Is Tom Ryan th3j35t3r?

WASHINGTON – Security professional Tom Ryan, in an interview with The Internet Chronicle, said that he was not in fact cybercriminal th3j35t3r, as he had been accused of being in much rumor and Twitter gossip, which Mr. Ryan said had largely been driven by Anonymous leader Barrett Brown. Mr. Brown, a self-avowed leader of the group Anonymous, has received taunts from Tom Ryan’s Twitter account, taunts claiming that Mr. Brown is himself a federal informant.

With regards to specific Twitter linguistic similarities shared by both Mr. Ryan and th3j35t3r , similarities recently circulated documents have noted, Mr. Ryan said that, upon seeing the documents, “If you want to compare a lot of the people that have served in the military, you’ll probably see a lot of the same lingo.”

Mr. Ryan’s profile itself is rather high, speaking earlier this year at Fordham University in a lecture called “When Hackers Attack: Protecting Your Online Identity.”
“Do you think th3j35t3r’s in the military? Do you think this confirms it?” this reporter asked.
“Well, he has claimed to have been,” said Mr. Ryan.
“Right, of course,” I said.
“But since I don’t know who he or she is, I really don’t know,” said Mr. Ryan, as the hacker’s identity is only for convenience’s sake inferred masculine by this article.
Added Mr. Ryan, “I totally don’t agree with the whole jester’s ideology as far as [denial-of-service]’ing attacks and all.  And there’s a lot of things that’s said about [the dox’ings] that were purposely left out of that document because anybody that knows me knows that I’m totally against DOS’ing and [distributed denial-of-servicing]’ing because I think it’s stupid.”

A popular Pastebin document, one widely circulated, noted that Mr. Ryan and th3j35t3r shared similar ideological attributes, in their associations, which to some observers seemed to line up with what many assessed would be the profiles of individuals who would attack Taliban and jihadist websites. “th3j35t3r” has been accused of censoring – although he actually, through a link, simply modified copies of — North African media sources, and extrajudicially undermining the operative base of WikiLeaks’ servers. His website claims that he monitored anyone who screened a QR code, very typically with cellphones, in the process stripping their text message histories from their phones, as well as their Web histories and passwords, were they to be in his list of bad guys.

Mr. Ryan says, in response to the Pastebin, says he’s familiar with the allegations that he is th3j35t3r and that the allegations are “completely false.” By phone, Mr. Tom Ryan says that several linguistic similarities between his own Twitter account, @TomRyanBlog, and that of th3j35t3r were totally coincidental. He says that one incidence of “#tangodown” — a hurrah used by LulzSec and th3j35t3r  to indicate having taken down a website –was purely for an April Fool’s day joke, as he had tweeted only on the 1st of April. However, he had actually tweeted twice that day, one minute apart each time.

“And you turn around and you look at it,” said Mr. Ryan of the phrase, “and they use that comparison, but yet Anonymous IRC uses it all the time. They used it yesterday on the CIA.”

The only major underground source on major record hinting semi-definitively at th3j35t3r’s background as a “former defense operative with knowledge of Special Forces activities” who told The New York Times that th3j35t3r was formerly of Special Operations Command, raising questions about the possibility of th3j35t3r being an operative on the payroll of the federal government.

Parties of major interest in First Amendment cases became the recipients of attacks, namely the notably discriminatory Westboro Baptist Church, just as they had been under the thumb of adversarial, to th3j35t3r, hacktivist collective LulzSec. A group based primarily in the United Kingdom, LulzSec’s now all but arrested members have received Homeland Security Department scrutiny in recent months, as a model of the modern, disorganized mass cybersecurity threat. At the time LulzSec appeared to be free, to the public, “th3j35t3r” was obsessed with carrying out their unmaskings and claimed to have identified a member, Hector Monsegur, in November, while Mr. Monsegur was in reality already an FBI informant.

In his own lawless undermining of a Midwestern anti-homosexual group’s website, what finally set off th3j35t3r against that church, he wrote, was their celebration of the deaths of several homosexual U.S. service men. Only two months prior, in December, the controversy over “don’t ask, don’t tell” would become a congressional standoff in the House at the end of 2010.

“I draw the line in the sand . . . when they attempt to get in the face of the mourners of our military . . . their families,” wrote th3j35t3r during a Halloween Hacker Halted Conference, in Miami — also, claims Mr. Ryan, attended by himself. “th3j35t3r” would hint that he, too, had attended, tweeting photographs from that location.
Today, The Internet Chronicle received an email from an anonymous, unfamiliar source, one referring the outlet to an attachment, an atachment of screenshots sampled from a Twitter user named “Smedley Manning.” This username is clearly an allusion to Bradley Manning, a modern-day U.S. political prisoner, the most prolific leaker of state secrets; and Smedley Butler, at the time of World War I the most decorated soldier in national history, and the discoverer of a plot, he said, by domestic industrialists to overthrow the Roosevelt administration. “th3j35t3r” was the first of “Butler’s” 50-some followers on Twitter.

At this address, there is a rather lengthy, anonymous rumination on the meaning of the Tom Ryan and th3j35t3r writing similarities. Altogether it’s a very nitty-gritty breakdown on the kinds of reconnaissance and counterintelligence talents that Mr. Ryan brags that he possesses on his LinkedIn page.

So far, there’s nothing explicitly illegal or even, arguably, unethical in the hacker’s actions on QR codes on cellphones, says Security New Daily, as th3j35t3r’s software, they say, has only been listening to see how much information a social-networking app will give up.

CORRECTION: This article misattributed a claim to have attended the Hacker Halted conference. Indeed, as Mr. Ryan points out on Twitter, “I never said I went to Hacker Halted.” It was a reiteration of innuendo present in the so-called dox’ing of th3j35t3r:

Last year, TR and J both attended Hacker Halted in Miami and DEFCON in Nevada. Based on what we know of the pair’s political leanings and infosec knowledge, that alone automatically narrows them down to less than 5,000 possible suspects.

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

Audio clip: Adobe Flash Player (version 9 or above) is required to play this audio clip. Download the latest version here. You also need to have JavaScript enabled in your browser.

13 comments to Is Tom Ryan th3j35t3r?