We here at Snapped Shot always enjoy a good mystery, and this one's definitely a doozy.
Flash back to yesterday, where I reported that the infamous gray-hat hacker th3j35t3r had some sort of run-in with the law. It didn't seem odd to me at the time, as someone in his particular line of work is pretty much constantly at risk of interaction with our "enforcemer" community - so I passed the information on to you pretty much exactly as I got it. Others, however, were somewhat more suspicious:
Was the The Jester (th3j35t3r) himself the instigator of reports that he had been the subject of a raid by law enforcement officials on Monday?
That seems likely to be the case.
It did not take long for word to get around that The Jester may have been the subject of a search and seizure, with several re-Tweets and blog posts appearing on the matter, including on Infosec Island.
It also did not take long for several people to surmise that the accounts were probably created by an impostor, and that the whole thing was either a hoax or an elaborate scheme to capitalize on The Jester's notoriety for the WikiLeaks DoS attacks by scamming sympathizers with a solicitation for funds.
So far, so good. Typical internet scumbag trying to cash in on a famous personality, right?
Well, it seems that all is not quite so simple. Anthony Freed continues:
I had to ask myself, why would an impostor in the midst of scamming The Jester's followers announce his actions to the "real" Jester by alerting him with an "@" mention in his Tweet?
Now all of the Tweets on The Jester's original Twitter account regarding the impostor have been deleted, and the last one showing is from Sunday's DoS attack on WikiLeaks.
I also began to wonder why The Jester, who I have had dozens of hours of instant message conversations with, did not seem to be very upset that someone was using his name to scam his fans.
The logical conclusion might be that The Jester himself is most likely the perpetrator of the whole "police raid" hoax.
Anthony raises a good point here - along with an even better one: The domain "th3j35t3r.net" does certainly point to th3j35t3r's WordPress account at present. But what's interesting is that the domain doesn't appear to have changed hands since it was created:
nserver: ns51.1and1.com 18.104.22.168
nserver: ns52.1and1.com 22.214.171.124
It's not like I can walk up to anyone on the Internet and demand that they hand over their domain name, nor would my complaints to any given hosting provider have any effect on the registration of the underlying domain itself. So how exactly did th3j35t3r get control of this domain from a supposed impersonator?
It's definitely an intriguing question, but given th3j35t3r's long history of service in the fight against terrorists, I'm willing to give him a mile-long benefit of the doubt.
Here's to hoping that he'll be willing to tell his side of the story long before that mile runs out.