my weapon of choice. The method I have used to take-down the sites mentioned on twitter is rather special, it’s only downfall right now is that it is obviously only temporary disruption. But I can however take down and put back their sites at will. The attack is like a DDOS attack, except without the first ‘D’.
There is nothing ‘distributed’ about this. It is possible with very low bandwidth and a single low-spec linux machine.
I am still refining the tool, but if you check right now - www.alemarah.info is in fact temporarily down, until I decide to bring it back.
The idea here is to target known sites and cause much trouble, but not be destructive and defacing. it’s a very surgical strike and causes no collateral or long-term damage.
The Jester makes a point that he is not defacing web sites, a practice he denounces as mere graffiti. We had a brief IM conversation this evening.
He wanted to demonstrate his Denial of Service tool which he says works over layer 7 (web) and he launches from his linux server. For now, a defense is to simply block his attacking IP address.
That will be easy to enhance as he uses a web proxy anyway.
I gave him permission to whack ThreatChaos but, thanks to my recent move to MediaLayer he found that www.threatchaos.com was in the 10% of web sites he could not take down (woot! I’m good.)
While I was searching through a couple of other domains of mine he suggested that he take down http://mbna.co.uk a banking site.
[17:34] thejester: I choose jihad supporters personally, but for the purposes of this demo I will hit anything for a few seconds.
[17:34] thejester: I need you to know I dont own the domains.
[17:34] stiennon: right
[17:35] thejester: how about MBNA.co.uk?
[17:35] thejester: now do you think I own a bank?
[17:35] thejester: a bank owned by bank of america?
[17:35] stiennon: don’t do that! Might lose somebody some money.
[17:36] thejester: its real temporary
[17:36] thejester: and surgical, no harm done once I kill the attack
[17:36] stiennon: http://fastcabins.com/ but that is at tumblr.com
[17:37] thejester: hows mbna.co.uk looking?
[17:38] stiennon: not so good.
[17:38] thejester: okay its back in a few seconds.
[17:38] stiennon: connection interrupted
The MBNA site was down for only about ten seconds. I suggested he take down a friend’s site which he did.
It took about 30 seconds for him to launch the attack which lasted 30 seconds. I am still going through the logs from that site but I could see the requests coming from anonine.com.
The identity of The Jester remains a mystery. Towards the end of our conversation he posed an interesting question:
[17:48] thejester: my question to you is, am I a baddie?
Tough question. In the absence of a lawful society is vigilantism wrong? Certainly there are many players on both sides of cyber conflicts that feel strongly about their purpose.
But in the final analysis I have to say that taking down websites is unlawful and wrong. And, in this case, taking down Jihadist sites may hurt The Jester’s cause.
In the age old battle between generals and spies there is a similar conflict. The spies want to preserve their sources; the generals want to take them out.
I imagine that counter terrorism groups around the world rely on the sites that The Jester is targeting for valuable information, information that could lead to the capture of the next Christmas Bomber.
So my message to The Jester (I know you are reading this since I sent you the link!):
Come in from the cold. Work with counter-intelligence and counter-terrorism teams to further your vendetta.
Follow Up Article: Q & A With Anti-Jihadi Hacker The Jester
* * *
Stay Informed With ISR News Alerts:
* * *
Announcing the birth of Cyber Defense Weekly, a newsletter created to give participants in this new category a comprehensive summary of the week’s news, product announcements, and escalations in cyber threats.
Simply provide your email address here to become a subscriber.
Comments and input are welcome as always on this critical new category.
Richard Stiennon, security expert and industry analyst, is known for shaking up the industry and providing actionable guidance to vendors and end users. He recently re-launched the security blog ThreatChaos.com and is the founder of IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors. He was Chief Marketing Officer for Fortinet, Inc. the leading UTM vendor. Prior to that he was VP Threat Research at Webroot Software. Before Webroot, Mr. Stiennon was VP Research at Gartner Inc. where he covered security topics including firewalls, intrusion detection, intrusion prevention, security consulting, and managed security services for the Security and Privacy group. He is a holder of Gartner’s Thought Leadership award and was named “One of the 50 most powerful people in Networking” by NetworkWorld Magazine.
The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com
Filed under: Breach, D&O Liability, FEATURE ARTICLE, Financial, Government, ISR News, Insider Threat, Military, PCI, Richard Stiennon, Sarbanes-Oxley, The Jester, Uncategorized, due diligence, hackers, healthcare, identity-theft, malware, national security, privacy, virtualization
Comments
12 Comments on Patriot Hacker Hits Jihad With DDoS Attacks
-
Joe on
Fri, 8th Jan 2010 9:43 am
-
Sard on
Fri, 8th Jan 2010 11:51 am
-
j5t3r on
Sat, 9th Jan 2010 2:11 pm
-
Dion on
Sat, 9th Jan 2010 11:16 pm
-
Patriot Hacker Hits Jihad With DDoS Attacks - Remote Exploit Forums on
Sun, 10th Jan 2010 5:26 pm
-
r3104d on
Mon, 11th Jan 2010 1:46 am
-
Get Real on
Thu, 14th Jan 2010 5:40 pm
-
Repoman on
Fri, 15th Jan 2010 11:13 am
-
“We want heroes” – at what cost? « jpskaar on
Sat, 30th Jan 2010 8:20 am
-
Phil J Howarth on
Fri, 19th Feb 2010 10:08 am
-
ADMIN on
Tue, 23rd Feb 2010 8:45 am
-
ADMIN on
Sun, 7th Mar 2010 10:37 am
Keep at it Jester!!! We need more like you that won’t let these murders have an easy time with technology!
