Uncategorized - 21 January 2011
Author: Doug Simmons

the legendary blue box in a museumI’ve seen enough evidence, the most convincing of which was on IRC, to say with confidence that pretty much all of this is relatively accurate so I’m not going to say “he claims he did this” or “allegedly he did that” throughout this article. All right?

Remember when Wikileaks started unleashing Cablegate but their site kept going down with Assange claiming on Twitter “We are currently under another DDOS attack. DDOS attack now exceeding 10 Gigabits a second?” Turns out that wasn’t a massive distributed attack with such bandwidth, it was merely one man responsible who goes by Jester or th3j35t3r on both Twitter and irc.2600.org on occasion.

Judging by victimology (learned that on Criminal Minds) of his many targets over 2010, mostly pro-jihadist recruitment websites and other themes that all present a threat to Americans and his verbiage including “TANGO DOWN” and his signoff, “Stay frosty,” he may be an American, he may be sincere in his conviction, he may have had some sort of military exposure and in spite of how prolific he’s been and how many people either want to find him in order to kill him or offer him a job. Really, the man has enemies, some of them being pretty good with computers yet he and his identity have remained invisible.

He strikes alone and in a method that could probably work on your cell phone, no high spec machine or heavy throughput necessary. Using software he’s developed himself which he declares will never be released and that it exists only in a few places to which only he has access, he finds out about something with a website that strikes a patriotic nerve of his, powers up his mysterious software which he calls XerXes (more on that later), enters the target’s host, hits the button and within minutes the site is down he claims with 90% efficacy, no botnetting, no collateral damage between him, intermediaries and the final node concealing his IP and no permanent damage to the target which comes back to life once he feels the time is right. No machines are compromised with botnet malware nor are the nodes suffering during the attacks from passing along his packets.

And then his program, which is programmed conveniently to do this upon completion of these temporary attacks, posts a notice on Twitter, whom he took down, an ETA of resurrection sometimes and their offense that earned them a strike:

tangodown

His feed goes on and on like that back to January 1st of last year. He’s got a blog too. Regarding the his XerSeS software, he did a couple video screen capture demonstrations. They don’t reveal how exactly this software works, rather that it does work and that you might find yourself agreeing that this had better not fall into the wrong hands because.. well, here’s a taste:
a


Via Infosec Island.
 

His ideology has clashed with that of Anonymous, the group behind the less sophisticated DDoS attacks on companies that have done anything to give Wikileaks a hard time including Mastercard, Amazon and Paypal. Members of that group have worked diligently but unsuccessfully to identify him, along the way misidentifying him and harassing random people. Jester shrugs it off by presenting identities of some of the members of the Anonymous group. But what he cannot shrug off is Wikileaks and terrorism.

Someone thought it would be a good idea to make a Twitter account resembling his but with one number omitted and claimed he was arrested, was released without charge and put up a website which was a clone of Jester’s, asking for money. Jester took this in stride and warned that person that he’d better watch is back as by assuming Jester’s identity he painted a target on himself, especially when putting up a website and registering a domain (Jester’s is hosted by WordPress and he probably only connects to any service like WordPress and Twitter or Vimeo with many nodes in front of him).

When you look at what he’s done you wonder a lot of things like how could he possibly do all of this and have a job or is someone paying him to do this or is law enforcement after him and does he own any weapons or have booby traps in his lawn. But that he’s been doing this for at least a year, attracting plenty of attention, website hits and several thousand Twitter followers, IRC channels on different networks devoted to trying to reveal his identity, working with one another, and who knows what any governments are up to concerning him, if any. You wonder is this patriotic motif just to polish up his image to get more exposure or that he’s being straight. Maybe he lives in New York and attends 2600 meetings at the Citicorp building once a month. Maybe he’s a Russian, who knows. I think this is all fascinating and if it didn’t sound weird I’d say I admire his balls.

Stay frosty,

Doug Simmons

hacker









About Author

Biographical info.. hmm. I have a history of not being able to strike the balance between what is "safe" to put into these forms and what is, in my mind at least, funny. Can't do it.

