Hacktivist "The Jester" Draws Crowd at Hacker Halted

Monday, October 31, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Notorious anti-jihadi hacker The Jester (th3j35t3r) caused quite the stir at last week's Hacker Halted Conference in Miami by participating in a live discussion during cyber intelligence expert Jeff Bardin's Wednesday session.

The Jester is known mostly for his repeated denial of service attacks on militant jihadi websites (video), as well as his attack on the WikiLeaks website in late November of 2010 that forced the organization to shuffle Internet hosting providers.

The presentation was billed as a special keynote session, and during the course of the conference rumors quickly began to spread that the guest presenter would be none other than The Jester himself.

Prior to the session, The Jester had alluded to the fact that he may have actually been physically present at the conference, tweeting a picture from Wolfgang Kandek's keynote address (http://t.co/h0KnIBwV), and by apparently hiding an encrypted message in one of the conference rooms, tweeting "left a little something under the projector in Alhambra SCADA room. Tweet me a photo of what's there".

As the session approached, The Jester hinted that he was closer than many would have suspected, tweeting "Just poked my head round de door, dude in the jester suit - I am not sure, but I am gonna thank you right here and now. Front row, left side", in reference to a session participant dressed head to toe in "jester" regalia.

After establishing the chat connection, Bardin authenticated The Jester's participation by communicating a direct message via Twitter, which was then confirmed by The Jester through the open chat thread.

After a quick introduction by Bardin, the session was opened to questions from the audience. 

The Jester fielded questions about the evolution of his XerXeS DoS tool, and made reference to two newer versions known as "Leonidis" and "Saladin". He also commented on his motivations for his campaign against militant jihadist websites, as well as his prolonged attacks against websites belonging to the controversial Westboro Baptist Church, and his well publicized clashes with the Anonymous/LuzSec movements.

The Jester also alluded to other operations which have not been as well publicized, including the injection of anti-Quadafi news articles in the former Libyan strongman's state news outlet The Tripoli Post and the regional Malta Independent last March, during the early stages of the uprising.

The entire session lasted just under an hour, and The Jester managed to elicit more than a few outbursts of laughter and applause with his all too familiar sardonic wit.

The transcripts of the session are as follows:

