The Jester Hits WikiLeaks Site With XerXeS DoS Attack

Monday, November 29, 2010

Anthony M. Freed


UPDATE:  WikiLeaks Suffers a Second More Powerful DoS Attack

"The WikiLeaks Twitter account displays the messages, "We are currently under another DDoS attack," and "DDoS attack now exceeding 10 Gigabits a second," which dwarfs the 2-4 Gbps attack perpetrated by self-proclaimed "patriot hacker" known only as The Jester (th3j35t3r)..."

*   *   *

Infamous anti-jihadi hacker The Jester (th3j35t3r) is claiming responsibility for a denial of service attack (DoS) attack that temporarily disabled the WikiLeaks website just hours before the release of thousands of classified documents.

WikiLeaks, the secret-sharing website led by fugitive founder Julian Assange, has been plaguing the U.S. government with repeated postings of leaked materials.

The WikiLeaks Twitter account carried the message, "We are currently under a mass distributed denial of service attack," for several hours on Sunday.

The Jester Tweeted that he was carrying out the attacks, "for attempting to endanger the lives of our troops, 'other assets' & foreign relations..."

During the WikiLeaks website outage, The Jester's Twitter page indicated that he was conducting the denial of service attack, although several of the Tweets have since been deleted.

The following screenshot shows the missing messages:



Earlier this year, I conducted several interviews with The Jester regarding his repeated attacks against militant Islamic websites, including successful disruptions of sites administered by the Taliban and by Iranian President Mahmoud Ahmadinejad.

DoS attacks are nothing new, and are usually perpetrated by flooding a target server with simultaneous communications through a number of different techniques, but The Jester has developed a method that represents a new twist on the tactic.

He employs an innovative tool he calls XerXeS, which can produce an automated DoS attack without relying on an army of zombie computers controlled through a botnet, and the attack can be carried out with one low-spec computer.

"Okay it started with a little script I wrote a while back to harden-test servers,"  The Jester told me in February.

"I modified this script, and it was just a nasty script, very cumbersome. When I realized the extent of the jihad online recruiting and co-ordination involvement (much later), I realized I could turn this script into a weapon."

"XerXes requires no zombie network or botnet to be effective. Once a single attacking machine running XerXeS has smacked down a box, it's down, there is no need for thousands of machines. But, XerXeS does not hurt intermediary nodes along its path to the target. So the answer is that such institutions’ systems would still be intact, as it causes no collateral damage, just not functional."

I witnessed several live demonstrations of XerXeS capabilities, and The Jester subsequently supplied Infosec Island with two exclusive videos of the technique in action: 

The videos show the high level of control XerXeS commands, as The Jester is able to take down a target website in a matter of minutes, and return the website to an operable state in seconds.

"Many people worry about the nodes between me and the target. This technique affects nobody but the intended target. All intermediaries remain unaffected," The Jester stated.

Now it appears The Jester is not limiting his attacks to militant jihadi websites, and has decided to unleash the wrath of XerXeS on the WikiLeaks outlet.

The bulk of the documents to be posted by WikiLeaks were previously provided to several news agencies, so the disruption to the WikiLeaks website would not have prevented the release of the so-called "Embassy" documents.

The classified data dump is supposed to contain diplomatic communications that reveal some unflattering statements from U.S. officials regarding the leadership of several allied nations, as well as information on international hot spots like North Korea, Iran and Iraq.

Denial of service attacks can take down a website for several hours or even days, and the tactic is becoming more widely used in attempts to censor information and further political agendas.

The majority of servers deployed in the public and private sectors are susceptible to such attacks, and preventative measures to thwart DoS vulnerabilities can be expensive to implement.

When I asked The Jester why he conducts the attacks and how he chooses his targets, he explained, "There is an UNEQUAL amount of good and bad in most things, the trick is to work out the ratio and act accordingly."

*   *   *

Infosec Island is a vendor-neutral professional community committed to serving the needs of SMBs and mid-market enterprises, and large corporations across multiple industries, government agencies, educational organizations, legal, financial, and healthcare sectors. Membership is free.

Possibly Related Articles:
Denial of Service Attack Government Jester Patriot Hackers DoS WikiLeaks XerXeS th3j35t3r
Post Rating I Like this!
Lee Mangold I'm not allowed to be sympathetic to this kind of action, but I don't hate the guy for what he does... There are still ethical concerns, but as with all ethics, the "Gray area"s are larger and more subjective than one might wish to believe...
M. Edward (Ed) Borasky "The Jester" is a thug - pure and simple. He's an anonymous attacker. Julian Assange, on the other hand, at least reveals his identity. Personally, I think both of them need to be hauled into court and given a fair trial. Until that happens, I have no respect for either of them.
Aruro Detexas next time ....jester....PPV.....from.u.DDos..cercas de ti..Habilidades, conocimiento, capacidades y experiencia unicamente son utiles si estas en el lugar correcto... I'm.Kickpoo.....cheers
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.