Q & A With Anti-Jihadi Hacker The Jester

January 27, 2010 by ADMIN
Share |

By Anthony M. Freed, Director of Business Development, InfosecIsland.com

Recently we have witnessed the emergence of international hactivist and vigilante The Jester through his crusade against jihadi and militant Islamic networks, and some third party networks that contain evidence of having been infiltrated by rogue elements.

Jester’s activities raise an important question: Where do cyber vigilantes fall on the infosec ethics spectrum?

That is the issue my fellow editors and I have been wrestling with while considering our options for covering the Jester’s exploits – on the one hand, he is acting against some very unsympathetic targets, including the website of the Iranian president.

But on the other hand, he is employing what would be considered Black Hat tactics which violate multiple international and domestic laws, as well as possibly interfering with covert intelligence operations.

Since the publication of Richard Stiennon’s article which introduced most of us to the Jester and his cause, there have been a flurry of opinions offered in multiple threads that both praise and denounce Jester’s conduct.

Stiennon asks and answers the question for himself near the conclusion of his article:

In the absence of a lawful society is vigilantism wrong? Certainly there are many players on both sides of cyber conflicts that feel strongly about their purpose. But in the final analysis I have to say that taking down websites is unlawful and wrong. And, in this case, taking down Jihadist sites may hurt The Jester’s cause.

I for the most part personally agree with Richard’s assessment.

But in the absence of context, if the only real ethical measure is the lawfulness of an action, we would never have seen progress in society’s evolution away from institutions like slavery or child labor.

Lawfulness seems an inadequate assessment method.

Subsequent to Richard’s article, I began a series of IM chats with Jester in an effort to uncover more about his methods and motivations.

Obfuscation for security reasons aside, the Jester seems to be a sincere, impassioned individual who genuinely believes his efforts are noble and justified by the barbarism of the terrorist tactics he witnessed as a soldier.

On multiple occasions now, Jester has made reference to the horror of watching his friends and fellow soldiers be “murdered” by jihadi operatives who have long been exploiting the internet and its accessibility to coordinate terrorist operations.

The feeling I get from our conversations is that the Jester is on a very personal mission to inflict some semblance of pain of on those who are actively working to harm and kill… well, you and me.

Jester also claims to be sharing the location of secret deposits of information he has found planted on legitimate sites in the US, unbeknownst to the site owners, by jihadi hackers.

Some of these hidden files contain information on everything from how to produce an improvised explosive device (IED) to long anti-western rants said to possibly have phrasing combinations used to prompt sleeper cells into action.

The bad guy’s bad is definitely much worse that the good guy’s bad here, and that does play awfully well for the Jester.

Also, the unique methods the Jester is using could more than theoretically be employed by our foes to wreak havoc on our own systems, and so there may be much to learn from this character that can employed for our own best defenses.

And so, after much consideration, we decided that we should indeed pursue this story and our regular contact with the Jester, as the news value of the information provided far outweighs any risk of somehow seeming to improperly glorify taboo infosec practices.

The following is the first installment of my conversations with the Jester.

Q: Who are you targeting with your DoS attacks and why?

Targets are rife, but I vet every single one. I am tipped off via various channels. But I verify all targets. What constitutes a target?

I ‘target’ known sites that recruit and co-ordinate attacks. They can’t use cell phones anymore - they use the web - it’s the anonymous playground.

You can have sleeper cell operative who is watching a jihad forum for a certain phrase. That phrase activates him to do whatever his task is.

Q: Why take them down and up, why not just knock them out?

These ops are time sensitive. My task is to make their chosen communication method unreliable.

By taking them down at random intervals, for random intervals, they can’t rely on them -they become unreliable and useless.

Because they never know when or where I strike from, and because it’s random, the intel agencies can still gather their (questionable) intel.

Q: Critics say you do more harm than good – your reply?

Some critics have said that I will only drive them underground, Well is that not the best thing to do for recruiters?

If you take the position that online jihadi propaganda, proselytization, and interaction is increasingly important in jihadi recruitment, then why is it bad to drive them back into the shadows online? That’s a key principle of COIN.

Underground they can’t reach the masses; therefore they are less effective at recruiting. An underground recruiter is less dangerous than an overground one.

Q: You are all over Twitter - what about an Islamic group’s right to free speech?

