Julian Assange of WikiLeaks is fighting a lot of enemies right now, including at least one from an unexpected place: The computer underground.
A hacker calling himself The Jester – or "th3 j35t3r" in hacker spelling – said he took on WikiLeaks and was able to render the site useless temporarily on several occasions.
"TANGO DOWN - for attempting to endanger the lives of our troops, 'other assets' & foreign relations," The Jester wrote on his Twitter feed after his first alleged success at disrupting WikiLeaks on Nov. 28.
The Jester appeared on the underground scene in January and has been tormenting pro-jihadist websites for months, employing denial of service attacks with a specialized tool he calls "Xerxes." But he has risen to international fame since he turned his virtual weapon on WikiLeaks. He's also spurred debate about a touchy subject among computer hackers and other security experts: Is vigilante "hacktivism" ethical and productive, or does it do more harm than good?
The Jester's identity and location are unknown, but plenty of security experts have made educated guesses. In an e-mail interview conducted in January with security researcher Richard Stiennon, he identified himself as "an ex-soldier with a rather famous unit … involved with supporting Special Forces." In subsequent conversations with a security organization called InfoSecIsland, The Jester told researchers that he shuts down Islamic Web sites because he has personally witnessed soldiers "murdered" by jihadists and says they use the Internet to coordinate attacks.
Across the Internet, Jester supporters sing his praises. One posted this message on Monday: "th3 j35t3r: Where can I apply to be your apprentice?" Security experts believe he's already inspired imitators, and that WikiLeaks is now under constant threat of denial of attack. Predictably, WikiLeaks supporters see things differently, and have criticized the rogue programmer for his one-person attacks on freedom of speech.
That same divide is evident among leaders in the high-tech world.
"I think launching denial of service attacks is always a bad idea, regardless of the motivation," said Mikko Hypponen, chief research officer for security firm F-Secure. "There are often innocent victims in denial of service attacks."
He pointed to a 2009 attack on a Georgian blogger than caused millions of Facebook, Twitter and LiveJournal users to experience slowdowns.
'I applaud his work'
But Jeff Bardin, who translates Arab-language jihadist Web sites for a living, sees things differently.
"Professionally speaking, he is taking matters into his own hands to remove sites that he believes are threatening to U.S. soldiers," said Bardin, a former U.S. Army soldier in the Middle East and now chief security strategist at XA Systems. "Should a U.S. citizen be given (authority) to remove websites, especially if and when law enforcement either refuses or cannot become involved in a timely manner, or at all? ... Personally, I do not find fault with his current actions and applaud his work."
While the debate might be long overdue, lone-wolf hacktivism is nothing new, Hypponen said.
"Almost any real-world crisis has a reflection crisis happening online, often related to attacks like this," he said.
'No collateral damange'
Of course, all acts of hacktivism are not equal. Since January, The Jester has taken pains to support claims that his newly minted version of denial of service attack does not harm intermediaries, and only takes down individual Web sites temporarily. While most denial of service attacks today involve distributed attacks using thousands or millions of hijacked PCs, The Jester claims his attack requires only a single computer, and does not harm Internet Service providers or other servers between his machine and the target Web site.
"No collateral damage," he has written several times.
He even released two cryptic videos showing the attack tool in action, accompanied only by The Jester typing into a notepad file on screen.
"My task is to make their chosen communication method unreliable," The Jester wrote of the jihadist sites in January to InfoSecIsland. "By taking them down at random intervals, for random intervals, they can't rely on them -- they become unreliable and useless."
The Jester says he takes down websites because traditional methods for doing so often seem frustratingly slow and ineffective.
"You can ask an ISP nicely to perform a takedown, but mostly they don't, that's where I seem to fit in," he told InfoSecIsland.
To answer criticism that taking down jihadist Web sites can harm U.S. intelligence-gathering efforts, The Jester said his takedowns are only temporary.
"My plan is to disrupt, not destroy," he said.
Rumor of a raid
Michael S. Menefee is principal consultant with WireHead Security and a member of InfoSecIsland who participated in the e-mail interviews with The Jester. He wouldn't offer an opinion on the legitimacy of hacktivism, but he said the group believes The Jester sincerely considers his attacks noble and justified.
"My interactions with the Jester have all been pleasant and he really envisions himself as a vigilante, as a good guy," Menefee said.
That is until Thursday, when InfoSecIsland wrote a blog post accusing The Jester of staging a fake raid on his home to encourage supporters to donate to a legal defense fund. Earlier in the week, someone posting a note from a Twitter account similar to The Jester's account said federal authorities had barged into his home and carted away his computers. Later, The Jester posted on his usual account that the raid notice was fake, posted by an imposter. The folks at InfoSecIsland didn't buy the explanation and suggested The Jester was trying to capitalize on newfound fame to raise money. He didn't appreciate the accusation.
"He was very clear he would never speak to us again," Menefee said.
Both Menefee and Bardin say they have reason to believe The Jester might be U.S.-based -- Bardin notes that he is well-versed in U.S. culture. But there are other possibilities. The cyber-attack tool he uses is named "Xerxes," after a famous Persian king, suggesting familiarity with Middle Eastern culture. Bardin notes that Xerxes was a Zoroastrian, and speculates that faith's world view may color The Jester's attacks.
"In Zoroastrian tradition, life is a temporary state in which a mortal is expected to actively participate in the continuing battle between truth and falsehood," Bardin said.
"I do wrestle with whether what I am doing is right'
Earlier this year, even The Jester expressed some ambivalence about his activity.
"I do wrestle with whether what I am doing is right, but figure if I can make their communications unreliable for them, all the better," he told InfoSecIsland. And he signs many communications with the phrase: "There is an equal amount of good and bad in most things. The trick is to work out the ratio."
When asked how long he plans to continue his vigilante attacks, he sounded even more ambivalent.
"As long as my nerves will hold out. It's a serious situation I find myself in, the bad guys want to slice my head off on YouTube with a rusty blade, and the good guys want to lock me up in an orange jumpsuit ... along with the bad guys," he wrote.
Meanwhile, security experts fret about the implications of the Xerxes attack tool and what it might mean for other websites. The Jester has vowed not to release it to anyone else, but copy-cats are inevitable. Menefee says the tool may have been preceded by two other attack tools, named Slowloris and Sockstress, that have been circulating since last year. Any one of them could be used to knock millions of websites offline temporarily.
Such cyberassaults are more successful on smaller sites that don't have built in redundancies or aren't hardened against attack, Barden said, which stands to reason. But The Jester, or any future imitator, will have plenty of opportunity to continue vigilante attacks going forward.
"Based upon the number of jihadist websites -- now over 10,000 as of September 2010, he has a target rich environment to go after," Bardin said.
NOTE: Comments about Julian Assange and Wikileaks are welcome here. The discussion thread below is about the Wikileaks hacker, th3 j35t3r.