Over the weekend, the mainstream media (and some security news sites) reported that patriotic US hacker The Jester had breached the Russian Foreign Ministry’s website.
The alleged defacement appeared to blame Russia for the massive DDoS attack against the DNS domain name service which disrupted access to major websites:
It doesn’t matter whether it’s you and China, you and North Korea, or you and some random group calling themselves ‘New World Hacking’ – it’s still a pathetic flex.
Knock it off. You may be able to push around nations around you, but this is America. Nobody is impressed.
Now, get to your room. Before I lose my temper.
In the current climate of claims that Russian hackers have broken into the email accounts of Hillary Clinton’s presidential campaign, a hack like this could raise the temperature to boiling point.
But it wasn’t true.
Kudos to Ars Technica for debunking the reports:
If you are at all familiar with The Jester, you will know that this isn’t the first time he’s used Internet sleight-of-hand for propaganda and other purposes. In the past, he used web address shortener services and cross-site scripting to create the illusion that he had altered articles on the websites of the Malta Independent Online and the Tripoli Post. He’s also used various other tricks to mess with the minds of would-be Anonymous members. And yes, he’s launched distributed denial of service (DDoS) attacks against jihadist sites and the Westboro Baptist Church.
The Jester had used a combination of a URL shortener and an XSS vulnerability to make his message appear to be on the Russian Foreign Ministry’s website, and duped the media into believing something more serious had happened.
And we still don’t know who launched that massive attack against Dyn.