Network Security, Network Security, Threat Management

Cyberwarfare Roshambo: th3j35t3r Profiled

Cyberwar and cyber minutemen: th3j35t3r vs anonops

One of the Tweets linking to last week's PMC articles listed cyberminuteman as a definition of an elite geek with an offensive strategic outlook. Today we'll look at one such minuteman who started a war. According to most reports, round one of the cyber attacks against WikiLeaks was levied by a civilian – a skilled cybersecurity guru or crew using XerXes, a homegrown DoS tool to hammer away using an Apache vulnerability.

The Jester [th3j35t35] claimed responsibility. A WikiLeaks DDoS attack which was just another day at the office for this online cross between Rambo and Bill Gates. Now thanks to The Jester, apparently the risk factors of using the next generation of the Low Orbit Ion Cannon (#LOIC) have become a disruptive influence on the mob rule of DDoS.

The Jester is apparently stripping away the masks and letting the chips fall where they may.

Anonymity of DDoS Toolkits – Disrupted!

A snippet of dialogue posted details the malware injected into the user-friendly protesting DDoS toolkit:

[2011-01-07 20:15:47] <th3j35t3r> DHN.zip is a new LOIC except its flawed too, aparently. Some dude has recomiled it, as they shipped the src, and it will announce exactly where you are? wtf? lol
[2011-01-07 20:16:02] <th3j35t3r> <<< = somedude

Commentary on this IRC dialogue from The World Exposed [Tyr]:

That's right ladies and gents, trolls and trollettes, skiddie, wannabe, and poser…. The DHN files that you are downloading, using, and “playing” with are altered versions of the original.  These lovely beauties are, in fact, infected by none other than th3j35t3r.

(Did Anonymous really think that they could remain anonymous with all their little toys?)

Profiling Jester [th3j35t3r]

First, The Jester [non-elite speak] is attributed to being a veteran and claims to be a patriot. If the first part of that is true, I'm figuring that he or she is probably a statistic of veterans currently unemployed – a figure in April 2010 which stood at 30% for Afghanistan vets.

Disturbing new statistics from the Labor Department show that one in three veterans under age 24 is unemployed – and that the unemployment rate for Iraq and Afghanistan veterans has jumped to 14.7 percent, half again as high as the national employment rate of 9.7 percent.

While this figure had dropped as of August 2010, there are still highly qualified people who are unemployed or underemployed. I'll bet The Jester's one of them and simply has a lot of time to kill.

Second, The Jester is likely to be someone with mobility and access to multiple distributed network endpoints. OPSEC would require hard-line anonymizing of their efforts. Remember that Kevin Mitnick was incredibly mobile and extremely hard to catch without radio direction finding (DF) technology. While anonymizing technology could in fact be randomized and a single terminal could be used, I would hazard that this person is rolling around in a recreational vehicle pirating unsecured Wi-Fi networks and living off the grid on prepaid gift cards and liquor store cell phones.

All you need to commit any cybercrime is available at every stop and rob [corner liquor store] – unattributed CATCH Team member

Third, it's even money there's more than one person. As far as social networks go, only biker gangs and prison convicts are tighter than combat veterans. If this guy or woman is part of a small unit of dedicated people, I wouldn't want to be the one to try and track them all down – it would resemble Michael Mann's movie from the 1990s, Heat, with the bad guys just as human as the good guys – and just as professional and sophisticated. Additionally, Jester's probably getting some 'over a beer' help from insiders who sympathize with the mission and are part of his or her tight social network.

Fourth, even if arrested, a conviction is not a guarantee. It's not known whether Jester operates from within the United States, but it's assumed. Seeing as the criminal code requires 12 jurors to unanimously decide in order to convict, I'm not sure that any U.S. attorney would be itching to find this person and put them in front of 12 people. As Mitch Dembin, San Diego U.S. attorney and cyberlaw guru has related, it is really difficult to identify the nature of an incident, and how that is initially assessed sets wheels in motion which cannot be taken back. Additionally, any defense attorney would jump at the chance to defend this client – and likely do it merely for the publicity. My vote for that role in a trial death match would be for Mitch's former boss, former U.S. attorney/now private practice San Diego attorney Karen Hewitt. Further bets – if this did come to trial, it will be handled in San Diego, Boston or New York, in that order.

Finally, the cautionary tale is for those who want to commoditize cyberwarfare. Bringing script attacks into reach for the common masses may be noble, but the command and control elements are at very high risk of kinetic world attack. The Jester has had numerous #Anonops members furiously dig away at locating him/her, which has looked sort of like Wile Coyote and the Roadrunner.

To #Anonops, I think it's a little past the bits and bytes level to try and find a combat-trained veteran; I wouldn't send Bill Gates to bring in Rambo, and The Jester apparently has a little of both mixed in.

For everyone else, the end of this campfire tale is to be wary of the attribution hand grenade which someone might toss into the distributable file. Just like every other warez download out there, the risks are tremendous and not worth the protest. Unless you want to end up living in a van down by the river pirating Wi-Fi.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.