Session Start: Wed Oct 26 17:43:49 2011
Session Ident: #hackhalt

 01[17:55] auth keyword DM
[17:56] <@th3j35t3r> copy that
[17:56] <@th3j35t3r> standby
[17:57] <@th3j35t3r> Auth Eagle.
[17:57] <@th3j35t3r> also posted to me twitter
[17:57] <@th3j35t3r> check your ipads folks
[17:58] <@th3j35t3r> Auth Egale on my twitter guys.
[17:58] <@th3j35t3r> do we have confirm??
[17:58] <@th3j35t3r> lol
[17:58] <@th3j35t3r> ty
 01[17:58] COnfirmed
 01[17:58] live
[17:59] <@th3j35t3r> be gentle
[17:59] <@th3j35t3r> wtf
[17:59] <@th3j35t3r> I got a question
 01[17:59] what's the point of taking out the Westboro baptist church?
[17:59] <@th3j35t3r> glad you asked
[18:00] <@th3j35t3r> you see they seem to enjoy 'protesting'
[18:00] <@th3j35t3r> against anything
[18:00] <@th3j35t3r> that will make them cash
[18:00] <@th3j35t3r> thats fine with me
[18:00] <@th3j35t3r> really it is
[18:00] <@th3j35t3r> however
[18:00] <@th3j35t3r> I draw the line in the sand
 01[18:01] answer done?
[18:01] <@th3j35t3r> when they attempt to get in the face of the mourners of our military.
 01[18:01] thank you
[18:01] <@th3j35t3r> their families
 01[18:01] applause
[18:01] <@th3j35t3r> ty
[18:01] <@th3j35t3r> may I ask
[18:01] <@th3j35t3r> one thing
 01[18:01] yes
[18:01] <@th3j35t3r> of you guys
[18:01] <@th3j35t3r> ?
 01[18:01] proceed with your question
[18:02] <@th3j35t3r> please stand up on your q's
 01[18:02] What is the relationship right now with Barrett Brown and leaders of LulzSec we are all aware of?
[18:02] <@th3j35t3r> I am so glad we got onto this so early
[18:02] <@th3j35t3r> I really dont got much to say on anon
[18:02] <@th3j35t3r> but I will say this
[18:03] <@th3j35t3r> some things they stood for I agree with
[18:03] <@th3j35t3r> but they have shot their own foot
[18:03] <@th3j35t3r> yes I pissed them off wholeheartedly with the Wl hit
[18:03] <@th3j35t3r> and they have totally busted my balls since then
[18:04] <@th3j35t3r> but the best thing about anon
[18:04] <@th3j35t3r> is they are great target preactice
[18:04] <@th3j35t3r> ^^^ practice
 01[18:04] lol
[18:04] <@th3j35t3r> I got bigger fish to eat.
[18:04] <@th3j35t3r> shoot
 01[18:04] Can we ask anything about the application XerXes - it's use - development?
[18:04] <@th3j35t3r> this is the one and only
[18:05] <@th3j35t3r> question I will field on that
[18:05] <@th3j35t3r> so make it good.
 01[18:05] Forthcoming
[18:05] <@th3j35t3r> copy
 01[18:05] When you and Anthony were talking you were going to automate XerXes - jihadi website - have not seen automation
 01[18:05] where are you on the project?
[18:06] <@th3j35t3r> xerxes is no longer xerxes
[18:06] <@th3j35t3r> work in progress
[18:06] <@th3j35t3r> constant
[18:06] <@th3j35t3r> however I can say this
[18:06] <@th3j35t3r> theres 2 better more effective versions
[18:06] <@th3j35t3r> Leonidis
[18:06] <@th3j35t3r> and saladin
[18:06] <@th3j35t3r> ;-)
[18:06] <@th3j35t3r> in the pipes
 01[18:07] Next question
[18:07] <@th3j35t3r> ahhaa this is the question I have been waiting for
[18:07] <@th3j35t3r> btw
[18:07] <@th3j35t3r> turnaround ma'am I am smiling so hard at you.
 01[18:07] What is the point of doing a Dos against jihadist when you could do so much more when you are sure this is a good target
[18:07] <@th3j35t3r> ;-)
 01[18:07] why not do more
[18:08] <@th3j35t3r> okay
[18:08] <@th3j35t3r> heres the answer
[18:08] <@th3j35t3r> as I have stated manyt times previously
[18:08] <@th3j35t3r> I hit hard but fast and frequent
[18:08] <@th3j35t3r> create pressure
[18:09] <@th3j35t3r> hold up not done yet
[18:09] <@th3j35t3r> I have spent time hitting the peripherals
[18:09] <@th3j35t3r> 2 yeaqrs
[18:09] <@th3j35t3r> years
[18:09] <@th3j35t3r> << getting excited here
[18:09] <@th3j35t3r> but leaving the main players to their own devices
