It’s not often I interview people for the blog however when some one catches my eye and raises my interest I like to find out more about them and share it with my readers. This time I interviewed ‘The Jester’. The Jester has been in the media spotlight recently for taking down Jihadist terrorist web sites via use of a targeted DoS attacks.
* Can you tell us a little bit about yourself and what you do?
Ryan, I would like to give you and your readers a little more about me but it’s kind of difficult to do that, given the nature of my targets, all I can give you sir is what’s already ‘out there’ – I am ex-mil – and slightly pissed at the surge in Jihadist online activities.
Now with regard to what I do: I aim to cause disruption to the online efforts of Jihadists on the internet. They have realized that they can recruit, train and coordinate home-grown terrorists completely via the internet, without ever having to meet. This cuts out much of the risk associated with any face-to-face contact for the recruiters. Web recruitment targets young, tech-savvy, vulnerable Muslims, the iPod generation if you like. By making these sites unreliable, the potential recruit numbers start to dwindle. I limit my hits to defined time-slots (rather than killing them completely) because I am well aware that official Counter Terrorist Agencies use some of these sites for intelligence gathering. I have been asked why I DON’T hit certain sites, well it’s simple. By NOT hitting certain sites (and hitting others hard) I am ‘herding’, people give up easily when a site is constantly up and down, and move on to a more reliable one. So it creates a funnel-effect, funneling terrorists and potential terrorists away from peripheral sites and into a smaller space that is easier to monitor.
* Would you define your actions as white/black/gray hat?
I would consider myself a gray-hat, neither white nor black, but somewhere in the middle. What I do is totally illegal under most jurisdictions of domestic law, so by that definition maybe I am a black-hat. However, that said – there is an unequal amount of good and bad in most things, the trick is to work out the ratio and act accordingly, Ryan.
* What are the advantages/disadvantages of making your cause public?
I tweet most XerXes attacks not to gain glory or anything so mundane, (if I wanted ‘glory’ I wouldn’t be anonymous!) I tweet certain smackdowns and hits for two reasons: it undermines the site and its operators to its target audience, and draws otherwise unknown jihadist internet strongholds to the attention of official law enforcement agencies.
* Do you not fear being tracked down?
It depends who is trying to track me. There’s only two types of people that want to find me: Law Enforcement and Jihadists. The latter will not be playing by the rules, they will broadcast my downfall on youtube for all to see if they get the chance, but having researched their online tactics and methodology, I find they are quite primitive in their approach to date. The former, well, at least they are not gonna hack my head off for youtube. I obviously take precautions and have successfully obfuscated my virtual and physical locations enough to even in a position to be doing this interview.
* Where are you from? Your email address is Russian, you speak German and you came via Sweden on the bit.ly link I sent you.
You have but one email address, but one language, and but one IP location. I take a lot of care when attacking, responding to interviews, or in fact engaging in any ‘Jester’ activity, it would be foolish of me, given the nature of my targets, to compromise my opsec and spill my location. But thanks for trying LOL ;-)
* Have there been any attempts at tracking you down?
To my knowledge so far there have been requests from certain jihadists to ‘find and gut’ me on some of the site forums I have targeted, and I have received a couple of death threats, but am confident in my methods. Regarding Law Enforcement Agencies trying to bring me in to face a court of law, there would need to be a complaint, and I don’t think jihadists are gonna go running to the Feds or Interpol or whoever complaining that their suicide-bomber training site is getting hit by some guy named ‘Jester’ – whaddya think?
* Where did you learn your technical skills?
Self taught over many years. To say anymore on this could compromise me. I hope you understand my situation.
* What types of attacks do you carry out? Are they all DoS attacks or do you use other attack techniques as well?
The DoS (XerXeS) is just one attack vector, it’s the one I make public. I engage in many other covert methods of infiltration and intel gathering, everything from social engineering to SQLi and everything in between. You only see what I want to be seen.
* What is your final goal? When will your attacks cease?
I haven’t decided yet. ;-)
* Anything else that you would like to add?
Thankyou for the opportunity to talk to you and your readers. Again, there’s an unequal amount of good and bad in most things, the trick is to work out the ratio and act accordingly. Thanks for the questions Ryan.
A big thanks to The Jester for doing the interview for the ethicalhack3r blog. To find out more and follow his ‘take downs’ you can find him on twitter: @th3j35t3r