Well the internet is all about freedom of speech, which is a concept I support.

Freedom of speech is one thing, but when bad dudes use our internet, on servers hosted in our country, or continent - because they have no infrastructure of their own to do it - that’s a different matter

As for their freedom of speech, if that’s all they want, then please speak freely

Just make sure there is no recruiting or co-ordination going on. Now do you see my point?

Q: Where do you see yourself from an ethical perspective?

This the first time I have really quantified my reasoning - to anyone.

My plan is to disrupt, not destroy – to make their methods unreliable, make them not trust the only medium left to them.

I do wrestle with whether what I am doing is right, but figure if I can make their communications unreliable for them, all the better.

Now a question for the readers: What do you think? Is Jester to be characterized as the cliché outlaw hero who dishes out his own personal brand of justice on the bad guys?

Or is he – as some critics have labeled him – just a miscreant with script-kiddy tactics, meddling where he has no business to meddle?

Submit your comments or questions for Jester below, and stay tuned for more installments of my IM chats on Information-Security-Resources.com, now part of the InfosecIsland.com Network.

About Infosec Island

Infosec Island is a new type of online community designed specifically for IT professionals at small-to-medium businesses and other organizations who manage security, risk and compliance.

Unlike other infosec portals, it combines the benefits of IT security portals and social networking into a single, vendor-neutral community.

Infosec Island members improve their organization’s security, save time and reduce their costs by taking advantage of a unique set of benefits, including infosec news and information, built-in social networking capabilities, relevant content based on personalized organizational views, free security tools and premium Web-based security services.

Infosec Island is the first secure infosec community featuring not only SSL-based security, but additional options for higher security levels.

Membership is free.

*   *   *

Stay Informed With ISR News Alerts:

Email:

by FeedBurner

*   *   *

Follow us on Twitter

*   *   *

Anthony is a researcher, analyst and freelance writer living in beautiful Eugene, Oregon. Anthony founded Information-Security-Resources.com in 2008, and merged forces with the Infosec Island Network in January of 2010. Infosec Island is committed to serving the needs of SMBs and mid-market enterprises across many industries, as well as nonprofits, government agencies, educational organizations, and the infosec community at large. Contact Anthony at afreed@wireheadsecurity.com regarding all aspects of business development, client and community relations. Many opportunities are currently available for business and strategic alignment at Infosec Island.

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • TwitThis
  • LinkedIn
  • Google Bookmarks
  • Digg
  • StumbleUpon
  • YahooBuzz
  • del.icio.us
  • Wikio
  • Propeller
  • Facebook
  • MySpace
Share |


Filed under: Anthony M. Freed, Breach, Cloud computing, D&O Liability, FEATURE ARTICLE, Financial, Government, Infosec Island Network, Insider Threat, Internet Security Alliance, Military, PCI, Richard Stiennon, Sarbanes-Oxley, The Jester, Trefis, Uncategorized, Webcast, due diligence, hackers, healthcare, identity-theft, malware, national security, privacy, virtualization 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Comments

18 Comments on Q & A With Anti-Jihadi Hacker The Jester

  1. Stiennon on Thu, 28th Jan 2010 9:24 am

    2. It sounds like the Jester is refining/maturing his stance. The discussions on various forums, blog postings, and Twitter may be helping him to come up with a defensible position, at least through his eyes.

    Please keep us informed on his activities. A follow up to this great interview would be very interesting in say a month.

    -Stiennon

  2. ADMIN on Thu, 28th Jan 2010 9:38 am

    3. I have to say hats off to Mr. Richard Stiennon for uncovering this tremendous story!

    Richard’s articles have been the cornerstone on which Information-Security-Resources.com’s success has been built, and I want to personally thank him for his generous contributions and uncanny insight.

    Be sure to check out Richard’s site: http://threatchaos.com/

    Cheers Richard!

  3. Richard on Thu, 28th Jan 2010 12:51 pm

    4. I’ve got issues with a couple things.

    1) Free speech
    Free speech is not a right in the countries where these people live. It is also not a right protected by the US constitution for non-US citizens, this includes both legal and illegal aliens. They have no right to speak freely on any medium hosted inside the US borders.
    2) Ethics
    Who’s ethics are we talking about here? Are we talking Christian ethics? Islamic ethics? Western ethics? The problem with ethics is the eyes that look upon them.

