The SANS Report: The Jester: A Lesson in Asymmetric Warfare

Monday, March 05, 2012

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

Post: The Jester Dynamic: A Lesson In Asymmetric Warfare

The above report made its way to my desktop last night via a tweet and I just had to read it. Of course after I had read it I felt dirty from the piece that SAN’s basically put together on Th3j35t3r and his crusade to annoy the Jihobbyists and Jihadi’s offline by DoS’ing them offline for half an hour at a time.

So, I just felt compelled to respond to this report and the inevitable sausage love fest that it portrays Jester’s “work” in the light of reality instead of fanboi love.

First off, let me say that Jester and I have history. Back in the day, when he first started his campaign he/they decided to hit my personal box because it had “jihadist” materials on it.

What Jester mentions and is not elaborated on in the report is that his “mistake” was “blue on blue” as he calls it, meaning that he hit me without really doing any kind of preliminary foot-printing as to who I was and what I do. Instead he just decided to mouth off playing up that I had been compromised and that I hosted materials, thus “TANGO DOWN”

After exchanges with me, as ever my diplomatic self he decided I needed more attention and DDoS, which was all well and good because I was the first to have traffic to give to others to look at for his modus operandi. Anyway, suffice to say that eventually there was a detente between us, but my opinions stand as to his campaigns real uselessness to the real operators out there working to defeat jihad online. In short, I think its a futile exercise and in the end, more of a publicity stunt than anything substantial in the war on terror.

SANS just doesn’t seem to really touch on the facts of how many sites are out there and how much still goes on even with Jester’s DoS campaigns… Nor do they really have any substantial backing to some of the claims they allude to with regard to party van’s being sent out for Anon players. SANS, bad journalism should be left to journalists.

Asymmetric Warfare Or Annoyance?

So, a lone commando goes on a crusade to drive the jihadi’s into the shadows online. He’s a one man cyber army, en-wrapped in the flag, DDoS software in hand.

Umm.. Just what will all this DDoS accomplish? Jester seems to think it will put a stop to radicalizing online, but the reality is that they will just go get another domain or start a new paltalk session. Asymmetric warfare is defined as the following:

“Asymmetric warfare” can describe a conflict in which the resources of two belligerents differ in essence and in the struggle, interact and attempt to exploit each other’s characteristic weaknesses. Such struggles often involve strategies and tactics of unconventional warfare, the “weaker” combatants attempting to use strategy to offset deficiencies in quantity or quality.[1] Such strategies may not necessarily be militarized.[2] This is in contrast to symmetric warfare, where two powers have similar military power and resources and rely on tactics that are similar overall, differing only in details and execution.

From Wikipedia

So, just who is the weaker here? The jihadi’s insofar as strength were never an existential threat in my book online. They have been up until recently, fairly unsophisticated in their communications and their internet skills. The fact is, they were talking pretty much in the open and then comes along Jester and he DoS’s them offline for a little while.

They get annoyed and yell, but then they go back to doing what they are doing. There is no net effect here. Even I thought that they might pull back a bit after his campaign started, but nope, they just kept on going because it was easy enough to just go play X-Box until the site was back online.

Frankly, I see nothing in the anti-jihad campaign by jester as being worth the time. He frankly did much more with the LOIC poisoning than anywhere else, but that is another story…

So, in classical definition of asymmetric warfare, this idea that jester was carrying out one, is false. Neither party was particularly well equipped or strategically effective to merit the term.

Cause and Effect In Jester’s War

As I said above, the jihadi’s went on at a pace even with Jester’s DDoS attacks. If anything, Jester just forced them to become more sophisticated and obtain backup sites and mirror their content even more than they already were before he came along.

In my experience, it has not been the acts of a lone commando DoS’ing sites offline that has affected jihadi websites and radicalization, it has been instead the death of OBL and the campaign against jihad that the US has been waging by killing or capturing AQ leaders and foot soldiers ( making them think twice). The online portion of this scenario though, is more about the arrests of would be jihobbyists who spoke to the wrong people online and eventually were arrested from good police work than anything else.

I would also add that the killing of Samir Khan and Al-Alawki as well had a much greater effect on online jihad than anything else because they were the thought leaders and the creators/editors/creatives behind Inspire Magazine. I have written much in the past about Inspire and how they were trying to re-kindle the embers in many, but also reach out in new ways to the “western” jihobbyists to get them to do more than just talk online about jihad. You see, that’s pretty much all that has been happening, they talk a good game, but then they go offline and go about their business.

Once again, this makes jester’s campaign moot.

… And so it goes on. The jihadi’s/jihobbyists are still online, they have been quieter since OBL and Samir/Al-Awlaki died because the wind was taken out of their sails really.. Not because they got Dos’d. The sites are alive and well and being used today….

Asymmetric War Or Media Campaign?

Meanwhile, the fact that jester came out of the closet with his rhetoric and his IRC/Twitter/Blog only says to me that there was a need for a media campaign. Why the media campaign? Attention. It’s purely for attention unless there is some other means to an end that he had in mind. Of course at the time there was talk by the DoD/DC3 circles how we needed a “patriot hacker” movement, so, could this be a part of that picture? As the paper states, jester has 28K followers on his twitter and many many fanbois. Oddly enough, all of this started just around the time as Anonymous did as well, it almost seems like one may have created the spark for the other no?