[18:09] <@th3j35t3r> because I know
[18:10] <@th3j35t3r> Sec-Services already have them
[18:10] <@th3j35t3r> its the ji-hobbyists
[18:10] <@th3j35t3r> that end up jihadders
[18:10] <@th3j35t3r> like jihad jane
[18:10] <@th3j35t3r> like mt fort hood
[18:10] <@th3j35t3r> and many many others
[18:10] <@th3j35t3r> they get recruited
[18:10] <@th3j35t3r> my aim
[18:11] <@th3j35t3r> is to disrupt and make intrustworthy the smaller cells
[18:11] <@th3j35t3r> funnel to the bigger cells
[18:11] <@th3j35t3r> that are already monitored
[18:11] <@th3j35t3r> by people whose name doesnt begin with a J
[18:11] <@th3j35t3r> a smaller space is easier to watch
[18:11] <@th3j35t3r> hence...
[18:12] <@th3j35t3r> and standby for this
[18:12] <@th3j35t3r> ....
[18:12] <@th3j35t3r> www.majahden.com << tried hard to evade, mostly malaysian providers, in the end wasn't cost effective for host to errr... well host.
[18:12] <@th3j35t3r> www.jihadunspun.com << ji-hobbyists - host was quick to react.
[18:12] <@th3j35t3r> www.alemarah-iea.net  used to be maintained by @alemarahweb now he switched to the main 'funelled' site after a boot from host.
[18:12] <@th3j35t3r> www.alemarah.info - first ever public hit - video here: http://www.youtube.com/watch?v=WeO44IWlkfU
[18:12] <@th3j35t3r> www.falojaa.net << gone after maybe 5 strikes
[18:12] <@th3j35t3r> www.muslimdefenseforce.islamicink.com << succumbed to pressure
[18:13] <@th3j35t3r> www.sharia4belgium.webs.com
[18:13] <@th3j35t3r> www.as-ansar.com <<< this was a frak - softly softly
[18:13] <@th3j35t3r> www.tawheedmedia.com <<< another one bites the dust?
[18:13] <@th3j35t3r> www.atahadi.tk << pressure exerted over time
[18:13] <@th3j35t3r> www.majahdenar.com << their sysadmin is all over the place.
[18:13] <@th3j35t3r> www.ansarnet.info << booted by provider
[18:13] <@th3j35t3r> to name but a few who now have no web presence
 01[18:14] next question?
[18:14] <@th3j35t3r> check my timeline for the last 2 years to verify
 01[18:14] applause
[18:14] <@th3j35t3r> small hits hard and fast
[18:14] <@th3j35t3r> ty
 01[18:14] who is next on the target list and how many targets currently operating
[18:15] <@th3j35t3r> targets in sights at this time in the hundreds.
[18:15] <@th3j35t3r> single man hours
[18:15] <@th3j35t3r> in my life
[18:15] <@th3j35t3r> 100's
[18:15] <@th3j35t3r> ;-)
[18:15] <@th3j35t3r> stand please
[18:16] <@th3j35t3r> verification huh?
 01[18:16] how do you pick your targets - how do you determine someone is a good target versus mistranslating?
[18:16] <@th3j35t3r> whos a jihadder and whos not?
 01[18:16] yes
[18:16] <@th3j35t3r> research
[18:16] <@th3j35t3r> I always research targets
[18:16] <@th3j35t3r> you would not beilive...
[18:16] <@th3j35t3r> ^^^  excited again
[18:17] <@th3j35t3r> how many dicks try and get me to hit some random - I am well aware of this.
[18:17] <@th3j35t3r> I do remember one thing
[18:17] <@th3j35t3r> froim early on
[18:17] <@th3j35t3r> a friendly fire incident
[18:17] <@th3j35t3r> blue on blue
[18:17] <@th3j35t3r> I was aware within 5 mins of the hit
[18:18] <@th3j35t3r> and put it back
[18:18] <@th3j35t3r> and publically apologized.
 01[18:18] commendable
[18:18] <@th3j35t3r> I was young and stupid 2 years ago
 01[18:18] now old and wise?
[18:18] <@th3j35t3r> <<< still stupid
 01[18:18] just older...
 01[18:18] next question
[18:18] <@th3j35t3r> ;-) copy that
[18:19] <@th3j35t3r> libya?
 01[18:19] your detractors criticize you as a one trick pony with a gui.  other dark ops revealed - libya yes
[18:19] <@th3j35t3r> libya was a darkop yes.
[18:20] <@th3j35t3r> but I bet you are wondering why it was mentioned
 01[18:20] yes
[18:20] <@th3j35t3r> by infosecisland
[18:20] <@th3j35t3r> here's the stinger
[18:20] <@th3j35t3r> now its all over
[18:20] <@th3j35t3r> kinda.
[18:21] <@th3j35t3r> I was injecting stories into libyan (tripolipost.com)
[18:21] <@th3j35t3r> and maltese
[18:21] <@th3j35t3r> newspapers
[18:21] <@th3j35t3r> but
[18:21] <@th3j35t3r> I was injecting with a watermark
[18:21] <@th3j35t3r> if ya titled ya monitor back far enough
[18:21] <@th3j35t3r> ya could see it
 01[18:21] as available now on infosecisland
[18:22] <@th3j35t3r> Mr Anthony Freed picked up on this
 01[18:22] as communicated
[18:22] <@th3j35t3r> and as I hoped
[18:22] <@th3j35t3r> would communicate it
 01[18:22] anything further on libya?
[18:22] <@th3j35t3r> (ps I have much respect for Mr freed)
[18:22] <@th3j35t3r> however
[18:23] <@th3j35t3r> since then
[18:23] <@th3j35t3r> much further work on misinfo has occureed
[18:23] <@th3j35t3r> but if it looked strange..
 01[18:23] can u elaborate
[18:23] <@th3j35t3r> they looked for a jester watermark.
[18:23] <@th3j35t3r> there was nonwe
[18:24] <@th3j35t3r> none
[18:24] <@th3j35t3r> end game is simple.
 01[18:24] done?
 01[18:24] next question?
[18:24] <@th3j35t3r> your call
[18:25] <@th3j35t3r> ?
 01[18:25] if you are a convinced of your efficacy - why not try teamwork - engage others?
[18:25] <@th3j35t3r> with respect
[18:25] <@th3j35t3r> sir
[18:25] <@th3j35t3r> I am only still able to operate because of opsec.
 01[18:26] valid point
[18:26] <@th3j35t3r> if you work for an agency you *should* be able to hit me up no?
 01[18:26] next question - Shaun from Washington Times
[18:26] <@th3j35t3r> I have not been 'hit up' yet
 01[18:26] What's your ideology? What motivates you?
[18:26] <@th3j35t3r> shaun... you have a british accent
[18:27] <@th3j35t3r> wtf?
[18:27] <@th3j35t3r> washington times?
 01[18:27] from 1812
[18:27] <@th3j35t3r> lol
[18:27] <@th3j35t3r> okay Mr Shaun Waterstone?
[18:27] <@th3j35t3r> gate?
 01[18:28] stone
[18:28] <@th3j35t3r> I am motivated by the fact that previously...
[18:28] <@th3j35t3r> for a bad person to recruit a potential bad person....
[18:28] <@th3j35t3r> teach them to make IEDs...
[18:29] <@th3j35t3r> or vests
[18:29] <@th3j35t3r> they had to meet
[18:29] <@th3j35t3r> which was great
[18:29] <@th3j35t3r> made them easier to spot
[18:29] <@th3j35t3r> now
[18:29] <@th3j35t3r> there is no need for a physical meeting
 01[18:29] 5 minutes left - on notice
[18:30] <@th3j35t3r> I am here to say - no guys - you aint gonna use the web to blow my buds up.
[18:30] <@th3j35t3r> copy 5 mins
 01[18:30] another question waiting
[18:30] <@th3j35t3r> is it hot in here or what?
[18:30] <@th3j35t3r> do I look at risk?
 01[18:30] if it really is about opsec, why come out publically - if this puts you at risk why do it?
 01[18:31] 80s today
[18:31] <@th3j35t3r> sweating my balls off in here.
[18:31] <@th3j35t3r> (I could be female and misinforming you)
 01[18:32] running short on time -
[18:32] <@th3j35t3r> I'd like to thank the guy on the third seat in from the left - left section at front in the J hat
 01[18:32] your turn to give us whatever you'd like
 01[18:32] stand please jester in front row
[18:32] <@th3j35t3r> and the guy fawker anon next to him
 01[18:33] V pls stand
[18:33] <@th3j35t3r> lovely bow their v
 01[18:33] any words of wisdom
[18:33] <@th3j35t3r> from me?
[18:33] <@th3j35t3r> yeah
 01[18:33] yes
[18:33] <@th3j35t3r> Stay frosty folks.
[18:33] <@th3j35t3r> and thankyou

Session Close: Wed Oct 26 18:35:05 2011

Special thanks to Jeff Bardin for making the transcripts of the discussion available, and to Hacker Halted conference director Leonard Chin for organizing the session.

Possibly Related Articles:
37999
Security Training
Information Security
Jester Headlines XerXeS th3j35t3r Anonymous Hacktivist Westboro Baptist Church Libya psyops Hacker Halted Conference Jeff Bardin
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.