Monday 14 May 2012

BREAKING: th3j35t3r "The Patriot Hacker" To Be Unmasked



th3j35t3r "The Patriot Hacker" To Be Unmasked? Edit: Or Is it All A Ruse? 

A hacker known for attacking jihadist websites, wikileaks, and feuding with various anonymous groups and individuals, appears to have had his real life identity compromised. There have been several previous attempts by numerous individuals, but it appears that one man does indeed know @th3j35t3r's identity.


@th3j35t3r, 'The Jester' in 'leet' hacker speak, was contacted on Twitter by another account named Smedley Manning (@cubespherical) who publicly tweeted that Jester should read the DM (direct message in Tweet speak) he sent or that he would live to regret it. Early this morning, a series of screenshots appeared to show the contents of the DMs that followed.


If this is genuine, the Jester knows he's been doxed as @cubespherical DMed Jester his real name (redacted in the screenshot), former Army assignment (partially redacted in the screenshot) which appears to be the 75th Ranger Regiment, and the type of vehicle Jester owned in 2003 (and, apparently, still owns - it a Chevy Silverado if you're curious). @cubespherical then told him that, as his name suggested, he was a Wikileaks supporter and that, some years ago, he knew Jester personally... and did not like him. They had had a previous run-in of some sort that had left a bad taste in @cubespherical's mouth. Jester, realizing he had been d0x'd (hacker speak for having your cover blown), asked what they could work out only to be informed that @cubespherical was going to post his real ID,  resume, and other information, but not before raising a large donation for Wikileaks and himself. A recent tweet from @cubespherical reads "Jesters ( @th3j35t3r ) full creds as soon as BTC here:15JDgkwFVXvuxCt66eUQ434ty3jrvwPfGe hits 100K -". BTC refers to Bitcoin, an online currency in an amount equivalent to $100,000 (approx. 20,000 Bitcoin).


A source that has been in contact with @cubespherical states that he will donate 51% ($51,000) to Wikileaks and then disappear. This is deeply ironic as Jester has loudly criticized Wikileaks and claimed credit for a DDoS attack on Wikileak's site which drew the ire of some anons.


@cubespherical gave the source a small preview of who Jester is. Jester is, as he had himself previously claimed, former military. He was at Fort Benning in 2002 and, at some point in 2003, transferred to Fort Brag. He was known to disappear from time to to for 2 or 3 week periods. He left people guessing as to to where he'd been and what he'd done. He got a gig with SOCOM (Special Operations Command) and, according to Jester's own limited biography, he spent some time in Afghanistan. Currently, he works an a consultant in the information security industry. He has very recently deleted his real Facebook account. And he may be someone to take seriously. @cubespherical has indicated that he will use his 49% to "hide".


Jester has admitted to committing crimes but there's not yet any word on what charges could/would be brought against him. Jester has recently been a subject of controversy in the hacker scene as it has been alleged he has taken credit for attacks that never happened or for attacks that others have done. He also claimed to have launched an attack on a large numbers of iphones  who snapped a photo of a new avatar he placed on his Twitter account. It was a QR Code that Jester claimed executed a multi layered attack. One of the people he targeted was a Rhode Island State Representative named Dan Gordon (R), a vocal supporter of the anonymous movement and Occupy Wall Street and a strong opponent of both SOPA and CIPSA. He ran afoul of Jester and, according to Jester, had his phone contacts, text messages, and emails sent to Jester's own server. He also engaged in a Twitter flamewar with Lulzsec that resulted in the CIA's website being crippled by a DDoS attack.


The @J35t3r account has been uncharacteristically quiet. His last tweet, dated May 10, reads "@cubespherical ummm dude. DM pls." I've been informed that there has been no further communication between the two since the last direct message shown here.


As for @cubespherical, he'll be tweeting updates on the donations total until the goal is reached and @th3j35t3r's true identity is revealed. There's been no word on how @cubespherical was able to idenitify Jester but he did have these final words, "I feel Wikileaks is advancing everyone to more open government, which ultimately cannnot be bad. Bradley needs to be released. #freebrad"


One of Jester's favorite phrases, when taunting anons that are being hunted by law enforcement, is "Tick Tock". But it appears that today, it's Jester who the clock is bearing down on.



