- posted by:
Why th3j35t3r is a low skill, no talent common criminal.
A lot of time has passed since this guy who calls himself jester appeared on the scene back in 2010. With his low impact sockets flooder dos attacks, that over the years have some how impressed people with little technical acumen or knowledge of denial of service attacks and or how they work. And these people seem to enjoy fantasizing that this guy is some kind of internet super hero in spandex underpants running around in a cape, to save us all from the evil bloggings of the ever present Al Qaeda. And essentially over hyping and glorifying the actions of this common criminal.
Well today Im going to put things into perspective for you.
Xerxes: A Script Kiddies Tool Wrapped in a Ripped off GUI
The above image is a clip of a video posted by jester to Youtube a couple years ago showing off his little dos tool called Xerxes. Hes been quoted several times as explaining how he doesnt use botnets, and his tool uses low bandwidth method. There are well known common tools that do precisely this, fit this attack profile precisely. Pyloris and Slowloris, two common sockets flooders. In fact, when we trace all of his apparent dos attacks, they are ALL apache servers that are vulnerable to these two tools and methods of attack.
Above we have an image of the armitage gui. Strikingly similar to the above image of the Xerxes attack tool. What I am trying to explain here, with the recorded attack signatures, and apparent MO. It would seem that the over hyped Xerxes dos attack tool is simply, likely, a Pyloris or Slowloris script wrapped in the Armitage GUI or at the very least, something quite similar. I am so confident that this is the case. I am willing to discuss further research conducted by some associates of mine a little later on in another article in the near future where we will publish our work demonstrating an experiment we conducted with the intention to maka a recreation of Xerxes. And you might be surprised how easy it was, well actually, you’ll only be impressed if you are one of those inept morons who follow a dos skid as if he was some kind of big time hacker.
This goes a long way to counter peoples claims that this criminal is somehow a “highly skilled attacker” on the contrary, it would demonstrate his skill level to that of the average script kiddy on hackforums. One of the biggest mistakes that this person has made, is in assuming that the US Government would ignore his attacks so long as he only attacks targets he presumes to be enemies of the state, and it is precisely this ego that will be his downfall, as it usually is with people of his ilk. Many of the denial of service attacks that he has claimed credit for have resulted in loss of service to businesses. Companies ranging in size from hosting companies to large international corporations. I can assure you the FBI prosecutes criminals regardless of whether they dress up as captain America and walk into a mosque with an AR15 or they execute a lame XSS on Huwaie corporation.
If he was really such a bad ass ddos king, why is wikileaks.org standing strong? Why is he only going after poorly secured cheap websites that any noob with a script can hit off from a wifi connection? He stinks, his attacks are weak, and simply put, hes a middle aged script kiddie with delusions of grandure.
To further rain on his parade, current up to date versions of the Apache webserver have been patched and are not vulnerable to these sorts of attacks, so you can expect fewer and fewer of these types of attacks from the clown to be successful. As is evident by the downward trend in the frequency of his attacks since the apache project began pushing the updates.
I am quite certain that the real ‘hackers’ out there who actually code and drop 0day have been observing his self Aggrandizing, people with a much higher skill set who don’t court media or sell t-shirts on Zazzle. If you are like many people in the hacker community who understand what I have presented here to be true. The the mere act of someone calling this clown a “Hacker” should offend you. Likewise, you should find it equally as offensive when some low IQ journalist refers to this guy a “hacktivist”. .