Exclusive Video of XerXeS DoS Attack

Monday, February 22, 2010

Anthony M. Freed


Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website www.alemarah.info, and carried out by infamous patriot hacker The Jester (th3j35t3r).

The video release follows an earlier announcement that The Jester has been working to improve and automate aspects of the attack method, which unlike a DDoS attack, requires only one low spec machine to implement.



Xerxes DOS Attack from Infosec Island on Vimeo.

(view Fullscreen mode for the best experience)

“This is an early beta version demo of XerXeS from about three weeks ago. I am still developing it, adding more features and safety nets, in fact it's moved on quite a lot since this version. Video of the upgrades to come at a later date,” said The Jester in an IM chat Monday.

Improvements over earlier versions of XerXeS include the ability to monitor feedback from the target server and adjust the attack to counter the network’s defenses.

“There are three aspects to XerXeS:  There is the DoS attack, there is the means to carry out the attack undetected, and the means to auto-adapt the attack vectors as the target attempts to fight back.”

Further upgrades will include target identification and selection, with the end goal being a series of random disruptions to militant pro-jihad websites, which could be used for recruitment, propaganda, and even the command to carry out a terrorist attack.

In earlier interviews,The Jester indicated that the attack is not so complicated that it could not be replicated by hackers who may choose to target critical networks vital to our infrastructure and economy, like banks, utilities, and telecom systems.

The Jester claims the XerXeS attack can successfully disable the vast majority of websites.

“This current incarnation is still unstable; I couldn't rely on it to knock out any given site on demand. XerXeS can presently take out 90% of web services.”

The Jester says he has received multiple death threats from terrorist groups and even sovereign entities, and remains apprehensive about his personal security and the effect the release of this video may have on his ability to remain unidentified, and alive.

“Releasing this video is a kind of a scary move for me. Cursory observers will try to brand me as a skiddie still - not realizing I actually designed and coded this thing.”

In the several demonstrations I have witnessed in real time, The Jester is always quick to point out his claim that his attacks produce absolutely no permanent damage to the target site, or any intermediary nodes.

“There is no collateral damage at all. So, no friendly websites were harmed during the making of this video.”

The debate continues as to the ethicality of The Jester’s one-hacker crusade. Currently, the poll at Infosec Island has the majority of security professionals registering their support for The Jester’s exploits.

Watch the video demonstration, and then register your opinion in the comments field below.

Does The Jester’s conditional offer of cooperation warrant the extension of some sort of immunity in exchange for critical information that could be employed both against “enemy” systems and also in defense of our own?

Infosec Island will continue to follow The Jester’s story, with more exclusives on the way.

© 2010 Infosec Island - All rights reserved

Possibly Related Articles:
Vulnerabilities Webappsec->General
Denial of Service Hacks Political Jester Patriot Hackers DoS DDoS th3j35t3r Hacktivist
Post Rating I Like this!
Anthony M. Freed I have to say hats off to Mr. Richard Stiennon for originally uncovering this tremendous story!

Be sure to check out Richard’s site: http://threatchaos.com/

Cheers Richard!
Mark Baldwin Forgive me if I am not impressed, but my BS meter is in the red. It is not difficult to DoS a web site. Just because he hides behind this silly persona and claims to only target "the bad guys" he is grabbing lots of headlines. Don't you think the US government could take down any of these sites permanently if they so desired? This is more of a publicity campaign than a serious InfoSec story.
Fred Williams I think the idea behind Jester is who he is targeting and why. Islamic groups have long targeted other sites to spread the propaganda and now the other side has a high profile attacker who just targets sites whom recruit young people for Jihad.

Now Jester has had death threats. Salmon Rushdie made a name for himself back in the earlier days by just writing a book denouncing Islam.

I can see why Jester is grabbing headlines.
Alan Lavoie Why is he temping them out ? Shut em down permanently. That way when they register for new sights we can find out who they are.
Bob The Builder um, wait... is that russian (??) i see in the feed on the right hand side?

i guess he's must be "russian" patriot then...

jst btw, realize that if u condone this, u condone the Anon attacks on PayPal, Amazon etc. over the whole wikileaks story... plus every other hacktivist attack that occurs. it's black and white, there's no grey - if not, u're a hypocrite.

despite the fact that he's a complete fag sell out for the fame, with his display of skills that a scriptkiddie could pull off, i wish him happy hunting!
steven Brown I did a drawing video of that picture on YouTube. Check it out for me! http://www.youtube.com/watch?v=5_Jdmmyycdk
Capt Sare Would I be correct to assume that xerxes is just an automated script that syn floods the target with a reflection attack? I would also hazard a guess that heartbeat is some kind of tcp poll likley a ping.. one would assume that it was at least routed through some kind of ToR... I would imagine he isnt that retarded to just throw an icmp packet out in the wild with his own IP header :)
Michael Barbere In his second video you get to see a little more of the interface. He selects a web frontend attack and has some backend databases that are likely to have different payloads.

He is most definitely not a script kiddie by traditional definition. He created the payload and the interface. Learn to insult better.

I support him about 80%. I understand he is making use of an unpatched exploit to the disadvantage of jihadists. However, it is only a matter of time until his methodology becomes understood to the determent of legitimate businesses and public infrastructure. Therefore, he should be working to disclose (discreetly) how his attack method works to the affected vendors.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.