UPDATES:


Update 1 05/14 9:30 a.m.: Jester is erasing posts on his blog: http://th3j35t3r.wordpress.com/


Update 2 05/14 3:12 p.m.: Jester has erased all Tweets from his Twitter account.


Update 2 05/14 3:24 p.m.: Jester has deleted his entire Twitter account.


Update 3 05/14 3:40 p.m.: @cubespherical has revealed to a source how he was able to uncover the Jester's identity.


Did he forget to remove exif (hidden datat embedded in a file) data from a photo he posted? Was he back-traced in an IRC chat? Was he tricked into downloading an exploit of some sort? These are the questions going through the minds of individuals familiar with the hacker scene.


According to @cubespherical, the explanation is, incredibly, low tech. Recently, @cubespherical bumped into a mutual acquaintance of @th3j35t3r's real life identity. When his name was brought up in conversation, the third party slipped up and linked this identity to Jester. Using this information, @cubespherical confronted Jester online with his real identity. This can be seen here.


There are many people in the hacker scene who feel that @cubespherical may himself be Jester and this may be an elaborate ruse to get his enemies to send him money (and will use a portion of the proceeds to donate to his charity of choice: The Wounded Warrior Project). Such conspiracy theories are common in the hacker game as elaborate ruses are common in Ops (operations - hacker planned and executed actions).


Others believe it to be genuine as, at this point, @th3j35ter has completely deleted his Twitter account which had tens of thousands of followers. Since @th3j35ter has revealed himself to have quite an ego, there are many who doubt he would go to these lengths for an operation with no goal other than raising money.


Update 4 05/14 3:56 p.m. A source has revealed that @cubespherical has stated he is a mercenary that works in PMAs (Personal Military Army). @cubespherical has indicated that the key for Jester to uncover HIS identity lays in his Twitter handle. He has also stated that, "I have the memory of an elephant." It seems one of those memories includes an incident, years prior, when Jester crossed @cubespherical. When asked if he wants Jester to know who he is he replied, "Payback wouldn't be the same without it."


Update 5 05/14 4:35 p.m. @cubespherical has revealed Jester's initials, R.C.D. (corrected from my earlier post which read R.D.C.)


Update 6 05/15 1:46 a.m. A photo that was said to be from @th3j35t3r's true identity's Facebook has been found online. A reverse image lookup returns an image here shows the same photo. The used-car lot is 2.5 hours from Fort Brag, the place of the alleged incident that caused ill feelings. The photo was taken by the dealership in the dealer's lot. Some have have concluded this proves it's all a ruse led by @th3j35t3r and some compatriots. If it IS a ruse, what does @th3j35t3r plan to do with any money he raises? Conspiracies have been flying around the Twittersphere all day.


The website turned up another detail, the trucks VIN (vehicle identification number). The truck is listed as SOLD and a call to the dealership verified the fact. The manager declined to give further details as she said it would be illegal to do so. It is almost certain that an anon will gain access to DMV resources and run the VIN to pull up ownership records. As of yet, such documentation has not been released.


We are waiting on comment and further details from @cubespherical.


Update 7 05/15 3:16 p.m. Suspicions are mounting that @cubespherical is actually Jester or one of his compatriots. The account's avatar now has a Guy Fawkes mask superimposed over the original image. The BTC address has been removed and @cubespherical has been unable to provide any answers as to why the photo he posted (alleged to be from Jester's personal Facebook account) was one from a dealership lot.


Update 8 05/15 4:24 p.m. The case is growing that this was all a ruse by @th3j35t3r to escape answering to charges of fraud. While @th3j35t3r has been quite adept at gaining media attention and followers, his hacking claims have been challenged and evidence has been presented to suggest that many of his previous claims were lies, or that he was claiming credit for other's work.


For instance, in his alleged QR Code attack, he claimed to have successfully ensnared Representative Dan Gordon. The problem with this claim is that Rep. Gordon has stated that he never even snapped the QR Code with his iPhone.


There is a growing list of incidents that challenge Jester's claims. Now that he has disappeared, he won't have to answer to them. Some are finding this all too convenient.


