ConCen / Main / The Velvet Glove v / wikileaks webwar continues.

Post Reply 
 
Thread Rating:
  • 2 Votes - 3.5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
wikileaks webwar continues.
12-16-2010, 08:15 PM (This post was last modified: 12-16-2010 08:48 PM by rsol.)
Post: #1
rsol Offline
Posting Freak
*****
 		Posts: 2,489
Joined: Aug 2006
wikileaks webwar continues.
A side note to the war on wikleaks but none the less worth a read:

Quote:Anonymous Turns Operation Payback Toward “The Jester”

The Jester, a hacktivist who is normally known for short term denial of service attacks against Jihadist web forums and who recently claimed responsibility for an outage at Wikileaks in the middle of Cablegate (Wikileaks publication of U.S. diplomatic cables) has himself become the target of the large scale hacktivist protest called Operation Payback. The Jester, or th3j35t3r as he’s known on Twitter, has ostensibly had the identity of either himself or his close associate revealed as a Montana man who works for the state government named Robin Jackson, who is becoming the target of what could be a good deal of unpleasantness from Anonymous and the 4chan/b/ board at large.


Why?

Earlier today messages like these started to appear on the primary IRC channel being used by OperationPayback:

* 03[15:38] * Topic is ‘ Let´s find the guys that are trying to stop us. AnonymousDown: http://twitter.com/AnonymousDownhttp://www.stumbleupon.com/stumbler/AnonymousDown/. th3j35t3r: http://twitter.com/th3j35t3rhttp://www.xfire.com/profile/th3j35t3r/http://th3j35t3r.wordpress.com’
* [15:39] We need to find the Jesters name,address,and more
* [15:53] jester seems to be -> rjacksix
* [16:21] <%Ap3X> Everything links to this guy
* [16:00] Robin C Jackson
* [16:00] 181177—-
* [16:00] Home_address_icon —- N Montana Ave | Helena, MT 59602
* [16:00] Phone_icon (406) 422-4685
* [16:14] the only proof is that they atleast know eachother, not that they are eachother

There appear to be two primary reasons Anonymous has turned their attention on this man. The first is obviously the Jester’s attacks on Wikileaks, the second more direct reason may be attacks on the Internet Relay Chat (IRC, essentially an Internet chat room) servers that Anonymous is using to coordinate their attacks (they believe that the Twitter account “AnonymousDown” is in fact the same person who is behind “th3j35t3r”):

[Image: anonymousdown.jpg]

A New Mission

In the same style as the poster announcing attacks on Internet based payment services and credit card company web sites is this announcement from Anonymous on “The Jester”:

[Image: op_payback.jpg]

Overall Plan

The following write up from Anonymous takes the time to explain why th3j35t3r aka Robin Jackson is a target under “Project th3j35t3r” and provides his personal information to would be attackers:

[Image: overallplan1.jpg]

Marching Orders

This update from Anonymous provides links to public web sites with information on Robin Jackson, instructions for using the denial of service tool LOIC (Low Orbit Ion Cannon) a C# tool written by praetox which floods a web site with HTTP, UDP, or TCP requests, tips on not getting caught and disposing of evidence, and links to information on the overall Operation Payback itself.

[Image: marchingorders.jpg]

Operation Payback

A coordinated group of attacks, starting with attacks on groups known to be anti-internet piracy has been dubbed by it’s participants as Operation Payback. The primary tactic of the attacks is distributed denial of service (DDoS) attacks on web sites associated with industry groups combating Internet privacy such as the Motion Picture Association of America, the Recording Industry Association of America, and the International Federation of the Phonographic Industry as well as law firms such as ACS: Law, Davenport, Lyons & Dunlap and Grubb & Weaver.

