Why People Need To Stay Away From Cyber-Vigilantes.

Yesterday I came across this post “We don’t need cyber-vigilante justice“, which is must read for people who want to become hackers or cyber-vigilantes and why people shouldn’t be like that. Being a cyber vigilante to show that you are a l33t hacker is one not good idea, but joining and making partnerships with equally not a food idea.

One way or another, all these cyber vigilantes are criminals, just like our ordinary day-to-day criminals but these people live online. However the unfortunate thing is these vigilantes gather followers, and these followers try to make their own way towards e-fame either by hacking of helping these vigilantes of their work. I guess it’s not like a gang but like a cult.

Anonymous has their own set of followers, LulzSec had their own followers, Jester has his own set of loyal fans. May be these vigilantes like this e-fame, anyway most of these followers are ordinary hackers or, just another scrip kiddies. When they follow these vigilantes and try to show they are also l33t, the end result is them making more havoc by hacking  websites, disrupting services and posting personal information on the internet and in the end getting caught.

If you look at Anonymous, they grew up to a point where Anonymous became a cancer to the internet, some of these Anonymous were elite hackers hacking big websites. Anonymous became famous and later Anonymous gathered followers that were no more than script kiddies that started hacking, defacing every small website that comes in their way.

Finally what happened is that most of the top members of the Anonymous got arrested and, most of the followers inevitably got arrested or either got their personal information exposed or posted on the internet. Even we had our own AnonymousLK and we had the utmost pleasure of exposing them.

It’s not just Anonymous and LulzSec, even people who are supporting the so-called “patriotic” hacker Jester has also suffered when their personal information published on the internet, and recently the websites that Jester supports like the Wounded Warrior Project was also brought down, and personal information of LeRes was published online by the UGNazi hackers who are against Jester.

The best thing is not to take sides, not to support people like Anonymous, and people like Jester who is “hacktivist for good”. There is no such thing as hacktivist for good. It’s illegal and there is no difference between Anonymous type hackers. Helping cyber vigilantes is same as helping everyday crooks, you never know when you’ll get in to trouble thanks to them.

So people need to think twice about becoming online vigilantes or taking their sides. Not only the people who are being targeted by the vigilantes are affected, but also people who take sides are also affected in the cat fights between hacktivists. Stay safe.

“The law of celestial mechanics dictate that when two objects collide there is always damage of a collateral nature”

Jester, More Questions Unanswered Than Answered.

After all the drama and series of posts about AnonymousLK, I decided to write a post that I was thinking to write for a long time, a post about “The Jester” (th3j35t3r).

Basically Jester is a “patriotic” hacker that launches denial of service attacks on Jihad terrorist websites. If you are someone wondering who’s jester, the wikileaks page about Jester and this blog post about jester gives all the information you need to know about jester’s history from the beginning.

Before writing the post I have to say, I’m not a supporter of jester, nor I’m against him, I’m just an observer on the internet and looking online drama eating pop corn. However I am against Anonymous.

The thing I’m happy about jester is going after the Jihadi websites and taking them down with his DoS tool XerXes, according to Sam Bowne XerXes is most likely a modified SlowLoris tool. Well I’m not going to talk about Jester’s history and what’s he doing, I thought of writing this post after seeing what’s happening with Jester recently.

Jester’s famous quote is,

There is an unequal amount of good and bad in most things, the thing is to figure out the ratio and act accordingly.

I think same can be said about Jester, there is an unequal amount of good and bad in him. Jester has a good side and a bad side, the bad side of him is making people leave Jester and made me write this post.

Some of his former IRC channel ops and some of former Jester fans have now formed a separate movement called ReaperSec that’s heavily criticizing Jester. You can read their blog at http://reapersec.wordpress.com

First of all Jester lies more than he should, and takes credit for what he has not done, as reapersec points out on their blog post :

  • Modified LOIC to expose users IP – Never happened, unknowing users where exposed by default.
  • Infected DHN.zip distributed to Anonymous – Never happend, AnonymousDown found the file, th3j35t3r asked Tyrkoil to write his blog post claiming that he (th3j35t3r) had modified the file.
  • Anonops Anope Services dump – Didn’t directly take credit, but did refuse to give credit to individual who performed the hack. Originally performed by HackThePlanet if I recall.
  • DoS’d LulzSec’s Server – Again, never happened, this was later confirmed by Matthew Prince, CEO of Cloudflare, during Defcon 19.
  • Tripoli Post hack – Used a known vulnerability as XSS (Cross-site scripting) to inject a photo that looked similar to an actual article. (Target Site | Image Source | XSS Effect) This will only work if you use the link he provided. No, he didn’t actually hack into the Tripoli Post web servers.

