No, the Jester didn’t hack the Russian Foreign Ministry website

Ho ho ho.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

No, the Jester didn't hack the Russian Foreign Ministry website

Over the weekend, the mainstream media (and some security news sites) reported that patriotic US hacker The Jester had breached the Russian Foreign Ministry’s website.

The alleged defacement appeared to blame Russia for the massive DDoS attack against the DNS domain name service which disrupted access to major websites:

Russian jester

Sign up to our free newsletter.
Security news, advice, and tips.

It doesn’t matter whether it’s you and China, you and North Korea, or you and some random group calling themselves ‘New World Hacking’ – it’s still a pathetic flex.

Knock it off. You may be able to push around nations around you, but this is America. Nobody is impressed.

Now, get to your room. Before I lose my temper.

In the current climate of claims that Russian hackers have broken into the email accounts of Hillary Clinton’s presidential campaign, a hack like this could raise the temperature to boiling point.

But it wasn’t true.

Kudos to Ars Technica for debunking the reports:

If you are at all familiar with The Jester, you will know that this isn’t the first time he’s used Internet sleight-of-hand for propaganda and other purposes. In the past, he used web address shortener services and cross-site scripting to create the illusion that he had altered articles on the websites of the Malta Independent Online and the Tripoli Post. He’s also used various other tricks to mess with the minds of would-be Anonymous members. And yes, he’s launched distributed denial of service (DDoS) attacks against jihadist sites and the Westboro Baptist Church.

The Jester had used a combination of a URL shortener and an XSS vulnerability to make his message appear to be on the Russian Foreign Ministry’s website, and duped the media into believing something more serious had happened.

And we still don’t know who launched that massive attack against Dyn.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.