Combine that with @cubespherical's inability to address the vehicle question, his previous claim that Jester had owned it for years, and recent claims that @cubespherical is an Anonops operaration that has been ongoing for for months (which contradicts his original statements).


If it was, indeed, an anon op, why haven't they released Jester's identity? Why assume a different persona when confronting Jester in the first place? Either they knew his identity and could prove it, or they didn't.


It appears that, currently, the strongest case is that Jester had been uncovered for fraud and concocted an elaborate scheme to escape being discredited.  More to follow.


Update 8 05/17 6:58 p.m. @th3j35t3r has resurfaced with a story of what has transpired. He claims that he was playing along, pretending that he had, indeed, been dox'd. This is contrary to the theory that Jester was @cubespherical. Here's a comparison of the two scenarios. The first is the one Jester proposes to be the truth. The second is what most anons believe to be the truth.


Scenario 1: Someone thinks they have dox'd Jester and contact him to rub it in before they do so (and will, ironically, attempt to raise money for Wikileaks and himself in the process). Jester then deactivates his Twitter account and removes all blog posts. The 'doxer' fails to raise Bitcoin. Then, the doxer dons the symbols and language of anonymous and does not release Jester's identity (or what he believes to be his identity). It is clear that whoever controlled @cubespherical at the time was either Jester, or was someone that REALLY thought they had the goods on Jester.  If it were the latter, why didn't they release the name? (a name may be dropped in the near future to tie up this loose end).


Scenario 2: Jester controls both accounts and manufactures a ruse to: disappear/retire, not answer to evidence of fraud (taking credit for attacks/hacks he had nothing to do with), and/or to make people forget about the one of the more recent doxes linking him to @tomryanblog, one of the more credible claims. Here is the @spoolfiend's pastebin which presents evidence that Jester is Tom Ryan.


While Jester was absent, the main narrative accepted as truth was the latter. His 'legacy' would have been one of a fraud (as he had/has yet to answer to the accusations of fraud relating to Saladin (amongst others), and/or his cover may have been blown (as the last reasonable doxing would have been Tom Ryan - his, perhaps, true identity). Having seen that neither objective was achieved and only made things worse, he would have no choice to return, offer an explanation, and find another strategy.


While there are a few other explanations as to what could have occurred, Occam's Razor narrows it down to two scenarios. And out of those two scenarios, only one makes real sense. It now appears that Jester was, most certainly, @cubespherical. And unless new information/rebuttals are released, one is left to wonder: Was Jester guilty of fraud? Is Jester Tom Ryan? Or are both true?


Author: Lai

11 comments:

  1. and also his twitter-account ...
    it's getting serious..

    ReplyDelete
  2. Sounds more like a coordinated scheme between jester and cube for 20,000btc, while flaunting those contributing to his dox being released. Calling it as I see it.

    ReplyDelete
    Replies
    1. This is a typical anon response. Doesn't mean it's not true, but it's entirely predictable. Paranoia and deception run deep in the scene.

      Delete
  3. Jester has always been a dick, and troll.
    Tbh, not every gave a fuck, claiming to take down shit he never touched (cough, my webserver ? As if I care he trying to take it down, but no, it was just me having money issues... xD)

    ReplyDelete
  4. Which server was that? What attack?

    ReplyDelete
  5. R.C.D. not R.D.C.....

    ReplyDelete
  6. I think the BC was a honeypot that failed to work.

    ReplyDelete
  7. This is 100% jester trolololling away.

    If'Smedley Manning' truly had his dox he would've already dropped them. His fundraising for wikileaks is completely fake, if he really wanted to fundraise he'd pick a bitcoin address wikileaks already uses and NOT take direct donations (obvious scam is obvious)

    ReplyDelete
  8. A friend of a friend told me that taking credit for an attack you haven't committed is part of the standard dox-disinfo arsenal...

    ReplyDelete
    Replies
    1. This can be true. In this case, Jester is accused of an overall pattern of claiming attacks he didn't do, or that weren't done period. You can see some of the evidence his former compatriots put together here: http://reapersec.wordpress.com/

      Delete