The Jester (hacktivist)

Background

The Jester, known online by the leetspeak handle th3j3st3r, is a self-identified grey hat hacktivist whose real identity has never been publicly established. He has stated that he is a former soldier who served in Afghanistan and elsewhere, and a former defense operative has claimed he was a former military contractor involved in US Special Operations Command projects. He describes his motivations as rooted in American patriotism.

Early Activities

On January 1, 2010, The Jester launched a campaign against jihadist websites, with his first stated target being alemarah.info, which was the Taliban's website at the time. This marked the beginning of a sustained pattern of operations directed at Islamist online presences. Around the same period, he posted tweets claiming responsibility for downtime experienced by WikiLeaks.

In November 2010, an individual claiming to be The Jester stated they had been raided by US authorities and solicited money for legal fees. The Jester publicly identified this person as an impostor, though writers at InfoSecIsland suggested the hoax may have originated with The Jester himself.

Notable Operations

In February 2011, The Jester claimed credit for a denial-of-service attack against several websites belonging to the Westboro Baptist Church, citing the group's practice of celebrating the deaths of homosexual US servicemen.

In June 2011, The Jester turned his attention to the hacking collective LulzSec, vowing to identify and expose its members, whom he described as "childish." He attempted to obtain and publish personally identifiable information on key figures within the group. In March 2011, journalist Barrett Brown reported that The Jester was working with Backtrace Security — a group of former Anonymous members — to identify participants in Anonymous. On June 24, 2011, The Jester incorrectly identified LulzSec leader Sabu as an IT consultant possibly from New York City. In July of that year, he falsely accused a Portuguese IT professional of being Sabu, undermining confidence in his doxing claims. However, in a November 2011 blog post, The Jester retracted his prior identifications, issued an apology, and correctly named Sabu as Hector Xavier Monsegur, 28, of New York. This identification was confirmed on March 6, 2012, when Monsegur was arrested by the FBI, which also revealed he had been acting as an FBI informant.

On March 5, 2012, The Jester replaced his Twitter avatar with a QR code. He later claimed that scanning the code on a mobile device would cause it to silently establish a TCP shell connection to his remote server, allegedly exploiting a vulnerability in Safari, Chrome, and Android browsers. This claim was subsequently exposed as false, with the purported exploit traced to a two-year-old CVE advisory.

On July 2, 2013, The Jester claimed responsibility for denial-of-service attacks against the Ecuadorean stock exchange and the country's tourism website. He framed the attacks as a warning to any government considering granting asylum to NSA leaker Edward Snowden. He also alluded in tweets to a plan to trigger fire alarms at the Ecuadorean embassy in London, which he suggested would force WikiLeaks founder Julian Assange onto UK soil and expose him to potential extradition to Sweden.

On October 21, 2016, The Jester claimed to have defaced the official website of the Russian Ministry of Foreign Affairs. This claim was later demonstrated to be fabricated.

Credibility and Reception

The Jester's activities have attracted recurring scrutiny regarding the authenticity of his claimed exploits. Several high-profile claims — including the QR code exploit, the LulzSec doxing attempts, and the Russian ministry defacement — were shown to be false or exaggerated. His correct identification of Hector Xavier Monsegur as Sabu, however, stands as a notable instance where his claims were ultimately verified by law enforcement action.