Among his known targeted attacks are numerous takedowns of jihadi recruiting websites, WikiLeaks, the Westboro Baptist Church, (dragging 20 sites of theirs down for 2 months solid no less), the hacker collectives Anonymous and LulzSec, and a PsyOps hack of Libyan online newspaper where he inserted articles describing soldiers loyal to the regime defecting in droves.
In December 2011 a detailed account and analysis of The Jester’s campaigns was published for the SANS Infosec Reading Room and is recommended reading. The SANS Report can be found here The Jester Dynamic: A Lesson in Asymmetric Unmanaged Cyber Warfare.
The most common attack that will disable a website is known as a Distributed Denial of Service or DDoS attack.
Essentially, this is when a multitude of computer systems flood a website with service requests, which overwhelms its ability to process the requests and results in a shut down – other users not associated with the attack cannot get to the website because their legitimate request is buried under the barrage of requests from the DDoS attack.
A DDoS attack requires a conglomerate of computers to conduct the attack – whether the computer owners know their computer is involved or not. The Jester does not use DDoS to takedown his targets. Rather, he has a unique, proprietary tool he calls XerXes that conducts a DoS – a denial of service – from a single source (him).
A video demonstration of XerXes in action can be seen here (double click the video to expand to full screen): Exclusive Video of XerXes DoS Attack.
The Jester announces his successful attacks via his Twitter account @th3j35t3r with the phrase TANGO DOWN. He communicates his activities through three verified sources
- his Twitter account
- his Wordpress blog
- and his IRC (chat) channel #jester located on the darknet at i2p.
Instructions for how to reach his channel, if you are so inclined, are here. (Note: any other sources claiming to be th3j35t3r are fakes – imposters trying to make money off his name or discredit his efforts – this includes Facebook accounts, myspace, etc etc). The Jester maintains a bitcoin donation option on his blog for donations to the Wounded Warrior Project.
Although the Jester is often described as a cyber vigilante, his operations tend to steer shy of retributive justice and drive more toward incapacitation and/or disruption of enemy operations. His targets are researched, specific and his mission is consistent.
A better comparison for the Jester might be the French Resistance in Occupied France during WWII in that The Jester is a citizen operating in an underground capacity to conduct cyber guerrilla tactics, cull intelligence and disrupt and sabotage enemy communications and operations in support and defense of the United States.
There is also the psychological component to simply PWNing the enemy.
His very first website take down announced his mission. On January 1, 2010 he hit alemarah.info - at the time this was the main online propaganda and recruiting website for The Taliban. Takedowns announced via his Twitter account appear with explanations for the reason the website was selected.
For example, these hits from May 3, 2012:
- ‘www.islamicnetwork.com‘ – TANGO DOWN – Permanently – For online recruitment of vulnerable US Muslims for a homegrown threat.
- ‘www.tawheedmedia.com‘ – TANGO DOWN – Permanently – For online incitement to cause US Muslims to carry out acts of violent jihad
- ‘anwar-alawlaki.com‘ – TANGO DOWN – For inciting violent jihad. Site having… ‘issues’ keeping files in their document root.#neverlearn
The last tweet is a good reminder that The Jester doesn’t just take jihadi websites down – he gains access and gathers intelligence before he delivers his strike.
Unlike hackers like Anonymous, LulzSec or cyber thieves, The Jester does not attack websites to steal and reveal user logins, personal information, credit card numbers or other data that compromises others and creates collateral damage. His targets include terrorist organizations and sites that seek to compromise or damage the United States and U.S. military.
For example, his takedown of Wikileaks followed on that site’s infamous publishing of stolen classified U.S. information. He also gave a good cyber backhand to the Westboro Baptist Church for their obnoxious and offensive picketing of the funerals of U.S. soldiers. He also frequently engages in conflict with other hacker teams or collectives that attack U.S. government, military or law enforcement websites.
His philosophical outlook on what he does or why he does it is summed up in a tagline on his blog. “There’s an unequal amount of good and bad in most things… the trick is to work out the ratio, and act accordingly.”
So who is The Jester really?
Because of his propensity to get into conflicts with other hackers, The Jester has more than a few people hunting his real identity. Beyond the expected death threats from jihadis and other enemies, there have been over twenty people falsely identified as The Jester. His real identity remains a mystery. What is known about him comes from his own disclosures, which are consistent with his modus operandi.
The Jester has identified himself as a former soldier who served four operational tours, including Afghanistan. He also disclosed he was involved in supporting Special Forces and has served with an undisclosed airborne unit in today’s real world battlespaces. A former defense operative has claimed that The Jester was a former military contractor involved in US Special Operations Command projects.
In terms of how he operates, The Jester has been clear he operates alone. Even so, his views on his own operations are summed up nicely with a wink and a nod to the SOF community.
“A small team of A players can run circles round a giant team of B and C players.”
Cross-posted from SOFREP