Archive for the Uncategorized Category
Late Monday afternoon, the twitter account FawkesSecurity sent out a tweet, linking to a YouTube video along with a pastebin link. An individual wearing a Guy Fawkes mask, the widely known trademark of the activist group Anonymous sits on the screen. In this video the individual makes the claim that 200 kilograms of a composite nitroglycerin and commercial explosives have been placed in a tamper proof apparatus and hidden within a government building somewhere inside the United States, and would detonate remotely on November 5th.
Now there are several things that stuck out about the pastebin that lead me to believe this is a hoax or some other sort of sick prank.
- 200 kilograms of composite nitroglycerin
- commercial explosives
- detonate remotely via transmission control protocol
- severe consiquences
- military grade
Just an FYI, in the US we don’t commonly use the Metric system. Without getting all technical, you got somewhere around 441 pounds of nitroglycerin, which by its self is unstable, and commercial explosives into the US through customs? You have this ‘device’ that would have to be about the size of a refrigerator or drink machine, connected to the Internet? You couldn’t use something like a cellphone cause the battery would die maintaining a data connection that long, so you would have to have it plugged into a LAN or WiFi, inside a government building… wait a minute. Haven’t I seen this movie before? This sounds vaguely like the movies Sum of All Fears, and Die Hard with a Vengeance. Oh and by the way, you spelled consequences wrong.
Yeah, you get the point. Kid, you’ve been watching too many movies.
Hoax or not, you’ve made a threat, a bomb threat against the United States Government. Not something they generally find funny. But you need not worry about us, here at ReaperSec, or those behind the Jester mask. Nope, neither will have anything to do with you being arrested. Like the recent demise of Barrett Brown, this you have done all by yourself. The FBI and/or Interpol will be picking you up soon enough, for a nice extended stay at one of their many luxurious facilities.
So as a once good friend said, tick tock.
The bet is no trolling for one week. Starting Monday 10/8 at 12:00 noon EDT.
- He must be civil to everyone for one week
- He can not troll anyone, even from a sock account
Should he fail, he must perform the ShadowDXS Truffle Shuffle, live on Tinychat, shirtless with in full ICP makeup.
He is fair game. So… Internet, let see what you’ve got.
*** UPDATE (10/15/2012)
ShadowDXS has won the bet. He actually went a whole seven days without trolling a single person. Congrats Shadow!
Just getting my ducks in a row for… well you know. But don’t worry, I won’t say anything.. yet.
Let me start by saying, Mrs. Craven- If in fact you are a real person then I’m extremely sorry th3j35t3r has drug you into this mess he himself created. Not only did he have no right to, but he should be ashamed of himself for doing so.
Now thats out of the way, on to th3j35t3r.
I won’t bore you with details, we’ve already explained why we no longer support th3j35t3r and why we’ve chosen to tell the truth about the silly games he plays. If you wish to know the story, I welcome you to continue reading our previous posts.
First off, and I will make it bold so its easy for you read, jester. ReaperSec did not hack your email account or any other account, nor did Asherah. We’ve even pointed out the person responsible and yet you continue to blame us. For those that don’t know, his twitter account is @ihazwyze. No, we don’t know who it is, no its not another member of ReaperSec. I will however tell you, the nick ‘wise’ was registered on Jul 08 19:16:47 2012, the email address he provided was th3j35t3r’s own email address, and he was using a proxy based out of the UK. Partial IP address of 83.170.x.x
th3j35t3r- You operate on lies, this time those lies have bit you in the ass. You’ve allowed your quest to expand your ego to write a check your ass can’t cash. To be honest, this time you would have looked somewhat credible had you just owned up to it, and admit to your fans that you screwed up. After all you’re only human, right? Instead you chose smoke and mirrors. When that failed and no one bought into your BS you decided to blame ReaperSec. You do, however make a great politician. It must have been a huge blow to you, to lose all those followers on twitter, seeing how thats the only place you exist.
