Jester claims to have beefed up BeEF
Jester has had a few knocks just recently. Mostly it stems from the recent FBI arrests that included UGNazi members, and Jester’s oh so subtle hint that he had been involved. The two comments that upset people most were:
Teaser: If I was a gambling man I might hazard a wager on the ‘CarderProfit Forum’ being a honeypot/sting that *someone* setup. Just a wild stab in the dark you understand.
implying that he was in on the FBI honeypot nature of CarderProfit Forum from the beginning; and
Many thanks to Leres and the others both outside and ‘on the inside’ who have been all over these assholes over the last 3-4 weeks.
implying that LeReS (@Le_Researcher) helped, but only helped, in the hunt. This led to a stinging rebuke on Pastebin:
Your out of control ego is sickening. You had jack all to do with this incident and you sit here yet again like you did with Team Poison glory hounding all the work. LeRes actually did research, you did nothing but boast about it and cast ritual taunts in every other tweet.
A common view of Jester emerged that actually, and ironically, mirrors Le_Researcher’s view of UGNazi. “Well its actually pretty easy to manipulate a person or people into a direction that you want them to go,” he wrote, talking about UGNazi’s false claim to have taken down Twitter. “You give them the idea and they execute it, like a SQL injection into the human brain. The fact that some followers and reporters believe them… well that’s their problem. The question is though that will you believe them the next time?”
And that is indeed the question. Should we now believe Jester’s latest blog post? In this, he claims to have taken the Browser Exploitation Framework (BeEF) – because it lends itself to him “modifiying and hacking it to pieces in order to get it to do what” he wants it to do – and is now using it on an unquantified number of unspecified compromised websites in order to catch out unnamed bad guys. He calls it Project Looking Glass. “So currently there are 12 new modules in Project Looking Glass and they are pretty nasty if you get caught on the end of one or more of them,” he writes.
It’s actually feasible. I asked independent security researcher and pentester Robin Wood what he thought. “I’d say it looks legit,” he told me. “I can think of ways to implement some of the tools he says he has added to BeEF so that bit is definitely plausible.”
What Jester is claiming is that he has produced a net to catch his targets.
Again bad guys, Project Looking Glass has been running for months now, and not without success as we have seen. There’s nothing you can do about it, as you have no idea how many hook code snippets are out there, where they are…
…or indeed whether or not you have already accidentally stumbled through the looking glass.
But in LeReS’ words, is this just another UGNazi-style human brain SQL injection, with Jester telling us what we should think about him; or has he really produced something nasty?