(66) Readers Comments

  1. It’s probably some crazy Muslim trying some reverse psychology, or something…

  2. Hmm Mike, I could see that if he was forced to watch enough Fox News.

  3. The jester and his uneffective attempt to bring down wiki leaks is one of the greatest blunders in the history of cyber war. .in doing so the government powers against wiki leaks could not be more embarresed and frustrated at the situation the jester created for them. thanks in part to the jester , wiki leaks is now mirrored in over one thousand websites, and translated in many different languages. Great move Jester!

  4. The jester also endangered Tunisian citizens lives during the recent revolution by infecting a DDos tool.. Hacktivist inside of Tunisia used the infected tool expectin there location to be safe from the corrupt government. It wasn’t, some were arrested and beaten.. the jester admits to infecting this tool and bragged about it. He blames Anonymous for this. But it was not Anonymous who infected the file..It was the jester who put Tunisian lives at risk from the corrupt government by letting the Ben Ali’s regime to see the real locations of these activist/hacktivist.. The jester is not as great as this article portrays him to be..

  5. Didn’t know that. Thanks for contributing. You got a source on his admitting to doing that?

  6. I read both thoroughly; appreciate your supplying this as really, this shit’s fascinating and we normally don’t get OC from the likes of you.

    Couple questions: Why would any of you run a binary handed off to you by your enemy and would you not characterize his actions as provoked and of some tact?

  7. @Doug Simmons He never handed anything off to Anonymous. we don’t just take tools blindly like that.The infected tool was not promoted by anonymous in anyway. it was the jester who directed people to the dangerous file. by pretending to be a member of anonymous. deceiveng tunisian citizens and others. He likes to exaggerate the truth to make him look all so smart, people eat it up without checking the facts cause it makes a good story. Also these sites that he takes down for a measly 30mns.. Some of them have nothing to do with hate there just Muslim views, nobody ever back checks some of these sites they just assume there all bad. On the Wikileaks thing..We seriously doubt he acted alone on that.. Anyway thanks for not censoring comments on a different view of “the Fester” (I’m really surprised his trolls hasn’t attacked my comments yet)…..Best wishes, Anonymous.
    Operation Algeria is in full effect: http://www.interieur.gov.dz/ is down.

  8. Pingback: Jeff

  9. Nice article. For clarification: as you will see from reading the original materials, it was the LOIC software provided and promoted by Anonymous that caused the Tunisians to find themselves in trouble. There were many warnings posted both by The Jester and others that the IPs of the LOIC users were being traced and the users were in danger. The DDoS software infected by The Jester was distributed AFTER the sad occurance in Tunisia and done so with a very clear warning so that users knew what to expect. This type of mis-information and deliberatly erronious accusations toward The Jester has become typical of the Anonymous style. Additionally, the violent jihadi’s websites have indeed been vetted by several sources and found to be dangerous. Enjoyed this article, good job Mr. Simmons. :)

  10. But Jester warned Anon that he did that—they (Anon) are the ones that continued to encourage people to keep downloading it and using it.

    And how many people that are using the ion cannon tool actually know what to do to hide their ip address, etc–you know take precautions? Probably not many

  11. and don’t take me as a fanboy of Jester, I do admire some of what he does–taking down the jihadist sites, etc but I also am a supporter of Wikileaks and the idea of transparency/accountability in government

  12. So how is it Jester’s fault if Tunisian hackers broke the law?
    THEY chose to download the LOIC and ILLEGALLY attack, thinking they were ‘anonymous’.

    This spin don’t stick.
    Tunisia has NOTHING to do with Jester.
    It has EVERYTHING to do with Anonymous using fools and then passing the buck when the bill comes due.

    Judgment day is coming, Anonymous.
    Expect it.

  13. ^^ What he said. Anonymous accused th3j35t3r of contaminating LOIC, which wasn’t even true, and they did not tell their constituents that he had contaminated their new DHN tool, which he warned them about beforehand. Anonymous is just trying to run a smear campaign to turn public opinion against him. Anonymous never takes responsibility when something goes wrong, is that the group you want helping you overthrow a dictatorship? Plus, how large of a part did they actually play in Tunisia? To overthrow a government you need a lot more than a bunch of people in masks from other countries telling you to use their shoddy software.