    Is it ethical to stone someone to death because she slept with another man? In Iran, you bet. In the US, heck no.

    Is it ethical to pretend to be a citizen and befriend an uniformed enemy combatant, just to take out a knife and slit his throat? If that citizen is Western, not on your life. But fundamentalist Islam is sure OK with it.

    When someone has declared war on you and will stop at nothing to see you wiped from the face of the planet, sometimes you have to play by their rules…

  4. ADMIN on Thu, 28th Jan 2010 1:15 pm

    5. There is definitely something to be said for being on the “right side” - if that is determinable. Does it just come down to the lesser of two evils?

    Would we tolerate cops who only beat up criminals?

    This is a tough issue - by Jester’s arguments, we are weighing danger to people’s lives vs. some mischief against the miscreants creating the danger.

    On the granular level, it’s hard to fault Jester…

  5. Richard on Thu, 28th Jan 2010 1:39 pm

    6. Would be tolerate cops who only beat up criminals? I probably would. Depends on the level of criminal they are.

    I guess I dont see it as a tough issue. He’s doing something, when our gov’t sure doesnt seem to be able to. Is he being effective? Who knows. I like to think so.

    To me, saving just one innocent life is worth shutting down every possibility of them communicating ever again.

  6. ADMIN on Thu, 28th Jan 2010 1:42 pm

    7. Hard to argue with your logic.

  7. FM Reid, Jr. on Thu, 28th Jan 2010 2:54 pm

    8. Count me in!
    I am the type of guy that would have joined the crusades.
    Jester, tell me how to help the cause.
    fmreidjr@gmail.com

  8. Robin Jackson on Thu, 28th Jan 2010 5:27 pm

    9. I find th3j3st3r’s arguments rational and well thought out. I admire his skills and tenacity. No one has the right to use the Internet to maim, murder, or recruit others to do so. If he is inadvertently messing with ongoing intel ops, he is only doing it for a half-hour at a time and sometimes stirring the nest causes activity that may otherwise not take place. This activity could actually aid in catching and prosecuting bad guys.

    Go JESTER!

  9. Andy on Thu, 28th Jan 2010 8:26 pm

    10. I **strongly support** the Jester! I agree with Richard’s comment - “When someone has declared war on you and will stop at nothing to see you wiped from the face of the planet, sometimes you have to play by their rules.” Our definition of “bad” is definitely better than the enemy’s definition of “bad”.
    I actually think that the governments of the Western world should hang their heads in shame that **THEY** are not doing the same thing as the Jester. They are just sitting around on their backsides, wringing their hands, instead of being ***utterly decisive*** as the Jester is.
    **** GO THE JESTER! **** Long may your packets flow in anger!

  10. LadyRaven on Fri, 29th Jan 2010 3:45 am

    11. The Jester is neither an outlaw hero nor miscreant. While i don’t believe, based on your article, that your intent was insult, it behooves one to understand that those who took the oath to protect and defend did so for life. A more fitting label (if we must) would be sheepdog - http://www.blackfive.net/main/2004/10/i_only_hang_wit.html.

    Stiennon - “In the absence of a lawful society is vigilantism wrong? Certainly there are many players on both sides of cyber conflicts that feel strongly about their purpose. But in the final analysis I have to say that taking down websites is unlawful and wrong. And, in this case, taking down Jihadist sites may hurt The Jester’s cause.”

    Providing services to terrorists violates executive orders 12947 and 13224 dated 9/21/01. To the best of my knowledge the current administration has “yet” to rescind these orders. The jester is simply making a citizen’s arrest albeit temporary only.

    Violating freedom of speech? When one converses with another it is common to temporarily stop the other person in order to get your own two cents in. Jester’s web address is simply conversing with terrorists web address.
    The genius of what he is doing is in rendering the sites useless to recruitment and at the same time leaving those sites up for intel to mine.

    Ethical? Oh please! By whose standards? Before we start accusing him of questionable ethics, we would better spend time looking at Google’s YouTube which daily hosts thousands, and thousands, of virulent jihad videos which they obviously feel are protected under free speech. One example - there are 41,100 videos of Osama Bin Laden on YouTube. That is up 1,500 videos just since Monday. http://tinyurl.com/ykqwvkv

    This country is worth preserving, but we are, unfortunately, going to need the Jester to clone himself many times over.