After all the lies you’ve told and those I’ve been witness to, I’m sorry to say that I even question your military service. Prove it, but not to me, to your fans. Those whom without you wouldn’t even exist. At this point I believe they deserve to know at the very least that you are who you claim to be, a military veteran. And I don’t mean having your usuals speak for you. You do it, from your twitter account and your blog.
All this, your blog posts, tweets etc, is just another failed attempt to save face with your fans. Heaven forbid they realize the truth about you. That you are nothing more than a fraud who gets his kicks off by taking credit for other peoples work. After all the crap you said about Gregory D. Evans, turns out your just like him.
Not sure what his next claim to fame will be, but he’ll steal credit for something. Will update when it happens, again.
- July 4, 2012 – Rebrands BeEF calling it Project Looking Glass
- July 8, 2012 – (Pointed out by @knthrak @RenegadeNet) Stole corporate logo of Looking Glass Foundation for Eating Disorders and used it as his own for Project Looking Glass (BeEF)
- August 15, 2012 – Lied about ordering a pizza (Dominos) and having it delivered to Julian Assange at the Ecuador Embassy. Pizza delivery guy did not say who the pizza was ordered for and by whom. (Tweet:Video)
- September 8, 2012 – Makes an attempt at another XSS false media story injection. (Original Tweet:Injection) *Note- Original tweet was deleted (imgur) Also important, this is his 4th attempt to spark media attention using this trick.
- -Pending- Takes credit for AnonymousOwn3r being arrested
- -Pending- Takes credit for Barrett Brown being raided (video)
- October 2, 2012 – Took credit for the downing of thepiratebay.se & pedophile.se, several hours later redacted the statement claiming he was only trolling and deleted his tweets. (tweet 1 | tweet 2)
What a weekend.
Let’s recap, shall we? With one post found here, a buzz was started that wouldn’t stop for the next 48 hours. It was a slow buzz, but a buzz nonetheless. The response to the blog came a while later and was in the form of threatening tweets and a short, yet to the point, blog written by the hacktivist known as th3j35t3r.
Later on in the day, Mother’s Day, 2012, a series of tweets from a persona named @cubespherical on Twitter began to poke very hard at th3j35t3r
And this image of screen caps was tweeted out by cubespherical later that evening. These are allegedly DMs between th3j35t3r and cubespherical.
Then there was a great hush from th3j35t3r.
Blog posts started disappearing from http://th3j35t3r.wordpress.com as you can see. As of late evening, May 14th, 2012, the blog is empty.
The story first broke at the Illuminate Blog with updates through out the day.
Some time before noon Eastern Standard Time, http://twitter.com/th3j35t3r was deactivated, and just like that, th3j35t3r was off the air.
Other posts started coming out like this Pastebay Post of a PM with th3j35t3r. In this log it is clear that th3j35t3r prides himself on “2 and a half years in with a high profile.”
Then there was what could be considered the coup de grace. A post from Chongelong on Twitter.
Were these famous last words, or was this just another intricate detail in a secret operation conducted by those who are behind the th3j35t3r persona?
It seems th3j35t3r has taken some offense to our last post. So much so he feels the need to make ReaperSec his next target. ReaperSec is made up of some of the former channel operators from th3j35t3r’s IRC channel on 2600 (#jester). These former channel operators are myself (CryptKper), AnonymousDown, NyteAngel, Sonar_Guy, Sonar_Gal, tyrdr0p, Kalypto, chifmevious, kevin_flynn, and formerly bluesoul120.
So let me clarify a couple things as why th3j35t3r hates ReaperSec so much. But before I do that let me answer the question of why we left 2600. Simply put, we got tired of cleaning up his mess after him tweeting for the world that he’s on IRC and to come chat with him. Just as soon as the trolls or anyone with at least a 5th grade education came around asking him questions he would bail. Second, he loves to take credit for things he didn’t do.
- Modified LOIC to expose users IP - Never happened, unknowing users where exposed by default.
- Infected DHN.zip distributed to Anonymous – Never happend, AnonymousDown found the file, th3j35t3r asked Tyrkoil to write his blog post claiming that he (th3j35t3r) had modified the file.
- Anonops Anope Services dump – Didn’t directly take credit, but did refuse to give credit to individual who performed the hack. Originally performed by HackThePlanet if I recall.
- DoS’d LulzSec’s Server – Again, never happened, this was later confirmed by Matthew Prince, CEO of Cloudflare, during Defcon 19.
- Tripoli Post hack – Used a known vulnerability as XSS (Cross-site scripting) to inject a photo that looked similar to an actual article. (Target Site | Image Source | XSS Effect) This will only work if you use the link he provided. No, he didn’t actually hack into the Tripoli Post web servers.
This wasn’t so much of a problem until th3j35t3r requested use of the information ReaperSec acquired in his upcoming blog post ‘If I am Wrong… I’ll say I’m Wrong. Here’s my apology.‘ The only thing ReaperSec requested was that he give us credit for the work. At that time he did give us credit, however this was later removed when the story broke about Sabu being arrested and turned informant. By the way, props to Backtrace Security for tagging Sabu.
So why does he hate us, simply put, because we’re calling him out on his own actions. Questioning hacks, theories, and explanations he’s providing. Dox? We could careless who he is, he is well aware that if ever caught he will have to answer for his actions.
Why does ReaperSec have a grudge against th3j35t3r? Simply put,we don’t, just him taking credit for things he didn’t do.
th3j35t3r: Want us stop? Stop taking credit for things you didn’t do, start giving credit where credit is due, and we’ll shut up. I still consider you a friend, though if you wish to label me as an enemy as you did on your blog, then so be it.
‘The worst enemy a person can aquire, is the enemy he once considered a friend.’ – th3j35t3r
Greetings my children, it appears as I have stated many times before about th3j35t3r being a charlatan feeding off a fan base of those who do not know better gets more confirmations. I am sure if you are reading this you are aware of th3j35t3r’s new tool “Saladin” that appears to a layman inexperienced with the workings of the internet to have taken down various domains. As I have also stated anyone who knows something, in this case basic knowledge of hosting and domains, would notice a few things I shall outline. I shall start with the 4 obvious ones and how “Saladin” did nothing to take them down progressing to the few left I can only speculate on.
As you can see falojaa.net appears to not “exist” and one may ask why is that? Was there in fact some kind of super secret magickal tool in possession by this “patriotic hacker” or was it something else… Is it some secret line of code once pointed at a domain that makes it “non-existence” to every DNS server around the world? Is it transcendental manipulation of the internet using the pure Force Of American Patriotism to will the Islam away? Perhaps as rjacksix being an avid baptist is he praying the Islam away with the power of eJesus and his sidekick Saint XerXes?
It could be very much so that the Elder Gods exist that Lovecraft wrote so much of. I propose that in explanation th3j35t3r has made contact with the Elder Things from that Nameless City forged of stone with help from the Shoggoths. These workers under th3j35t3r’s control worked tirelessly through the aeons with knowledge of common computers in the present to fulfill such a request having been seen from the timeless void.
Or it could really have been this.
“9. EXPIRATION OF DOMAIN NAME REGISTRATIONS. You agree that we may, but are not obligated to, allow you to renew your domain name after its expiration date has passed. Should you choose not to renew your domain name during any applicable grace period (up to 40 days after domain expiration), you agree that we may at any time during such grace period, in our sole discretion, delete the domain registration, renew the registration or transfer the domain name to a third party on your behalf (the “Transfer”). In the event we are able to identify such a third party (“Third Party”) and effectuate such a Transfer, we will notify you via email after the transaction is completed (“Transfer Notification”). You acknowledge and agree that the Transfer may be facilitated through a single Third Party, or through an auction involving one or more parties interested in your domain name. You agree that we shall have no obligation to pay you, and you shall have no right to receive, any percentage of the proceeds of the Transfer. We cannot guarantee, and we make no representation or promise, that any Transfer will occur with respect to your domain name.” – Internic – Main Terms And Conditions
As you can see those domains have expired as the owners have chosen not to renew them. Now I shall go on to the next two not so obvious ones.