  14. I think its kinda ironic that Anonymous, the defenders of truth and justice are trying so hard to discredit The Jester, even going so far as to discuss Ion Cannoning word press in order to knock out his blog . I also find it humorous that they (Anon), the “L33t” hacktivist group (according to the media) is having so much trouble trying to find out who exactly The Jester is

  15. Whoever he or she is, I support them.

  16. the core values of anon are worthy it’s just that plenty of them do not realise what they are doing and fuck it up for the rest. one man against thousands isnt a fair fight when that one man is the Jester and long may he continue in his work

  17. Pingback: Bill

  18. Pingback: Neal Mann

  19. Pingback: Wes

  20. Mr Simmons: You should read the initial articles about the Clown. In one of the first interviews, he actually attacked a UK bank – to show off his “skills”. Lone Rangers like this are popular when everyone agrees on his targets. Unfortunately, they dont.

  21. Pingback: G. Alexander

  22. Pingback: Jonathan Abolins

  23. Pingback: Sam Bowne

  24. Most of the marks don’t know they’re being PSYOP’d.
    The Jester had been quietly conducting counterpropaganda restrictive measures against jihadi sites, taking TANGOS DOWN and spreading FUD with his Xerxes DOS tool.

    Speculating here: he starting jerking the jihadis’ chains when he came back from Afghanistan, had time on his hands, wanted to keep his hand in the game while waiting for his next contract. Suspect he was a contractor in Afghanistan doing Information Operations, and that he got that gig because of active duty experience in Special Forces, Psychological Operations, Signal or possibly Civil Affairs.

    Assuming the above speculation is fairly close to the truth, more or less, one might further speculate that Assange pissed The Jester off and he did unto Wikileaks as he had done unto jihadis.

    Anonymous volunteered to provide him with even more amusement.

  25. Jester and his fans are the tea-bag-party of cyberwar, just without the guns.
    His slowloris attacks are not 1337 and all other things he has done to show off were very (very,very,very) lame.

    A poser with a following of idiots.

    He has some legitimate skills in forensics, but not in hacking.

  26. I love how the lot of you like to talk crap, but when is the last time you stood up for your beliefs, and did something other than complaining, whining, and flaming like childish brats?

  27. As long as people believe in fairy tales, it would be good if they remain seated and not stand up for their believes.

    Believing in bs (like Jester’s military background) is a path towards insanity.

  28. Anonymous, you are pitiful to the extreme. None of your accusations have any evidence to back them. His accusations however, do have evidence that he has collected. You keep claiming that he is a noob, but everything points to the contrary. You are the noobs, and you are a bunch of sore loser pussies with no morals.

  29. @anonymous:

    “Jester and his fans are the tea-bag-party of cyberwar, just without the guns.
    His slowloris attacks are not 1337 and all other things he has done to show off were very (very,very,very) lame.”

    I am not defending what either side (Jester or Anon) does but to call Jester lame and his attacks are not “1337″ is just laughable… So you are saying that a bunch of script kiddies using someone else’s program (Ion Cannon) is “1337″??? I would bet that half of those using the cannon program couldn’t even explain what it is doing, they only know to download and click the buttons.

    And I am far from a tea-bagger, I understand the positions of both sides

  30. Jester Can do what he likes when he likes .The kids at anon don’t like that . He doesnt need to brainwash teenagers wanting to piss of their dads in order to make his operation work by getting them on the bandwagon. He just goes about quietly like a pro without any fanfare without anyone having to get his back . Like i said earlier anon has a worthy core it just so happens that an apple rots from the outside in .

  31. I support the Jester! Good on you, Jester – keep up the great work! Don’t be distracted by Anonymous – keep up the “tango downs”!

  32. I suspect a few of these comments in support of the clown are from the jester himself under different names. thats the kind of person he is (he can’t stop talking about himself or encourage others to do it)…the best thing we can do is ignore him completely. Thats the worst thing in the mindset of the jester.. to be ignored.. I’m really surprised he hasn’t opened up his irc chat room yet about thi…. (aww too late he just tweeted it) But if anyone would like to stand for something and get involved, I encourage you to stand with Anonymous against world censorship and injustice in this world. We are many and growing everyday.

  33. Ummm anyone who engages in and supports hacking is involved in a criminal enterprise. Whether you think the cause is noble or not, it is still criminal to hack into a computer. For us, as civilians, to pick and choose who is a target for hacking is not our decision.

