BIRMINGHAM – I had an interesting demonstration in January from a hacker who goes by the handle “The Jester” or in so-called l33t speak, th3j35t3r which is his Twitter ID. Since January 1, The Jester has been systematically wreaking havoc with several websites he associates with Al Quiada and Jihadists via a Denial of Service attack delivered over the web through an anonimizer service.
The Jester has been documenting his attacks against www.alemarah.info, www.radicalislam.org, islamicpoint.net, www.almaghrib.org, www.as-ansar.com, www.islamicnetwork.com, www.islamicawakening.com, www.ansarnet.info, since the beginning of 2010.
In January, he posted:
Official Presidency Website of Iran (www.president.ir) will be unavailable for the next 40 minutes, due to their oppresive Islamic regime.
I approached The Jester through DM and provided my email address. I wanted to understand his(?) motivations and intentions. These are still not completely clear but this post sums it up.
The Jester is taking on radical Islam through the web.
Via email he told me:
Hi again Richard,
Forgive me if I may sound vague on any of the following, as you can probably understand I need to protect my own identity for the moment.
I am an ex-soldier with a rather famous unit, country purposely not specified. I was involved with supporting Special Forces, I have served in (and around) Afghanistan amongst other places. Since ‘leaving’ the governments payroll, it has occurred to me that the bad-guys are in fact starting to utilize the web more and more as a recruitment, communication, and propaganda medium.
I have been and continue to develop methods and tools to disrupt, mis-inform and obstruct this kind of terrorist activity. Kinda like taking them down from the inside, and using my weapon of choice. The method I have used to take-down the sites mentioned on twitter is rather special, it’s only downfall right now is that it is obviously only temporary disruption. But I can however take down and put back their sites at will. The attack is like a DDOS attack, except without the first ‘D’.
There is nothing ‘distributed’ about this. It is possible with very low bandwidth and a single low-spec linux machine.
I am still refining the tool, but if you check right now – www.alemarah.info is in fact temporarily down, until I decide to bring it back.
The idea here is to target known sites and cause much trouble, but not be destructive and defacing. it’s a very surgical strike and causes no collateral or long-term damage.
To read the rest of this column, click on ThreatChaos.Com
Richard Stiennon is a security industry analyst based in Birmingham, MI. He has presented on the topics of cyber threats and cyber defense in 28 countries on six continents. He writes the ThreatChaos blog. His first book, Surviving Cyber War, is due to be published by Government Institutes in mid 2010. Stiennon?s publishing group, IT-Harvest, is a joint venture partner of MITechNews.Com. For joint advertising information, email email [email protected]
a>>