So, Jester paints himself as the Dick Marcenko of the internet and the kiddies flock. People are saying he is a hero and many aspire to the same type of fame and attention. Jester’s IRC channel was flooded with people and he spent time in and out of there getting attention. Attention I think he really just wanted, maybe needed.

In his first tangle with me, there seemed to be more than one personality at work and in fact the one that I pissed off seemed to have a lack of self control as well as a juvenile manner. Since then, he/they have matured somewhat but overall has been relegated to not being online as much and not acting out by attacking jihadi’s or Anonymous.

Why?

But then he came back. Just recently he began his DDoS campaign again. Why? Well, one of the first things he did was open the IRC again to all comers and now we have the SANS report.

Attention level achieved. So, in the end I feel its more about attention than it is about gallantry or being an effective “operator” against Jihad. Just my opinion.

The Rise of Anonymous and Jester’s Part in It

Meanwhile, in between battling the Jihadi’s jester also took on Anonymous because they “doxed active operators in the field” etc. While I can empathize with the sentiment, the follow through was hit and miss in his campaign to out Sabu and others. The SANS reports uses innuendo that says he may in fact have been the one to out Ryan Cleary.

In fact, I am not sure about that, because inside sources in Anonymous have said that he was outed by someone on Xbox because he as a frak to them. This is also the case for many others in the Anon infrastructure, they too were outed by others within the collective because they had a falling out.

So, really SANS, unless you have hard data, please stop.

In fact, Jester had had several misses on Sabu and in fact had to apologize to the players he fingered incorrectly. Oh, and by the way, all of this was done publicly and not just data given to authorities to follow up on. Which should have been the real aegis of doing any kind of investigative work on them to start with. After all, if you put dox out there in the public, even wrongly, you are just giving time to those who may or may not be involved to burn their data and make other means to keep on attacking. Tactically this is just poor operational behaviour.

Perhaps Jester has done things in the background we all do not know about and he has not reported to the media… Perhaps not. Overall though, the most creative thing he has done is to poison the LOIC. THIS was a real coup and I do appreciate that one. Hopefully that at least put some fear into the LOIC skiddies.

In the end though, the kids just kept on coming and now we have AntiSec to contend with as well. The war is not won.

COIN and Digital Asymmetric Warfare (i.e. Failure)

So, in the end, I don’t think that generally the attention is warranted for the campaigns Jester has carried out that are known to us. SANS seems to be all over him and Sam Bowne as well as Rjack as modern folk heroes in a way. They do not even cover the fact that Anonymous uses the same tactics and methods as well, but, then where would the folk tale really go huh?

In my opinion both of these groups/individuals fail at their final goal though. If Anonymous wants to effect change, then they need to stop just wildly doxing people and dumping data that really is not cogent to the issues at hand. Jester needs to have more than just a DDoS to drive the jihadi’s anywhere and in fact, the notion of breaking their C&C by DDoS is not functionally feasible.

If you are driving them.. You have to drive them somewhere you want them.. Not just back into the shadows where the analysts can’t see them. All of this is not COIN and it’s not asymmetric warfare with digital tools.

It’s just a game and attention seeking behavior.

K.

*Side Note* Even Lawrence, who won great victories by using asymmetric warfare, lost the overall war in Arabia because of the personalities involved. Just sayin…

Cross-posted from Krypt3ia

Possibly Related Articles:
7782
Network Access Control
Information Security
Denial of Service SANS Jester XerXeS th3j35t3r Anonymous Hacktivist jihadist AntiSec Scot Terban Asymmetric Warfare Krypt3ia jihobbyists
Post Rating I Like this!
Default-avatar
anon europa Mr Terban,

I think maybe you need to look at your own facts when writing.

You state Jester uses DDOS attacks, this is known to be untrue, a common mistake, yes. To right your wrong... he does not require the seizure of random machines across the web because as we know he developed 'Xerxes' (and latterly Saladin - more on that in a second).

You also state that he takes sites down for 30 minutes, however, if you look at his targets throughout his timeline 80-90% are in fact still down and never recovered from his bursts.

Finally if as you say the man is all about attention/fame or whatever.., answer me this. How can this be when nobody knows his identity. He presumably leads a normal life, and walks along the sidewalk everyday, nobody knowing what he actually does. That's not really an attention/fame frak now is it, Scott?

Your article stinks of butthurt.
1330967574
Default-avatar
who what Hello Scott, I have read some of your articles and have been impressed with the journalism and reporting until i read this. Now mind u this is a opion based article and i to am basing my opion as well. The Jester has waged a campaign on his own he and has announced that many times over. the Blue on Blue hit that was against u he has publicly apologized to you and said he made a mistake IE Wordpress and Hacker halted this pass year. The is a big gray area between him and anonymous. He actually stands for something not random security companies and government agencies. I have a ? for you though are you more pissed about him catching that data in your files? Because if he could get it so could anyone else for that matter and so u decided to denounce what he is doing? So his actions are his and his alone. now some can stand with him or against it makes no difference I don’t think to him but you yourself sands had bad journalism well bringing in your emotions into yours is bad as well. Show truth not feelings #staytrue. There is more out there than just him who shares his desire and beliefs. So u can call me Fanboi or whatever just understand he is who he wants to be and I am sure he will keep doing what he wants to do . Thank you for your time
1330967832
6f11dfa37d387cd7c2099ebcd00bccdd
Laura Walker Hello Grudge Report =P
1331037249
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.