    To prove my point if Jester were to use his software on a US-based web site like say Bank of America, how long before he was tracked down by authorities?

    I know security and can tell you that the US Security Forces are perfectly capable of tracking down anyone anywhere when they are online. There is nothing that can keep you truly Anonymous from Cent Com.

    Look at who invented the Internet. Nuff said!

  34. Doug, really nice piece!

    Now I feel I must respond to ‘ Anonymous’ (@C0d3Fr0sty on tweet).

    Firstly I would like to address the claims that I have somehow helped Wikileaks by attacking them. This is really trying to make the best of a bad situation on your part. You see.

    Initially, hitting Wikileaks servers hosted by OWNI (France), PRQ (Sweden), and BAHNHOF with ease, had the desired outcome of ‘coralling’ the Wikileaks operation onto a US hosted platform that could resist XerXeS – Amazon EC2.

    The WL perceived victory was short-lived as enough pressure was now building both politically and technically (by that I mean service providers were aware that WL was now a prime target and couldn’t risk their own operations by providing services to WL).

    As predicted, providers to WL started dropping them – first EveryDNS, then Amazon, then Paypal and Mastercard soon followed. The service providers acted as a force-multiplier, leaving the Wikileaks name nowhere to go except rely on volunteer mirrors.

    So the head of the snake is almost cut off. The Wikileaks name is something few people, as far as service providers, will deal with. Their supply chain is being cut off.

    So, great they have 2000 voluntary mirrors! By the very nature of volunteers providing ‘mirrors’ causes WL to be highly unstable as they will be up and down and sporadic on a day-by-day basis.

    You will also note the distinct slow down in cable releases.

    Now onto the dhn.zip infection and Tunisia:

    http://th3j35t3r.wordpress.com/2011/01/18/for-the-record/

    th3j35t3r
    http://th3j35t3r.wordpress.com

  35. Aw, th3moj3st3r gets hims somes lurrving.

    What was that about fame lovers, looking to get famous?

    “Oh, look at me, I can temporarily take down an unknown website” and that is soooo much better than freeing a country of tyranny. Yessums, soooo much bettsers.

    And, sn0rt, giggle, I’m not even using an unique s/n, noooo, I gotta reach back into the 90′s and snipe someone famouses name. I hope noone noticed.

    That’s a way I am the famouse one.

    You are a pale imitation.

    You are Kam Kardassian, basically.

    Without the best attributes.

    I goatze me tons of followers.

    That’s like Facebook claiming 500,000,000,000,000 account users. 1,000,000,000,000 all end up in my inbox. Fake numbers. Fake successes. Fake personality. Stolen reputation. But, but, but, but I get written about. By blogs and websites who even knew existed before now? Pshaw.

    I said PSHAW.

  36. Ignore the Jester, Anonymous? Surely you (pardon the pun) jest! The guy/gal, has a TON of followers, and not just on Twitter. There are MANY that support his efforts against the jihadis as well as Wikileaks…infinitely more than follow you, Anonymous. You will never have the skills that the Jester has. Time to give up and simply go and watch your favorite programs on Hulu.

  37. @guesswho (twitter th3j35t3r) Your Delusional thoughts of success against Wikileaks is rather bizarre. “You will also note the distinct slow down in cable releases” (Quote from you) So now you claim you are also responsible for the slow down of the Wikileaks cable to the public. C’MON MAN! Lets try to keep it real, not fantasy! I would pull back that claim…

  38. The Jester is walking a fine line. If what he was doing was criminally harmful enough to someone or thing within the U.S., I think the Feds would shut him down. Unless they haven’t identified him either, which is a scary (but real) possibility. I think what he is doing amounts to a form of self defense. Criminal? Maybe (I’m not a legal expert). But sometimes even illegal actions are legally justifiable if a threat exists. Both jihadi extremists and wikileaks have presented themselves as threats to the safety and wellbeing of Americans. Defend on, Jester. I salute you for your contributions.

    Near Myst

  39. http://t.co/bw4vfga – oops there it is.

  40. WTF throwing down some truth for the anonymous “voodoo chile”

    h/t The Jester

  41. Like I said, th3j35t3r’s actions speak for themselves, as do Anonymous’s. I also like that every time someone else supports Jester, the Anonymous crowd, they just say that it is the Jester propping himself up. Only someone who has tried everything else and completely failed would resort to stupid shit like that. There is no possible way that he could make as many posts, blogs, articles, etc., all with different speech styles all on his own, all supporting himself. It is ridiculous.

  42. Yo dawg, guyfuwkes, sup with your “I’m neutral but I believe Jester” shizzle?

    The first article was written by Charles Jester. What? You sayin’ he’s not fronting, man?

    There is one clear thing that connects them all.

    Same message. Same exact message.

    1) How could he be the same person? The speech styles are different.
    2) He’s got tons of supporters, so there.
    3) Always refers back to Cryptome.org – Lamo Lamo’s.
    4) They all delete anything that gets shown as patterns.

    Now, Boo, Ah ain’t saying that he’s uno persona. Verdad? Pero, es possible hay seis personas con google que puede flip back and forth.

    But it’s statistically impossible for soooo many people Biebs to stick to the same talking points so consistently – and all getting back to cryptome.org (who’re still smarting about getting their asses handed to them) and the now expanding attacks on new “leaksish” kinds of competitors.

    My precioussess. MY precioussess.

    Um, yeah – back with the same messages again. You done played out. Or do I have to get Jester from ’90 IRC land to come on here with me and play y’all out, eh?

    Now, your playing defense too. Before you acted on offense. “You can’t take away my voice” replaced “you’re pwned.” Circling the drain.

    Wanna see me come on as a southern white gal with politness, sugar? Bless your heart!

  43. Ha
    Ha
    Ha
    You don’t make much sense do you Barea? So if multiple people have the same message, they are the same person? So Anonymous is one person? Is it you? Fuck, I hope not, cuz you would be screwed.

  44. 6) Teh FBI is going to throw you in jail and you’ll be screwed – and variations on that theme.

  45. Pingback: G. Alexander

  46. Come on, Co$, operational failure?

    Try to create a rival entity to this mysterious organization called Anonymous?

    You pushed too hard. Hit all their talking points. Like always. Always a space alien bridesmaid and never the Clear.

  47. If The Jester claims that he uses XerXeS for taking down WikiLeaks, why the statements about Wikileaks are from web and not from XerXes attack platform?

    • Excactly, its bullshit, and you idiots are propagating the nonsense, a sockets flooder doesnt send 10gbps of fucking udp bandwidth. Santa isnt real, and the jester is a fail fag, period, end of story.

  48. Anonymous, Anon, 4Chan, or whatever names you go by. I believe all of you are being used by the taskmaster George Soros via his Shadow Party moveOn.org. (ACT) political action committees etc. Soros aim is to turn America into a communist controlled socialist country. Guess what guys, you will have very little freedoms on the Internet if there communist controlled socialist plan come into existence in America. MoveOn.org is a movement cleverly tailored to lure the young, the Net-savvy and the self-consciously fashionable into supporting mainstream Progressive Democrats (communist) Looks like you guys were lured into believing WikiLeaks was all about transparency. I believe WikeLeaks is now working for George Soros, and getting paid well by George Soros. Check out the third picture in this web site. Also read The Shadow Party by David Horowitz. Be careful what you wish for! As for the Jester “Press On”

    http://zeroanthropology.net/2011/01/23/journalist-hacker-spy-racketeer/

  49. @Maybe The Jester can explain this…:

    Why would the emails come from the program itself? If it sent emails out it could potentially be traced back to his ip

  50. The jester is just going to get frosty with the time. In 2 weeks no one will remember him, he is just a guy with a gun and a invisibility ring with nothing else to do.

  51. He is the best drama queen outside of Ligatt…

  52. Careful or the mighty leaderless clan will turn their flawed pea shooters at this site. Remember, they attacked Gawker for not saying “nice” things about them and have followed up their slapstick ddos of a mere 52 minutes against Gawker to launch one of their super-secret “ruin life” campaigns on the staff.

    Anonymous has changed. Its once loyal followers have left, now replaced by the likes of jihadders, neo Nazi’s, and wannabe anarchists. Sit in one anonops irc channels and you’ll soon ask yourself, “why are there so many Saudi ips here?” and why “are these Saudi ips so gun hung against any western target mentioned?”