This also includes the TeamPoison arrests. Yes, Jester went on a exchange of words with Trick of Team Poison, but it was actually LeRes that did the important part in identifying the members of Team Poison, however it was jester that really took credit for what LeRes has done.

The QR code hack of Jester :

Yes, when I first read the post about the QR code hack I was like OMG (yes I have to admit that I didn’t went through the code until people started questioning about it), and soon after that many people started to question about the QR code hack, even the people within the jester’s IRC channel still are in doubt about the hack for many reasons,

  • How did jester use an exploit  in webkit to hack in to Android and iOS devices that was patched back in 2010?
  • You need two shell codes for Android and iOS devices, Jester’s code lacked platform detection, and how he used a single shell to hack both iOS and Android devices is still a big problem.
  • The data that jester said he got after the QR code hack which he said he’s going to publish was never published.
  • Some of the people that said who scanned the QR code has actually never scanned the QR code.

Although the Wikipedia page about Jester say that he released an encrypted version of the data from the QR code hack I talked with someone from the jester’s IRC and I couldn’t find anyone who has actually seen the data (from the people I talked at his IRC and people elsewhere on the internet), and although Jester said that he sent the data to the FBI, according to people at his own IRC it’s another big lie.

You can read a more technical explanation about why the whole QR code hack is a fake from these two explanations by ReaperSec:

Where is Saladin :

If you don’t know Saladin is the new mysterious tool by jester that is capable of vanishing websites in to thin air, actually as far as most people believe a tool like that cannot exist. I even talked about this with Sam Bowne, the problem is taking a website down is possible like a mass defacement, however even if you take the website down the administrators of the site should be about to use the domain name of the website because there is no problem with the domain names. This is a question that nobody is capable of answering.

The only best explanation came from ReaperSec itself where they showed that all the domain names have been expired and the owners haven’t renewed it, and jester just made the story up about a mysterious tool called Saladin to take credit.

Duck and run when the going gets hot?

These are so many questions that are yet to be answered by the Jester, however looking at the recent happenings rather than answering the questions look like Jester is more interested in playing a Duck and run game when the going gets hot.

For example when the jester posted about the QR code hack in March, people started questioning him, rather than answering he started a fight with TeamPoison and then everybody took notice about TeamPoison and what they did, and after TeamPoison went down, everybody forgot the QR code hack and Jester didn’t answer the questions made.

Even when people started talking about Saladin, same thing happened, Jester said he was going to post a full disclosure about Saladin, but then mysteriously went dark on the day where he said he’s going to publish the post. Then came some drama from the @cubespherical twitter account saying he knows jester’s identity, people came up with different opinions of jester going dark. Jester came up few days later, bashed @cubespherical. Never answered the questions any question, the post about Saladin full disclosure never saw the light of day.

Most of my friends now believe that @cubespherical and Jester are the same, and Jester put on this online drama to cover up about Saladin.

Why is Jester strong?

I think jester is influential because of his loyal fan base, some of them are following him blindly, and although some are followers of him, they still have doubts about Jester and his capabilities and don’t believe what he’s saying about Saladin.

It’s because of these followers that help Jester in fight what’s coming at him, if it wasn’t for LeRes Jester wouldn’t have released information about TeamPoison members. Jester didn’t even properly dox Sabu.

Final conclusion?

In my opinion I think Jester is just another “grey hat hacker”  who is overly hyped on his DoS  attacks on websites, if you have the knowledge you can DoS, DoS attacks happen everyday on the web, so what’s the fuzz about Jester’s DoS? Yes, DoS attacks on Jihad websites is a good thing, apart from that what is he good at?

I think now most people are starting to realize that Jester is another DoSer that’s getting too much attention, and Jester likes getting attention, I think he enjoys getting attention. I think that’s why he’s taking credit for things he didn’t do. And put online dramas, so people will know about him. After all what has he done apart from doing DoS attacks? He’s like a thug surrounded by trolls that support him, without his fans he’s just no body.

I might be wrong in this opinion, but still I hope Jester will at least give his disclosure of Saladin, so we can see he’s telling the truth.

Action speaks louder than words but not nearly as often. – Mark Twain