Archive for May, 2012

The End of an Era

Posted in Uncategorized on May 15, 2012 by reapersec

What a weekend.

Let’s recap, shall we? With one post found here, a buzz was started that wouldn’t stop for the next 48 hours. It was a slow buzz, but a buzz nonetheless. The response to the blog came a while later and was in the form of threatening tweets and a short, yet to the point, blog written by the hacktivist known as th3j35t3r.

These tweets and blog post have since been removed but can still be found here thanks to SanguineRose.

Later on in the day, Mother’s Day, 2012, a series of tweets from a persona named @cubespherical on Twitter began to poke very hard at th3j35t3r

And this image of screen caps was tweeted out by cubespherical later that evening. These are allegedly DMs between th3j35t3r and cubespherical.

Then there was a great hush from th3j35t3r.

Blog posts started disappearing from as you can see. As of late evening, May 14th, 2012, the blog is empty.

The story first broke at the Illuminate Blog with updates through out the day.

Some time before noon Eastern Standard Time, was deactivated, and just like that, th3j35t3r was off the air.

But no, things don’t stop there. Many speculations started to arise from this quick but harsh little war. A post by @pr0f_srs on Pastebin spun one of the most believable theories yet.

Other posts started coming out like this Pastebay Post of a PM with th3j35t3r. In this log it is clear that th3j35t3r prides himself on “2 and a half years in with a high profile.”

Then there was what could be considered the coup de grace. A post from Chongelong on Twitter.

Were these famous last words, or was this just another intricate detail in a secret operation conducted by those who are behind the th3j35t3r persona?


While we’re waiting on the Saladin Full Disclosure…

Posted in Uncategorized on May 13, 2012 by CryptKper

It seems th3j35t3r has taken some offense to our last post. So much so he feels the need to make ReaperSec his next target. ReaperSec is made up of some of the former channel operators from th3j35t3r’s IRC channel on 2600 (#jester). These former channel operators are myself (CryptKper), AnonymousDown, NyteAngel, Sonar_Guy, Sonar_Gal, tyrdr0p, Kalypto, chifmevious, kevin_flynn, and formerly bluesoul120.

So let me clarify a couple things as why th3j35t3r hates ReaperSec so much. But before I do that let me answer the question of why we left 2600. Simply put, we got tired of cleaning up his mess after him tweeting for the world that he’s on IRC and to come chat with him. Just as soon as the trolls or anyone with at least  a 5th grade education came around asking him questions he would bail. Second, he loves to take credit for things he didn’t do.

  • Modified LOIC to expose users IP – Never happened, unknowing users where exposed by default.
  • Infected distributed to AnonymousNever happend, AnonymousDown found the file, th3j35t3r asked Tyrkoil to write his blog post claiming that he (th3j35t3r) had modified the file.
  • Anonops Anope Services dumpDidn’t directly take credit, but did refuse to give credit to individual who performed the hack. Originally performed by HackThePlanet if I recall.
  • DoS’d LulzSec’s Server – Again, never happened, this was later confirmed by Matthew Prince, CEO of Cloudflare, during Defcon 19.
  • Tripoli Post hack – Used a known vulnerability as XSS (Cross-site scripting) to inject a photo that looked similar to an actual article. (Target Site | Image Source | XSS Effect) This will only work if you use the link he provided. No, he didn’t actually hack into the Tripoli Post web servers.

This wasn’t so much of a problem until th3j35t3r requested use of the information ReaperSec acquired in his upcoming blog post ‘If I am Wrong… I’ll say I’m Wrong. Here’s my apology.‘ The only thing ReaperSec requested was that he give us credit for the work. At that time he did give us credit, however this was later removed when the story broke about Sabu being arrested and turned informant. By the way, props to Backtrace Security for tagging Sabu.

So why does he hate us, simply put, because we’re calling him out on his own actions. Questioning hacks, theories, and explanations he’s providing. Dox? We could careless who he is, he is well aware that if ever caught he will have to answer for his actions.

Why does ReaperSec have a grudge against th3j35t3r? Simply put,we don’t, just him taking credit for things he didn’t do.

th3j35t3r: Want us stop? Stop taking credit for things you didn’t do, start giving credit where credit is due, and we’ll shut up. I still consider you a friend, though if you wish to label me as an enemy as you did on your blog, then so be it.