It appears “islamicink.com” url redirection services have been discontinued for “ http://www.muslimdefenseforce.islamicink.com “. When you try to visit any of their previous redirection urls there is no DNS record however when you visit “islamiclink.com” it redirects to “islamicnature.com”. I would more conclude they have stopped offering url redirection services rather then anything else of a malicious nature.
The next one on the short list is “www.atahadi.0vr.net” which is hosted on 0vr.net url redirection service which redirects to this link “www.atahadi.com/vb/” which is the 5th domain now so far that has expired rather then being renewed by the owners. Now we shall explore the remaining few that are not a result of domain expiration.
Next up are the last ones that I have no real definite answer on which are “mtj.tw” which shows a default apache page (which currently is running an exploitable setup) and “modawanati.com” which is now up again as of this writing and redirects to “www.blogaraby.com/” (it was previously nulled routed or offline in some way). The domain “fatwa1.com” appears to be down due to the DNS servers for the domain are currently not accepting requests.
So in conclusion I would seriously doubt this is the work of some kind of unknown exploit due to I can account for 5 of the 9 with infallible explanations for them being down due to domain expiration unless Saladin has power over the fabric of time somehow. We have one which is a url redirection service that has stopped offering redirection services which I would seriously doubt is related to Saladin. There is “fatwa1.com” DNS servers being down which appears to be the result of technical difficulties for the hosting provider. I only see two of the targets “mtj.tw” and “modawanati.com” as even being remotely possible but given the explanations for the other targets I would say Saladin even existing is in question. I would say Saladin is nothing more then claiming credit where is not due to boost the ego and th3j35t3r impressing his fanbase.
So #whatdidyoudotodayscotty saying of th3j35t3r has reached epic irony due to the taking credit for actions he never committed. I can say I have never seen “scotty” lying or trying impress people bragging about how high profile he is. I would suggest taking a visit to these links written by krypt3ia concerning th3j35t3r Here and Here.
So I just seen this tweet and it further proves that jester has failed. To explain this better to people unfamiliar with exploits as th3j35t3r is showing, when you do a buffer overflow you are forcing a vulnerable program to execute a small piece of assembled bit-code for that specific processor architect and Operation System. This is refereed to as shell code because it often spawns a shell on the target, and then it either connects to a specific target refereed to as reverse connect, or listens for incoming connections on a specific port. This can be considered to be like a very very small program of around 100 bytes of processor instructions which are specific to Operating System as well as the architecture of the processor. The only purpose this tool th3j35t3r mentioned could serve is to keep access to a device, and even then, he could not have used netcat on his server like he said to manage that many exploited devices efficiently without loosing potential intel as pointed out previously.
In th3j35t3r’s writeup he never mentioned using netcat on the phone itself, and if he did indeed use something other than a stock netcat he would write about it to boost his ego as he always does claiming such things. He has always done this in the past so it seems illogical for him to suddenly stop noting things he has done that makes him “l33t” so to speak. So, this further proves what I stated in my previous post that th3j35t3r has no clue what he is talking about and in fact the attack never happened as claimed. Even pointing out how it is wrong he keeps foot bullet himself and feeding on the ignorance of his fanbase that doesn’t know any better. Grabbing a headline that says “Netcat-like Backdoor for IPhone” and running with it further proves my points and thoughts. Hacking and exploiting in real life situations is not like the movie Swordfish nor The Matrix and this is why everyone that knows something thinks th3j35t3r is a joke.
I will conclude with these words from an angry th3j35t3r fan when you question and prove his failings as an example of the ignorance.