Every second you have their sites down is one less second they may not have been able to coordinate something.
To the author of this, I ask, do you really think our counter-terrorism groups are doing enough?
Man Jester….Good work dude…keep it up..I am also a techno guy working in security domain..and a Muslim too.. you..we..and all who can do it..must not allow these F***ing B**t**ds to take any innocent life using anything. As you have been gifted with this knowledge put it in proper use and bring these guys down.
Some legal entities might have good interest in your work to support..check it :).
Good luck once again mate..
Sard.
Thanks for your support all.
Gracias.
Full support from NY. And thank you for your work in the military.
[...] Hacker Hits Jihad With DDoS Attacks Anyone else been following this? Patriot Hacker Hits Jihad With DDoS Attacks : Information Security Resources Jester (th3j35t3r) on Twitter I’ve got mixed feelings about this…should the site be left alone [...]
Keep it up man. I’ve often thought of doing something similar yet am not at th@ level yet. Never forget. Semper Fi.
[17:48] thejester: my question to you is, am I a baddie?
“Tough question.”
REALLY Richard? You report on computer security issues and don’t understand dos attacks? Typical. You probably can’t even program in any language.
From the punks Twitter;
“they love it when western troops die.”
And you love it when everyone else dies.
Over 3m DEAD in Iraq and Afghanistan the past 8 years. That’s GENOCIDE.
Well over 80% of the people who die in military conflicts are women and children.
But what can you expect from a mind control victim. When you SIGNED UP haha to play GI Joe, they didn’t just excercise you to get your fat ass in shape. When your physically exhausted, your more susceptible to brainwashing. All militaries do it. They do, because KILLING PEOPLE, ISN’T NORMAL.
Back to the kididoits lame script. What petty selfjustifications do you tell yourself about the people your effecting your route? Most of these sites aren’t on dedicated boxes. Most are hosted in your land of slaves and home of cowards.
The internet is obviously the next frontier of warfare, and the Achilles heel of the west with it’s increasing dependence on it’s technology and it’s inherent fragility.
Radicalists realize this and are taking full advantage of it, but they aren’t the only ones.
There needs to be more individuals willing to answer these attacks, and carry the message back to the attackers. Deny them their intel.
I shudder at the thought of agencies allowing these sites to remain untouched in the HOPE to gain some info, but are the chances of missing something significant worth the cost of allowing the enemy to perform whatever operation they have in mind?
I think not.
Don’t pay any attention to people who have obviously gone off their meds by saying that killing people isn’t normal yet apparently support the killing of innocents by attacking those who would seek to defend them.
Your doing a fine job jester…I wish you continued success…thank you for your service
[...] Stiennon (Chief Research Analyst @ IT-Harvest) writes in his post “Patriot Hacker Hits Jihad With DDoS Attacks” about a conversation between him and the hacker “The Jester” or [...]
Here is a heart that felt a wave of hope and inspiration rising as a result of Jester’s efforts. Legal - Nope? but good on him anyway - a “Baddie” - yep but so bad he’s good.
Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on a Taliban website, and carried out by infamous patriot hacker The Jester (th3j35t3r). The video release follows an earlier announcement that The Jester has been working to improve and automate aspects of the attack method, which unlike a DDoS attack, requires only one low spec machine to implement…
https://www.infosecisland.com/blogview/2990-Exclusive-Video-of-XerXeS-DoS-Attack.html
Security Bloggers Wanted - Get Noticed - Get Hired in 2010!
The publishers of Infosec Island are now enrolling experienced network security professionals to become Island Bloggers and Forum Moderators.
Register and complete your profile, including a pic or avatar, and you will be eligible to win one of over $10,000 in products and services.
Only completed profiles with pic or avatar are eligible for the drawing!
Actively blogging for a quality outfit like Infosec Island has benefits for professional who want to bring attention to their expertise and the solutions they bring to market to mitigate threats, and can bring much needed business in this rough economy.
Blogging is doubly beneficial for those of us who have spent some time in the unemployment lines too. Quality articles can highlight your expertise in ways that no CV or interview possibly could, and really make you stand out from the crowd.
I can attest under no uncertain circumstances that I would not have my current position if I had not been actively writing and publishing during my period of unemployment.
When potential employers see you have been consistently producing solid work even during your unpaid respite, they get the impression that you are a gold-star employee candidate who will go the extra mile, and that you are a producer.
Blogging for Infosec Island has added benefits, as the publishers spend considerable time and resources promoting the articles, and generating attention for the authors.
One example to note - Saumil Shah’s post on Infosec Island regarding a Twitter Hack has garnered over 11,000 hits, and a lot of attention for Saumil!
https://www.infosecisland.com/articleview/2995-Thousands-of-Twitter-user-accounts-compromised.html
So, if you already have a blog, join the Infosec Island community and cross-post your writings for increased distribution and exposure.
If you don’t have a blog, nor the time to properly maintain one and market it effectively, simply join the Infosec Island community and make your thoughts known by being an Island Blogger.
Simply register, complete the short profile and upload your picture or avatar, then apply for blogging privileges.
Be sure to complete your profile so you are eligible to win one of over $10k in prizes in our Q1 membership drive, and feel free to contact me through the Island in-mail, or directly at AFreed@WireHeadSecurity.com for more details.
* Grand Prize - a FREE core server license, including maintenance, of the Grid Data Security’s Enhanced Authentication Solution from SyferLock™. This prize has a value of up to $10,000.
* Second Prize - The member winning second prize will receive two myKryptofon security software products from I.D. Rank Security.
* Third Prize - Two third prize winners will receive an EncryptStick™ software application download from Onix International Inc.
Write on!
Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!