‘The worst enemy a person can aquire, is the enemy he once considered a friend.’ – th3j35t3r



th3j35t3r’s Saladin Tool Exposed

Posted in Uncategorized on May 12, 2012 by sanguinariousrose

Greetings my children, it appears as I have stated many times before about th3j35t3r being a charlatan feeding off a fan base of those who do not know better gets more confirmations. I am sure if you are reading this you are aware of th3j35t3r’s new tool “Saladin” that appears to a layman inexperienced with the workings of the internet to have taken down various domains. As I have also stated anyone who knows something, in this case basic knowledge of hosting and domains, would notice a few things I shall outline. I shall start with the 4 obvious ones and how “Saladin” did nothing to take them down progressing to the few left I can only speculate on.

As you can see appears to not “exist” and one may ask why is that? Was there in fact some kind of super secret magickal tool in possession by this “patriotic hacker” or was it something else… Is it some secret line of code once pointed at a domain that makes it “non-existence” to every DNS server around the world? Is it transcendental manipulation of the internet using the pure Force Of American Patriotism to will the Islam away? Perhaps as rjacksix being an avid baptist is he praying the Islam away with the power of eJesus and his sidekick Saint XerXes?

It could be very much so that the Elder Gods exist that Lovecraft wrote so much of. I propose that in explanation th3j35t3r has made contact with the Elder Things from that Nameless City forged of stone with help from the Shoggoths. These workers under th3j35t3r’s control worked tirelessly through the aeons with knowledge of common computers in the present to fulfill such a request having been seen from the timeless void.

Or it could really have been this.

“9. EXPIRATION OF DOMAIN NAME REGISTRATIONS. You agree that we may, but are not obligated to, allow you to renew your domain name after its expiration date has passed. Should you choose not to renew your domain name during any applicable grace period (up to 40 days after domain expiration), you agree that we may at any time during such grace period, in our sole discretion, delete the domain registration, renew the registration or transfer the domain name to a third party on your behalf (the “Transfer”). In the event we are able to identify such a third party (“Third Party”) and effectuate such a Transfer, we will notify you via email after the transaction is completed (“Transfer Notification”). You acknowledge and agree that the Transfer may be facilitated through a single Third Party, or through an auction involving one or more parties interested in your domain name. You agree that we shall have no obligation to pay you, and you shall have no right to receive, any percentage of the proceeds of the Transfer. We cannot guarantee, and we make no representation or promise, that any Transfer will occur with respect to your domain name.”Internic – Main Terms And Conditions

As you can see those domains have expired as the owners have chosen not to renew them. Now I shall go on to the next two not so obvious ones.

It appears “” url redirection services have been discontinued for “ “. When you try to visit any of their previous redirection urls there is no DNS record however when you visit “” it redirects to “”. I would more conclude they have stopped offering url redirection services rather then anything else of a malicious nature.

The next one on the short list is “” which is hosted on url redirection service which redirects to this link “” which is the 5th domain now so far that has expired rather then being renewed by the owners. Now we shall explore the remaining few that are not a result of domain expiration.

Next up are the last ones that I have no real definite answer on which are “” which shows a default apache page (which currently is running an exploitable setup) and “” which is now up again as of this writing and redirects to “” (it was previously nulled routed or offline in some way). The domain “” appears to be down due to the DNS servers for the domain are currently not accepting requests.

So in conclusion I would seriously doubt this is the work of some kind of unknown exploit due to I can account for 5 of the 9 with infallible explanations for them being down due to domain expiration unless Saladin has power over the fabric of time somehow. We have one which is a url redirection service that has stopped offering redirection services which I would seriously doubt is related to Saladin. There is “” DNS servers being down which appears to be the result of technical difficulties for the hosting provider. I only see two of the targets “” and “” as even being remotely possible but given the explanations for the other targets I would say Saladin even existing is in question. I would say Saladin is nothing more then claiming credit where is not due to boost the ego and th3j35t3r impressing his fanbase.

So #whatdidyoudotodayscotty saying of th3j35t3r has reached epic irony due to the taking credit for actions he never committed. I can say I have never seen “scotty” lying or trying impress people bragging about how high profile he is. I would suggest taking a visit to these links written by krypt3ia concerning th3j35t3r Here and Here.

%d bloggers like this: