The offspring of two comic book giants bring us the Bot Squad! Super freaky!

May 9, 2017 — by Carl Herberger0

main

Attack Types & VectorsSecurity

The offspring of two comic book giants bring us the Bot Squad! Super freaky!

May 9, 2017 — by Carl Herberger0

To state the obvious, two well-known comic book giants have lit the imaginations of generations of children. They brought to life the fantasy that humans could be ‘super’ or immortal, or somehow infallible.

Each in their own way combined fantastical combinations of humans with unreal, unbelievable and incredible skills.

In the category of vision enhancement alone, there are legions of characters who have developed themselves in a surreal way, for example, through X-Ray vision, or super-acute vision (something akin to a hawk). Other superheroes were gifted with night vision or even eyes that fired deadly laser beams. However, did you know that these characters dreamt up in comic books all have somewhat real world equivalents? Well, maybe not in people, but clearly in video surveillance systems of the future.

These characters often blurred the lines between vigilantes and purveyors of good to having villainous tendencies or, at times were downright evil.

If you haven’t been following it, the world of Internet of Things (IoT) bots and cyber security are giving birth to amazing characters themselves which are often cloaked behind avatars, anonymous proxies and comfortable legal geographic domiciles.

The virtual worlds and characteristics have given them their fantasy world to be able to create, conduct and execute their vigilante, righteous, evil or just narcissistic desires as they see fit.

If you haven’t witnessed this yet, there is a long, long “perp” list of characters which have been taken into custody such as AKILL, Dark Dante, SoupNazi, the Homeless Hacker, etc., however let’s go with the most famous and add a few characters along the way to illustrate my point.

Let’s consider these characters figures that work alone, but often seem to have similar values and joint enemies. Similar to a motley combination of surreal characters, let’s consider this the virtual “Bot Squad.” They use automated tools and techniques to take down their chosen enemies.

 

th3j35t3r (the Jester) – the Digital Hero

No Bot Squad would be complete without the favorite of my geeks around the world – the infamous Jester. Now, I must caveat up front, that like Bigfoot, there have been many claimed sightings of Jester and many suggested known identities, however lore holds that he has still not been unmasked. Common belief is that the the Jester first appeared on Twitter, where he announced his attack on the Taliban website alemarah.info on January 1, 2010 and quickly thereafter established his WordPress blog “Jester’s Court.” The Jester also communicates via his I2P IRC channel #jester and cautions these are the only three authentic methods of communication from him: “As per usual, because of the large amount of imposters trying to pass themselves off as me I will only speak in THREE places, here via this blog, my twitter and the i2p IRC network outlined above where my nick (th3j35t3r) is registered to myself. If you see a ‘jester’ anywhere else it’s not me.”

[You might also like: BrickerBot.3: The Janit0r is back, with a vengeance]

To be honest, I had what I believed to be a live chat session with the Jester at RSA back in 2012 during a time whereby his “contributions” to fighting some aspects of Wikileaks, TeamPoision and Lulzsec were much reported.

According to the Jester, he has had stated that he was a former soldier and had served in Afghanistan and elsewhere, and many allegations have been made that he is a former defense contractor involved in U.S. Special Operations Command projects. In fact, many suggest that the Jester may not be a single person at all and is actually a group of people working as a form of a cybersecurity chaebol collective. In April of 2012, similar to the live session he had with me, the Jester gave a live chat interview to a class of Computer Science students at the University of Southern Maine where he confirmed his military service and stated he served four “operational tours.”

The Jester has many famous tool development claims, including the infamous XerXes DDoS tool. He claimed to have originally developed his DoS script as a means to test and harden servers, but after learning from an article that Jihadists were using the Internet to recruit and coordinate terror cells he weaponized his script.

The Jester has been known to have had many famous public battles with the likes of his nemesis Group Anon, Team Poison and Lulzsec among many others.

ArkanoiD – The St. Petersburg Hacking Club – A classic villain

ArkanoiD is closely linked to a St. Petersburg hacking collective that the infamous Vladimir Levin was reported to have been a part of. ArkanoiD’s story is like Ocean’s 11 or a digital Italian Job in real life. Allegedly (as he was never really convicted of the crime itself), Mr. Levin, working with three others, transferred a portion of $10.7M to his bank account from a handful of large Citibank accounts from all over the world—all while sitting in his apartment in St. Petersburg. Having said that, apparently gaining some inside information for $100, he didn’t use the Internet; instead he used telecommunications systems, and listened to customer phone calls to get their account numbers and PINs.

Although ArkanoiD was unmasked by authorities, they were reportedly all but $400,000 from Levin’s theft after his accomplices gave him up when they were arrested. In 1998 he was ordered to pay back $240,000 to Citibank for a lesser charge and sentenced to three years in jail. His whereabouts are unknown today, however ArkanoiD is reportedly active from time to time.

This hack and the club has been romanced as there are now numerous games borrowing the name from the famous collective.

The Janit0r (the Janitor) – A new soldier?

When one of my esteemed colleagues, Pascal Geenens, had discovered the now famous Brickerbot, he was tracking it for a few weeks and was amazed how this program attempted to kill devices in a seemingly relentless way. Since then we have witnessed numerous variants and have managed to replicate the effectiveness of the bot in a lab, and stood in awe as the bot essentially destroyed infected webcams and other IoT devices. They would not even respond to factory resets.

The Janit0r will go down, in my humble opinion, for building the first weapon of mankind designed to kill the machines which people are growing to hate en masse.

[You might also like: From BrickerBot to Phlashing, Predictions for Next-Level IoT Attacks.]

Who is the Janit0r? He is a hacker who has created multiple versions of a program called BrickerBot (also a name bestowed by my brethren at Radware), a system that searches out and bricks insecure IoT devices.

The devices all used a Linux package called BusyBox and had exposed telnet-based interfaces with default passwords. These devices were easily exploited by the Mirai botnet, which essentially turned them into denial-of-service weapons.

BrickerBot finds these devices and renders them unusable. The first version attacked about a thousand devices and alternate versions attacked thousands more. It disabled the devices by formatting the internal memory.

According to Bleeping Computer:

“Like so many others I was dismayed by the indiscriminate DDoS attacks by IoT botnets in 2016. I thought for sure that the large attacks would force the industry to finally get its act together, but after a few months of record-breaking attacks it became obvious that in spite of all the sincere efforts the problem couldn’t be solved quickly enough by conventional means,” wrote the Janitor. “I consider my project a form of ‘Internet Chemotherapy;’ I sometimes jokingly think of myself as The Doctor. Chemotherapy is a harsh treatment that nobody in their right mind would administer to a healthy patient, but the Internet was becoming seriously ill in Q3 and Q4/2016 and the moderate remedies were ineffective.”

This sort of vigilante justice is fun and clever. If a user can’t secure their own systems, perhaps a bit of discriminate destruction is just what these things need to stop leaving admin passwords wide open.

This new tool gives arms to all of those displaced by automation and technology and who would like to act upon their frustrations by hitting back at the robots!

The Bots are coming! The Bots are coming! Information Security Cyber-attack Trends Are Clearly Super!

Cyber-attacks are clearly super freaky these days. The above three characters/collectives are great examples of how the surreal have become real and the real has become surreal. Today’s threat is truly a mutant and catalog’s fail to unearth what tomorrow’s new class of super capabilities will be unearthed.

In the end, I believe that these larger-than-life characters will beget even larger-than-life offspring as we’ve only begun to see the metastasis begin to evolve.

To the good guys: Best of luck and good hunting those bad guys!

To the bad guys: Know the guardians of the Internet are looking for you!

ert_2016-17_cover-2

Read the 2016–2017 Global Application & Network Security Report by Radware’s Emergency Response Team.

Download Now

Carl Herberger

Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.

Leave a Reply

Your email address will not be published. Required fields are marked *