    Anonymous is a circus. The “leaderless” clan is being run by an “inner circle”, the “dark anons” as they insist on being referred too. The dark anons select the target, announce it, and like the cowards they are, hide out while unsuspecting followers risk their freedom using inferior tools supplied or recommended to them by the dA. And where is anon when these followers are arrested? Nowhere. They’re left to rot in jails, to find for themselves.

    And it’s one #fail after another. Operations Tunisia, Payback, 1984, HappyClown, Dagnabbit, all epic #fails.

    Anon is dead. But th3j35t3r lives on. Godspeed j35.

  53. I’d be more interested to know why he has a Russian news RSS feed on his screen… If it is his screen, of course :)

    Besides, there’s no real evidence it is one person – could be just a proxy name for a group.

  54. Given that this guy’s been extremely successfully careful about hiding his sought-after identity, which do you think is more likely when he made a video presumably demonstrating his coveted DOS program in action with the rest of his screen visible including an RSS thing getting a feed in a foreign language, that he did that intentionally or that it was an oversight and he is in fact Russian or otherwise interested in Russia?

    There’s very little we believe we know about him: He routinely temporarily takes down websites fitting a patriotic motif and posts each time about it on Twitter (his DOS tool carries out that function apparently) and he’s been doing it for at least a year and that he favors 2600 for his IRC needs. He runs Gnome on Linux or UNIX and has garnered a following. Is that not it?

    Introducing some speculation, if it were he and if he weren’t making it up, during some web interview he said he had a military background. Anonymous got under his skin he claims when they messed with random people they thought were him and he fought back, but now he seems to be refocused on his DOS mission.

    Elevating the level of speculation/rumor, in his military stint he was part of a psychological operations operation which does seem fitting.

    Stuff like he’s an American patriot / he watched Generation Kill too many times / he’s Russian / he’s just trolling / he’s one man / or more than one / a government is behind this, those sound like wild guesses.

  55. @Anonymous: hmmm funny i do remember the jester warning people that the file was compromised and warned them not to use it.

  56. @Frank: so who invented the internet you know it wasnt americans right. i hate when people try to claim it was america it was actually created in sweeden at cern.

  57. @Anonymous: no he is saying the slow down is because you are relying on volunteer mirrors. lol what a dumb ass.

  58. @frostthejack: “so who invented the internet you know it wasnt americans right.” Seriously? SERIOUSLY?

    Learn to use the Web: Here’s a great place to start:
    http://en.wikipedia.org/wiki/Internet#History

    And most likely what you were referring to, a single service on the Internet:
    http://en.wikipedia.org/wiki/World_Wide_Web

    Another quote by you: “dumb ass”. Know your facts before spouting off.

    Everyone else, mea maxima culpa. I apologize for the flame, but I just couldn’t stand it.

  59. Pingback: God Hates DoS Attacks?

  60. Pingback: God Hates DoS Attacks? | Techblog

  61. Pingback: Th3j35t3r’s 9/11 terror spree • Chronicle.SU

  62. Whoever wrote this article is not only an inept idiot, but a clueless fanboy.

    How do you equate a 10GBPS udp ddos with some shitty Apache sockets flooder?

    Pull your head out of your ass.

    Oh and btw, jesters shitty little pyloris tool no longer works, baww about that shit.

    • Fix, I don’t know, slow/pyloris is some powerful shit, I took down my own server running it on my cell phone on 2G. That said, I was under the impression that Jester had a broader arsenal of tools up his sleeve and that, for example, there is little known about this Xerxes thing other than some youtube demo. Has it since been leaked, or did he reveal his methods (socket flooding), or are you just tossing out a guess?

      And let’s say it was a garden variety ddos, how do you know that he doesn’t have the means to drum up enough packets to take on this cult?

      I don’t mean to antagonize you (and pardon me if what I wrote is indeed clueless fanboyism), but why does Jester seem to bother you so much? What is it about that guy that got under your skin so deeply? Is this still about Wikileaks?

      Inform me please and the couple other guys who might be reading this, just trying to have a discussion. Also do me a favor, in case you’re flirting with the idea — not saying you are but if it’s crossing your mind or you feel like I’m provoking you (you do sound aggitated) — and spend your 10GB/s on another target instead of this site (we’re really not worth it).

  63. Pingback: Mobility Digest – Jester Schools Us on North Korea