  11. MILNEWS.ca on Fri, 29th Jan 2010 6:24 pm

    12. Intriguing work you do, Jester.

    I’m admittedly self serving in this - my hobby is checking out the bad guy sites and forums and sharing some of the more blatant lies for all to see for that they are: LIES.

    While I seem to understand your intentions, I have to say what you do appears to be against the LETTER of the law. Where would we be if we only followed the laws we choose, or only the ones we thought were worth following? Would anyone stand for that approach from a cop?

    All that said, if I was a juror deciding your fate in a trial where you may have been found guilty, given the intent and the fact that you’re not shutting down systems permanently, I’d be happy seeing you get a $10 fine, maybe a few hours of community service teaching int types tricks they may not already know, and no record.

    Also curious - why “Jester”? As in “Jesters could also give bad news to the King that no-one else would dare deliver”? Or something else?

  12. How th3j35t3r And Other Hackers Are Using Their Skills To Bring Real World Bad Guys To Book on Mon, 1st Feb 2010 5:04 am

    13. [...] do you think of the jester (read this first) – th3j35t3r – is he a hero or misinformed vigilante? AKPC_IDS += “12759,”; [...]

  13. badgamon on Tue, 2nd Feb 2010 5:29 am

    14. Good job Jester !!!! keep going…………

  14. ravenwaver on Tue, 2nd Feb 2010 9:44 am

    15. The Jester operates within a gray area of laws and morals and I support his activities completely. Remove a channel of communication for jihadist’s and the West is safer. I say expand the operation and “channel” the resultant options to those we have excellent eyes and ears on.
    This is PSYOPS and we can be in the driver’s seat if we want to be.
    De Oppresso Liber

  15. j35t3r on Tue, 2nd Feb 2010 2:54 pm

    16. Hi all,

    Thank you for your kind comments and support. I am am a person of few words, actions apparently speak louder. Just for clarification, I know I am only one, but by being elusive, and striking randomly for short periods, the jihadi will soon be unable to trust the intertubes. That is my aim. Nothing more.

    As RAVENWAVER above states, this is the nature of psyops. It works. With regard to the worry-warts that say I do harm against intel ops, the nature of the attack serves to allow them the ability to still monitor and glean intel from previous.

    I am well aware I wont hurt the jihadi online with a killer blow. But that is just down to resources, and as an aside to those that cry I am killing the hosts and bandwidth that lie between myself and the target, well you not getting it. This attack is surgical, there is no collateral damage. Only the target takes the hit.

    I again wish to extend my thanks to all who have realized how this shit is going down. Also big up to A Freed, for his patience and integrity.

    J35t3r

    http://www.twitter.com/th3j35t3r

    << out

  16. LH on Fri, 5th Feb 2010 11:27 am

    17. Every moment that the jihadists spend jousting with The Jester is a moment that would otherwise be spent recruiting fighters and planning attacks. He is engaged in an online boxing match of sorts and causing jihadist resources to be expended. Creating friction for the jihadists should be a goal on every front. They should not be allowed to be given any quarter anywhere they are found and this includes the internet. If they are using a computer to recruit, plan, and communicate then that computer is a tool of war making it a legitimate target. If the jihadists were found to be occupying a space that is brick and mortar it would be considered a legitimate target. What makes a space on the internet any less legitimate of a target?

  17. Hilary on Tue, 9th Feb 2010 3:28 pm

    18. “Would we tolerate cops who only beat up criminals?” In LA, we decided we would not put up with it. See the LA’s Rampart scandal in the 1990s. I’m not sympathetic to gang bangers or barbarian religious nuts, but we do have to watch out for that slippery slope. The Jester’s not killing people, just letting the religious thugs know there are some things Al*h cannot control. I’m in favor of his/her work, and think he stands well clear of the cliff’s edge.

  18. ADMIN on Tue, 23rd Feb 2010 8:44 am

    19. Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on a Taliban website, and carried out by infamous patriot hacker The Jester (th3j35t3r). The video release follows an earlier announcement that The Jester has been working to improve and automate aspects of the attack method, which unlike a DDoS attack, requires only one low spec machine to implement…

    https://www.infosecisland.com/blogview/2990-Exclusive-Video-of-XerXeS-DoS-Attack.html

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!