Site icon Sophos News

Jester defaces website but the Russian Government isn’t laughing

The Russian Ministry of Foreign Affairs’ website is normally a pretty sedate read.

Visitors see an imposing image of the Ministry’s famous Stalin-era Moscow headquarters below which usually run dry reports on the latest work of Russia’s foreign ministers and diplomats.

On Friday, things were unexpectedly different.

“Comrades! We interrupt regular scheduled Russian Foreign Affairs Website programming to bring you the following important message,” began a proclamation in English on the home page.

The message mentioned that day’s huge DDoS on DNS provider, Dyn:

It doesn’t matter whether it’s you and China, you and North Korea, or you and some random group calling themselves ‘New World Hacking’ – it’s still a pathetic flex.

Then, to the point:

Knock it off. You may be able to push around nations around you, but this is America. Nobody is impressed.

Now, get to your room. Before I lose my temper.

The “I” in this case is a hacker called Jester, aka the the “Batman of the internet”. According to the FBI, this is a figure previously blamed for attacks on sites that pushed anti-American Jihadist propaganda.

It’s the sort of prank defacement of an obscure government website that would barely be noticed on most days, but these are not most days.

The Russian Foreign Ministry was not amused but claimed the attack affected an old version of the official site.

Maria Zakharova of Russia’s Ministry of Foreign Affairs said in a Russian-language response on Facebook quoted by the International Business Times:

Specialists are working out what happened. If they establish there was hacking by Americans, even of a resource that wasn’t working, this is far from pleasant.

Zakharova added that, it is as if:

[A] cyber-machine of destruction has started acting.

Leaving aside the geopolitics of a self-styled US hacker attacking a Russian Government website (an entire topic these days) two intrigues emerge from the attack.

The first is that, surprisingly, website defacements still have currency.

Defacements are a basic kind of hack, often targeting weak logins or site vulnerabilities, that were all the rage about five or six years ago. Then, as the volume of defacements surged and security was tightened up, people stopped paying attention.

A notable exception to this rule was an attack by defacement specialists The Syrian Electronic Army (SEA) in late 2014 that managed to redirect hundreds of well-known websites after breaching DNS provider Gigya.

This wasn’t classic defacement but it performed the same function of hijacking trusted websites for propaganda purposes.

Friday’s attack perhaps marks the moment defacement as a way of attracting attention started working again. It could be timing – the US and Russia are at each other’s throats over numerous issues and old-fashioned symbolic slights are once again newsworthy.

The second is the Jester.

Attacks driven by the ideas and grudges of an individual (assuming Jester is an individual) willing to boast about his or her exploits aren’t common.

Jester was directly referenced in the US TV Show, Mr Robot, which follows the hacking exploits of a Jester-like character, Elliot Alderson. Being mentioned in hit TV show must feel like importance of zeitgeist-level proportions.

The entangling of real-world events with fiction sounds like poetic prophecy: nobody knows what is going on any more but we can always wait for the next episode to reveal a little more of an unsolvable mystery.


Exit mobile version