Secondary tactics involve web site defacements (as happened to the ACAPOR, a Portuguese organization), data leaks (as happened to ACS:Law), and the like.
The Operation Shifts Towards Wikileaks “Defense”

Operation Payback has, as of this week, focused it’s efforts on anyone associated with attempted take downs of the transparency organization Wikileaks. Initially this took the form of DDoS attacks on organizations that froze or stopped donations to Wikileaks or took down services used to support the Wikileaks web sites. This included denial of service attacks on the web sites of PayPal, Mastercard, and Visa.
The Jester or th3j35t3r

Going by the pseudonym Jester, this hacktivist was primarily known for temporarily attacking Jihadi sites in the last year or so, as demonstrated by his Twitter feed. Essentially he makes these web sites inaccessible for approximately a half hour as a form of protest against these sites (and has specifically been upset when a U.S. provider has any role in the site’s being online).

[Image: jesterattacksonislamicsites.jpg]

The Jester self identifies as being ex-U.S. military and explains his original motivations in this letter to security blogger Richard Stiennon:

Hi again Richard,

Forgive me if I may sound vague on any of the following, as you can probably understand I need to protect
my own identity for the moment.

I am an ex-soldier with a rather famous unit, country purposely not specified. I was involved with
supporting Special Forces, I have served in (and around) Afghanistan amongst other places. Since 'leaving'
the governments payroll, it has occurred to me that the bad-guys are in fact starting to utilize the
web more and more as a recruitment, communication, and propaganda medium.

I have been and continue to develop methods and tools to disrupt, mis-inform and obstruct this kind of
terrorist activity. Kinda like taking them down from the inside, and using my weapon of choice.
The method I have used to take-down the sites mentioned on twitter is rather special, it's only
downfall right now is that it is obviously only temporary disruption. But I can however take down and
put back their sites at will. The attack is like a DDOS attack, except without the first 'D'.

There is nothing 'distributed' about this. It is possible with very low bandwidth and a single
low-spec linux machine.

I am still refining the tool, but if you check right now - http://www.alemarah.info is in fact temporarily down,
until I decide to bring it back.

The idea here is to target known sites and cause much trouble, but not be destructive and defacing.
it's a very surgical strike and causes no collateral or long-term damage.

Xerxes DoS Tool

The attack tool he’s developed called Xerxes originally made use (according to him) of a flaw in the Apache web server but has since been modified to attack other web server types as well. In essence all of these flaws are requests you can send a web server that causes the web server to expend additional resources to determine that it is an invalid request. Flooding the web server with enough of these requests causes the web server to be unable to respond to any legitimate http requests from users attempting to visit the web site or web based resource.

InfosecIsland published a video of an example attack using the Xerxes denial of service tool:





More Information

* The Jester on Twitter: http://twitter.com/#!/th3j35t3r
* “Jester’s Court” blog: http://th3j35t3r.wordpress.com

Anonymous?

Anonymous is a loose affiliation of Internet denizens known for various hoaxes, blaming things on ripoff site eBaum’sWorld, and probably most famously Project Chanology a protest against the Church of Scientology. The members are also known for wearing Guy Fawkes masks. In the last couple of days they have given more interviews on television (mostly young people) than I ever thought a group that calls itself Anonymous would give.

Robin Jackson, seen at left, is an information technology worker for the Montana Department of Labor and Industry and a pastor of an organization called the Wolf Creek Baptist Church in Wolf Creek, Montana. He is also according to what some Anonymous members think, The Jester. The evidence of such a connection would not hold up in any court of law, but the two men do at the very least share some connection which could be as minor as Jackson being a vocal supporter of what The Jester is doing, right up to Robin Jackson actually being The Jester as members of Anonymous and blogger Scott Terban have intimated.
btw for anyone still wondering what a denial of service attack is......... DOS is really the symptom of the attack rather than the cause.

hacking is basically hitting the keyboard until the computer does what you want. With DOS hacks. the idea is not to find passwords or deface property...merely get the computer to have a rather big think. Asking it to put 99% of its resources into calculating pi isnt one of them but the principle is the same. The exploit he is using is very similar to this.

DDOS attacks are low tech but high bandwidth, riots on the internet. essentially plugging people into a shopping mall entrance stops any shopping. simple but effective. the jesters is elegant but a short living mechanism as already netsec folks will be busily plugging the hole....im wondering why he isnt arrested for such illegal activity.....
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | ConCen | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication