UPDATE: Our hero Jake Davis provided some interesting commentary on this subject recently:

I remember seeing IRC logs of you and LulzSec dissing The Jester and saying his tool “XerXeS” is just SlowLoris with Tor… but how did you guys come to this conclusion? How can this be mitigated if his attacks appear to come from so many exit nodes? Just block all Tor exit nodes? I dnt wanna to. :(
“I have no idea how XerXeS or any other DDoS tool actually works, all I know is that the person or people running the character known as The Jester have been doing it successfully for many years with absolutely zero discrepancies, arrests or suspensions. I think that’s it’s incredibly impressive that The Jester has stuck to the courage of his/her/their convictions for such a large period of time, even though I disagree with some of the political views expressed. I’m a big fan of facilitating alternative realities and The Jester brings us into another world with many sophisticated layers that often make us forget that it’s just a twitter account and a blog, which is a talent few people have. I find the construction of the persona at a granular level far more admirable than the hacking itself, which I obviously don’t approve of. ”    -via  http://ask.fm/DoubleJake


>DecryptedMatrix gives voice to PiraX


th3j35t3r_Tom_Ryan_BlogHello there, th3j35t3r.  We would also like to welcome our fellow Anons, bloggers, and those simply interested in a cyber-culture controversy spanning over two years. We are sure you know why we have called you here. Your recent online behavior has been rather strange, to say the least. We are here for one reason: We want to end you.

We would like to start first by making you comfortable. No more quasi-anonymous pseudonym mumbo-jumbo. Your name is Thomas so we will call you by the name you were given by your mother. We know your name because it was confirmed over a month ago with the following Pastebin paste:   http://pastebin.com/A5iiTAJS  (PiraX Dox continued after paste)

Q: Are Thomas Ryan and th3j35t3r one and the same person?

tl;dr: Yes. You fucking bet they are. In the words of Oscar Wilde, however, ‘The truth is rarely pure and never simple.’ Thus, if you want the full, uncensored dox on th3j35t3r, you’re going to have to bear with me for the next ten minutes as I tear apart his tissue of lies and disinformation.

Now concentrate, cos here comes the proof…

Warning: Long dox is looooooooong. I trust it will prove to be an enlightening read however, not least for Mr Thomas Ryan of 86 Amber Street, Staten Island NY.


Filmed at Defcon after observing Tom Ryan post and photograph a note outside the vendor room signed “J.” This photo was tweeted from @th3j35t3r twitter within moments, as was the following: https://i.imgur.com/axth3.jpg
Note the “Black cell paintball” logo on the shirt. BCP is the name of Tom’s Paintball team. Tom hangs on PBnation.com with a kid called j35t3r, which is the likely source for the name, and the first of many plagiarisms.  NOT SUSPICIOUS AT ALL, folks. Nor is it suspicious that the ridiculous attempts to smear me as a secret blackhat/anon/whatever over the last year all come from the same group of six people connected to Tom. The other partner is tentatively identified, but that’s a story for later.


Among the 9,000 names to have been linked with @th3j35t3r, one that keeps cropping up is that of @TomRyanBlog. The dox has been denied by th3j35t3r, but then Sabu repeatedly denied that he was Hector Monsegur, and we all know how that one ended up…

While many Anons have been focused on reverse DNS lookups, port scanning and conventional doxing methods to unmask Jester, no one seems to have tried a simpler technique: writing analysis.

If Tom Ryan (TR) and Jester (J) are one and the same person, it should be easy to tell. They’ve written 3,000 tweets between them. Even the l33t3st of the l33t would struggle to convincingly maintain two separate writing styles over the course of thousands of tweets and numerous blog posts.

For those who are new to the party, here’s an overview of what we know about TR and J:

Both are conservative, right-wing and love their precious military. Both hate #OWS, Wikileaks, Manning and are obsessed with unmasking Anons. Both are fixated with Sabu (still!), Team Pois0n and Cabin Cr3w. Both enjoy love-ins with @AsherahResearch, @AnonymousDown and all the usual trolls.  In short, they’re both neo-con faggots. But are they one and the same faggot, or are they separate fags who happen to be pursuing identical vendettas?

Before we get bogged down in analyzing their writing styles, here’s some lighter tit-bits to get things kick-started:

1. Last year, TR and J both attended Hacker Halted in Miami and DEFCON in Nevada. Based on what we know of the pair’s political leanings and infosec knowledge, that alone automatically narrows them down to less than 5,000 possible suspects.

2. TR and J both like sushi (a trifling detail, but one that helps build a picture of their personalities). TR: “@p0isAn0N not going to the right Pizzaria. If you are in Boston you should be going to BoLoCo for Burritos anyway. And Duozo for Sushi.”
J: “#hackerhalted delegates … Stay clear of Cafe Bastille. Great sushi at Bali Cafe though… Stayin frosty.”

3. Tom Ryan has form for assuming false identities – such as ‘Robin Sage’. See here for the full story:

INTERESTING FACT: @RobinSage joined Twitter on 26th December 2009 – exactly one week after @th3j35t3r joined.

The connection between Tom Ryan, Robin Sage and Jester was first brought to my attention by this tweet from @LulzKitten on 29th March 2012:

“Okay, let’s cut the crap, hello @Th3J35t3r aka@TomRyanBlog aka robinsage. Game over. Was fun, at least sometimes. Next nemesis, plox!”
(Note: Direct links to all tweets quoted in this dox can be found cited in the conclusion.) After reading LulzKitten’s tweet, I cast a casual glance over the Twitter feeds of Tom Ryan and Jester, and instantly noticed some similarities between the pair.

The most damning evidence linking TR and J – the smoking gun – will be presented towards the end of this dox, if you can wait that long, but first, let’s perform some writing analysis. After all, if TR and J are the same person, there ought to be some similarities in their writing styles, surely? You betcha. Here we go then:

Anyone who’s followed J on Twitter and read his blog may have noticed that he has a very distinctive writing style. Let’s pick through some of Jester’s trademark phrases, and then see if we can spot them recurring in TR’s tweets:

4. ‘Hmmmm’. Jester likes to say ‘Hmmm’ ‘Errr’ and ‘Ahemmm’ a lot. In fact he likes to say them so much that he even uses these filler phrases in his blog titles, as well as littering his tweets with them. Here’s some examples:

5th April: “@deftpunkz – umm holy shit. I dont know what to say guys, errrr thanks, i think? -”

4th April: “Al-Qaida ‘blacked out’ on the internet (effectively switched off) >>>http://timesofindia.indiatimes.com/tech/news/internet/Al-Qaida-blacked-out-on-internet/articleshow/12529550.cms #infosec#saladin #ahemm”

3rd April: “Now…… imagine…… how many of those listed in my last, were ummmmmm – on the ‘shit list’ – just a thought??? #anonymous”

27th Feb: “#Wikileaks & #anonymous dump 5 million#strafor internal emails obtained by #anonymouslast Dec..umm this right here…”

21st March: “Anti-Anonymous hacker threatens to expose them (via MSNBC) http://www.msnbc.com/id/46716942<<< ummm too late. #military #cyber #security#infosec #DoD”

15th Nov, WordPress blog title: “Occupy Wall Street?? 99%?? Ummm.”

Hmmm, I wonder if Tom Ryan also likes to say ‘Hmmm’? Let’s take a look:

10th April: “How To Prevent Data Leaks From Happening To Your Organization http://zite.to/HCucc8hmmm…how do you prevent the carbon factor from leaking?”

6th April: “Hmmm So @AnonW0rmer is arrested at 10:30http://j.mp/HiAASP tweets till 3:32, @ItsKahunadisappears @AnonymousIRC disappears for 4 Day >>>”

15th March: “CSI tonight has a scent of Anonymous. Anthropology professor teaching about Hactivism. Hmmm who came it be?”

11th March: “@kennethlipp hhhmmmm do you think any anons donated money to his reelection campaign?”

7th March: “@CryptKper @v0ld4m0rt you are spot on! Who could that have been? Hmmmmm”

16th Feb: “@agentdarkapple Interesting! Hmmm! I can see why you think I would be L and you would be N. L doesn’t smile like me”

OK, that’s enough Hmming – on to point #5: ‘Tick tock’. Jester loves to say ‘Tick tock’ – it’s one of his favorite phrases. Look:

6th March: “From 3.5 months ago:https://th3j35t3r.wordpress.com/2011/11/19/if-i-am-wrong-ill-say-im-wrong-heres-my-apology/…… from 1 hour ago ….http://www.foxnews.com/scitech/2012/03/06/hacking-group-lulzsec-swept-up-by-law-enforcement/ tick tock toldya.”

3rd August: “’RT @anonymousabu: @hjjrc @SparkyBlaze Your problem is with a ghost. Someone you can neither find nor stop.’ << you have same problem. #tick”

27th July: “@anonymousabu tick tock.”

24th July: “TICK TOCK. #toldyac2dc37a7d9d3238877a127f2d5171c9d”

21st June: “Tickety Tock…..”

25th June blog entitled LulzSec’s Cloudflare Configuration: “Tickety Tock Tock.”

Why, isn’t that a quirky little phrase? I wonder if Captain Hook – sorry, Tom Ryan – also uses the same terminology. Oh, what’s this we have here from 27th Feb?

“#Anonymous I am working on my big release. Hmmmm who should it goto? Tick Tock”

There’s even a ‘Hmmmm’ thrown in for good measure. How Jester-esque!

With a nudge and a wink, we move onto #6: Jester loves nothing more than to sign off his tweets with a sly wink. Just like so:

28th March: “@wwpinc – just in case you were not aware: >>>https://th3j35t3r.wordpress.com/support/ <<< – keep up the great work ;-) Peace. #pgr #wwp#woundedwarrior”

26th March: “Al-Qaida forums crippled in suspected cyber intervention http://j.mp/GSd8ih << bad things happen to bad people, apparently ;-) #infosec”

11th March: “@RepDanGordon @FBIPressOffice I merely stated u were on the list, u seem awful jittery. U need to calm down >> ;-)”

2nd Oct: “RT: @mach2600 @th3j35t3r It’s wobbling … up, down, up, down… <<< gotta love NGINX – always somethin huh ;-)”

16th June: “standby for supporting clarification onhttp://th3j35t3r.wordpress.com/2011/06/16/quick-n-dirty-just-for-clarification/?utm_source=Jesters+Court+Blog&utm_medium=twitter – close ya eyes if ya already saw it yesterday. ;-)”

2nd June: “http://www.foxnews.com/scitech/2011/06/02/pentagon-has-secret-list-cyber-weapons/ – #justsayin;-) #oorah”

Now it’s TR’s turn to have a sly wink:

5th April: “The beauty of data-mining in a social world, I don’t need to be connected to you, so you can’t block me. You just need to be on my radar ;-)”

5th April: “@x_ryujin_x @render64 @bitchiest @kalyptonetthink of what full dox did for Sabu ;-)”

4th April: “@LauraWalkerKC @BobbyCarbon@NavySEALsORG @Packetknife @HonorThemYou should record it ;-)”

14th March: “To Geeks & Nerds 3/14 is known as Pi Dayhttp://www.youtube.com/watch?v=JTZtuMdkUksTo Horny Men it’s known as Steak & Blow Job Day! The GF reminded me ;-)”

13th March: “@JackalAnon warned #Anonymous 2 Days Ago about OAuth and Apps. We’ve warned you about TOR. ;-)”

14th Feb: “Why I’m Glad My Boyfriend Isn’t On Facebook – Forbes http://j.mp/z9XNrP by @kashhill | Leaving Facebook made me never want to go back ;-)”

Next up, it’s similarity #7 – ‘Stay Frosty’. This, Jester’s catchiest of catch-phrases, crops up all over his tweets:

2nd April: “http://www.cbsnews.com/2100-202_162-20075647.html <<< still going on about this? Stay frosty and have a Cupcake??”

10th Nov: “#stayfrosty -Word of advice 2 @barrettbrownlol: Just because you’re paranoid doesn’t mean they aren’t out to get you. >”

26th Oct: “#hackerhalted left a little something under the projector in Alhambra SCADA room. Tweet me a photo of what’s there. #stayfrosty”

25th Oct: “#hackerhalted delegates … Stay clear of Cafe Bastille. Great sushi at Bali Cafe though… Stayin frosty.”

Now let’s see what Monsieur Ryan has to say for himself:

10th April: “Iran plans to unplug the Internet, launch its own “clean” alternative http://zite.to/Iqm1Ba#anonymous @CabinCr3w Stay Frosty ;-)”

16th March: “@testeux1 Class on Strategy? I can teach one at The Spy Museum in DC @wikileaks @revmagdalen@AnonymousIRC @YourAnonNews Stay Frosty ;-)”

13th March: “#Anonymous in your time of fear those of you that have used delete.twitlan / tweeteraser / twitwipe A Special Thank You!!! Stay Frosty! ;-)”

13th March: “@jackie_singh @krypt3ia I was promoted today to Brigadier General Packet of The Cyber Brigade@th3j35t3r now reports to me! Stay Frosty ;-)”

12th March: “Finch + Reese = ;-) …. Stay Frosty & Watch Your 6!”

Hang on a sec, isn’t it a bit, well, *obvious* for Tom Ryan to be liberally dropping Jester’s favorite catchphrase into his tweets? Yep, you’re right – it’s very obvious. But here’s the thing: the AntiSec dox that named Jester as Tom Ryan landed in Pastebin on 11th March. Notice how TR deliberately goes out of his way to play up to the ‘Stay Frosty’ caricature in the ensuing days? That’s because he realizes that the more he pretends to be Jester, the more people will be inclined to write him off as just another Jester wannabe. For another example of this tactic, here’s how J tweets every time he downs a Muslim extremist website:

1st March: “http://www.rjfront.info – TANGO DOWN. Temporarily. For enabling recruitment, & co-ordination of jihadist terror cells via web.”

1st March: “http://www.atahadi.com – TANGO DOWN. Temporarily. For online incitement to cause young muslims to carry out acts of violent jihad.”

Exactly one month later, on 1st April, TR tweets the following:

“www.ic3 .gov – TANGO DOWN. Temporarily. For not doing your job, & not arresting #Anonymous”

And: “www.fbi .gov – TANGO DOWN. Temporarily. For enabling recruitment, & co-ordination of#Anonymous via web.”

At this point, obvious troll is obvious – within days of LulzKitten’s tweet linking Tom Ryan and Jester, TR goes out of his way to tweet ‘Stay Frostys’, Jester winks and ‘TANGO DOWN’s. To give him credit, it’s a pretty smart way to make people think you’re nothing more than a Jester fanboy. Sadly for Thomas, it’s too late; the evidence linking Tom Ryan to Jester began from the moment TR began tweeting in January 2012. Prior to AntiSec dropping Jester’s dox on 11th March, Tom Ryan had only tweeted ‘Stay Frosty’ twice in three months. Immediately afterward, he tweets it five times in four days – complete with the Jester’s trademark wink.

So does that mean that all of the foregoing information is is part of an elaborate ploy, cooked up by Tom Ryan and Jester, to obfuscate the identity of the real Jester? In the case of the ‘Stay Frostys’ and the ‘TANGO DOWN’s, yes, it probably is. Thankfully, there are dozens of other textual similarities between the pair – similarities that are too subtle to be part of a pre-planned disinformation campaign.

Which leads nicely on to point #8: ‘Much’. Note the phrase that appears in the following tweets from Jester:

18th June: “http://www.techhomethebacon.com/news/hacking-infosec/th3j35t3r-links-nakomis-to-lulzsec-group-cover-up-ensues.html – backpeddaling much? Hacked? lol. -”

18th June: “Back-pedalling much?https://twitter.com/#!/Anonakomis/status/81862870664609792 #js”

August 21st WordPress blog entitled If ya can’t beat em, make some shit up??? LMAO!: “coincidence much?” “projection much??”

I wonder if TR ever lets slip a similar phrase? Oh, what’s this?:
14th March: “@kaepora Nadim, delete much? You’re in the snitch crew ?https://twitter.com/#!/realytcracker/status/143411708369715201 of @Anonymousabu & @ioerror”

Coincidence much?

#9: Jester loves to leave trailing dots in his tweets:

9th April: “<<< drums fingers on desk….”

3rd April: “Now…… imagine…… how many of those listed in my last, were ummmmmm – on the ‘shit list’ – just a thought??? #anonymous”

22nd November: “AFK…….”

He also uses trailing dots when he’s typing live into Notepad in this YouTube video: http://www.youtube.com/watch?v=WeO44IWlkfU

More of Jester’s ‘trailing dots’ tweets are cited at the end of this dox. Now it’s TR’s turn to deploy this tactic:

6th April: “@kennethlipp that’s how it went down with Barrett Brown too. Remember they ended up going to every address for him….according to him”

5th April: “@Bitchiest @KalyptoNet @TomRyanBlog The Secretary disavows this tweet and everybody in it…”

4th April: “#Anonymous ever wonder why certain high ups in your collective are never V& …. Look at cases that never went to court & who has relocated”

Again, more examples of this idiosyncrasy can be found cited at the end of this dox, as well as liberally scattered throughout Tom Ryan’s Twitter feed.

#10: Arrows. Jester loves to use arrows to break up words in his tweets, <<just like this>>:

9th April: “”@VizFoSho: @th3j35t3r dun goofedhttp://www.picvalley.net/u/1980/407013641289457528133400533586itAR4VE93lm7DAkGd2.PNG@RepDan_Gordon” <<< Shit ya got me! What am I to do? Btw now I am near north pole.”

28th March: “@wwpinc – just in case you were not aware: >>>https://th3j35t3r.wordpress.com/support/ <<< – keep up the great work ;-) Peace. #pgr #wwp#woundedwarrior”

Now TR:

6th April: “Hmmm So @AnonW0rmer is arrested at 10:30http://j.mp/HiAASP tweets till 3:32, @ItsKahunadisappears @AnonymousIRC disappears for 4 Day >>>”

13th March: “Don’t know whether to laugh or feel bad but come on: (compatible;+MSIE+6.0;+Windows+98;+Win+9×4.90) << In This Day An Age??”

9th March: “conspiracy 1. a plan or agreement to carry out an illegal or harmful act 2. the act of making such plans >> aka #Anonymous Ops #justsayin<<”

Glance through their tweets and you’ll see that J and TR use <<arrows>> all the time.

#10: UPPER CASE. Compare the tweets of J and TR and you’ll notice that they both love to highlight single words in capitals. Jester first:

9th April: “WARNING: Tweeps in mirror are closer than they appear.”

18th March: “I’m still asked WHY I hit #wikileaks, skip to 28mins 12secs & Major TJ O’Connor abt sums it uphttp://www.youtube.com/watch?v=buY3I4PkK98<<worth watching it all.”

11th March: “@repdangordon be advised, when u file ur complaint to feds, they ARE going need ur cell for forensics to determine IF I hacked u at all ;-( ”

Tom Ryan’s turn:

5th April: “INTERESTING: What is this ugly brown stain on a Key Member of Anonymous’ back? I need to do my cropping for the new site launch. Peace!”

5th April: “#Anonymous why so many military and sovereign citizen connections? GOD I aam glad I took 2 weeks to lay low.”

4th April: “@MaxVenator Too cold and windy for the Hamptons BUT you gave me a good idea. Maybe we can turn Plum Island into a resort for#Anonymous”

Jester and Tom Ryan both use this technique DOZENS of times in their tweets.

#11 features a more subtle similarity between our Jester and our Clown:

Jester, 21st August: “If ya can’t beat em, make some shit up??? LMAO! -”

TR, 16th March: “@exiledsurfer ROFLMAO! Reminds me of being in Bahrain & Abu Dhabi hearing Garth Brooks “Friends in Low Places””

Jester and Thomas don’t always laugh their asses off, but when they do, you can bet it’s in upper case with an exclamation mark at the end. (More examples, as always, are cited in the conclusion of this dox.)

#12: J and TR aren’t very good at spelling. They struggle especially with words such as ‘its’ and ‘it’s’. Jester’s tweets aren’t usually too bad for typos, as he doesn’t rush them (because he knows they will be analyzed by a wide range of foes who might otherwise have cause to mock him for his poor grammar). He also has the autocorrect on his Android phone to help him. He still struggles with those pesky apostrophes that autocorrect can’t pick up however, especially when he tweets from his desktop:

6th March: “WTF is Wikileaks gonna do now it’s source of illegally obtained private info (anon/lulz) has had it’s head & skillset removed? #2birds1Stone”

21st June: “Seems almost as if ‘somebody’ doesn’t want you to see my last link – here’s a pastebin of it’s content.”

In his WordPress blog however, Jester often mixes up his apostrophes, especially in words such as ‘its’:

“With Netcat listening at the other end for incoming connections, you can configure it to execute it’s own script when it receives a connection for example to send a Message of the Day to the connecting device, you would run netcat like this on your server”

Watch his two YouTube videos (links cited at the end) in which he types directly into Notepad and you’ll see he also fails to put apostrophes into words such as  ‘lets’, ‘its’ and ‘Thats’. 2:20 into his XerXes DoS Attack video and you’ll see that the text displayed on Jester’s self-designed software also contains typos: ‘SUCCESFULLY’ should have two ‘s’ in the middle, while at 2:29, you’ll see that ‘Secured’ has also been spelt wrongly. At 6:52 he also makes the same error when typing into Notepad.

Does Tom Ryan fare any better in the spelling stakes? No. In fact he’s even worse when it comes to tweeting typos. That’s because Thomas tweets ten times as frequently as Jester, tweets more hastily (lots of rushed replies to his Twitter buddies) and because he writes the tweets on his Mac, which doesn’t autocorrect his mistakes. Look:

4th April: “@AdrianChen surprised your not all over the@Anonw0rmer arrest and shortly after the disappearance of @itskahuna”

5th April: “To those I owe something too, It’s on it’s way!”

30th March: “RED ALERT: tomorrow is #NoClick31 just as a precaution. Rumor has it #Anonymous is using it’s Porn Bots for #opBlackout click to DDOS attack”

Wanna see more? Just read his tweets.

OK, we’ve almost reached the really juicy stuff linking Jester and Thomas, but first there are a couple more writing similarities to rattle through:

#13: J and TR write numbers numerically rather than alphabetically – even when composing short tweets.

Jester, 28th Feb: “4 more Anons V&’ed http://tinyurl.com/8a2g5k5#anonymous”

10th Nov: “#stayfrosty -Word of advice 2 @barrettbrownlol: Just because you’re paranoid doesn’t mean they aren’t out to get you. >”

27th November: “#saladin (XerXes bro)- ‘the best weapon is the one u never have 2 fire…I prefer the weapon u only need 2 fire once.’”

20th July: “Never saw a wild thing sorry 4 itself. Small bird drop frozen dead from bough without ever having felt sorry 4 itself.”

TR – yep, you’ve guessed it – does exactly the same:

5th April: “@ohmylulz will with 2 False Positives.@missarahnicole @AsherahResearch”

4th April: “Ruh roh! A certain key #Anonymous member disappears for 4 days then reappears. We know what that means.”

3rd April: “@Ihazcandy I should start digging into them. Since I have 2 weeks of downtime.”

OK, moving on (we’re nearly done, I promise) to #14: Hashtags. If you go to tweetstats.com and enter TR and J’s twitter names into separate windows, a series of pretty graphs will be generated that will allow you to compare their tweeting patterns. You’ll notice that they tweet from separate devices, to eliminate the possibility of accidentally tweeting to the wrong account – Tom Ryan likes to keep his iPhone in one pocket and his Android in the other for when he’s playing Jester. Click on the Tweet Cloud tab at the top of the page and you’ll be able to view the most frequent hashtags used by both parties. Not too surprisingly, given their obsession with all things masked, it’s #anonymous. There are also three other hashtags that the pair use prominently however – #fail, #justsayin and #infosec. The latter one is understandable, but the other two? Interesting. Let’s see some #fail and #justsayin in action, starting with Jester:

3rd November: “#opcartel #anonymous You should really listen to what this man has to say. Remember your track record is full of #fail”

15th August: “@anonymousabu U R #fail. U hurt who u claim to fight for (lol), u have agenda < http://reg.cx/1Qps& the agenda is >”

14th August: “So @landrytom u finally got ur mention. Damn u zeroed my ‘xchat’? Please all check out his timeline. Then ask him where is the pwnage? #fail”

29th July: “1st up: My doxing. That’s a #fail. (again) I have never been Ryan Berg, John Willander, Robin Jackson, Anthony Freed, Beau Colvin. #opFrosty”

2nd June: “http://www.foxnews.com/scitech/2011/06/02/pentagon-has-secret-list-cyber-weapons/ – #justsayin;-) #oorah”

Now it’s Tom Ryan’s turn to #Fail (#Justsayin):

5th April: “@agentdarkapple @AsherahResearch she’s definitely is no @elizadushku , Mila Kunis or Megan Ackerman. So she’s a #Fail”

2nd April: “@subverzo TY for verifying 2 alternate personas yours & @CrappyTires . FYI, Everyone in the CT world knows Shumukh al-Islam Forum. #FAIL”

9th March: “@AnonymousIRC you do know they rig cases to#FAIL inorder to capture bigger FISH ….. Right?@atopiary @lolspoon @AnonymouSabu”

9th Feb: “Dangerous Tweets: Arrested, fined in 140 characters or less http://j.mp/yWAV4G << What ever happened to contextual analysis? another#Fail” (Note the classic Jester-style arrows used in this tweet as well.)”

10th March: “#anonymous remember threatening people or family members can lead to several crimes. If they are harmed it becomes much worse. #justsayin”

9th March: “conspiracy 1. a plan or agreement to carry out an illegal or harmful act 2. the act of making such plans >> aka #Anonymous Ops #justsayin<<”

Plenty more examples, as always, can be found cited in the footnotes at the end of this dox.

OK, here endeth the writing analysis lesson. Thank you for your patience :) It would be fair to say we’ve established that Jester and Tom Ryan tweet in an uncannily similar manner, but that’s not all. Now we get on to the really good shit…

#15: Tweet times. Using tweetstats.com, it’s possible to compare the times at which J and TR tweet. A quick glance at their respective Tweet Density graphs reveals a similar pattern:  neither of them tweets between 3am and 7am EST: they’re both East coast bitches. Interesting.

#16: A few days ago, @VizFoSho tweeted the following image:


It depicts two Jester tweets from 7th April, both geo-stamped with Atlantic City, NJ on them. Atlantic city is within 150 miles of NY, where Tom Ryan lives. On 26th March, Jester also posted a single tweet from New York: https://twitter.com/#!/th3j35t3r/status/184333789697282048

Normally, Jester’s tweets don’t reveal his location. Up until April 2012, there had only been four instances in which Jester’s tweets revealed his location – and two of those occurred when he was at DEFCON Nevada and Hacker Halted in Miami, occasions when he was undoubtedly eager to reveal his location in order to prove he was in attendance. Were the New York and Atlantic City revelations accidental (Tor for Android not working properly perhaps?) or was Jester trying to provide more misinformation?

After @VizFoSho pointed out the NJ link (the NY slip-up had gone unnoticed), Jester went out of his way to post two tweets from ridiculously exotic locations – Cape Town on 9th April and then Hawaii on 10th April:

https://twitter.com/#!/th3j35t3r/status/189464600318722049 “The octopus here is amazing. Dontcha think :-)”

Jester has never previously switched his location to a far-flung location purely for the lulz. Why should he suddenly be trying so hard now that he’s been identified as an East coast slacker? If he’s not Tom Ryan, why should be bothered if people think he’s from NJ or NY?

On 4th April, Jester made the second of his two Atlantic City tweets at 4:03pm. 11 minutes earlier, Tom Ryan had also posted a tweet. For the next 48 hours, neither account tweeted – a rare occurrence, especially for TR who averages over 30 tweets a day. Enjoying a couple of days in Atlantic City playing the slots, perhaps?

Here are the 4th April tweets from both parties:




Curiouser and curiouser. But that’s not all. On 23rd March, TR tweets:

“Headed to South Beach to enjoy this great weather! Later Tweeps!”


For the next 48 hours, Jester and Tom Ryan are both absent from Twitter.

A month earlier, on 17th February, the same thing happens after TR tweets:

“Off the Grid for a few days ! Have a great 3 day weekend!”


For the next four days, neither party tweets. The first person to break the Twitter silence is Jester, and it’s another rare instance of him revealing his location – Arlington VA.
Enjoy your three-day weekend, Thomas?

I stated earlier that until April Jester had never previously switched his location to a far-flung country, but I lied – there IS actually one occasion when Jester appeared to be out of the country. On 25th January, he posted the following tweet:

“To all who have DM’ed asking after my whereabouts & welfare…am safe & limbering up. It’s a brave new year. TY 4 support. Stay Frosty.”

His alleged location? Brescia, Italy. What about Thomas Ryan – what was he up to around this time? Well here’s the thing: between 23rd and 26th January, TR (a man who likes to tweet all day, erryday) doesn’t post a single tweet. Too busy enjoying the bruschetta, washed down with a bottle of Barolo perhaps?

A final word on correlating Twitter times before we move onto our final two points: take a look at the timeline for Jester and Tom Ryan’s tweets. Notice how they often tweet at almost exactly the same time as one another? For example, take Tuesday 10th April. After two hours without activity from either account, Thomas posts the following at 15:30pm:
“Now I feel really special. Someone created a hidden stream about me and monitors it.”
One minute later, at 15:31, Jester tweets “@alemarahweb‏ – ‎http://www.alemara1.com‏ – TANGO DOWN – أنا كنت”
Observe any two Twitter accounts for long enough and you’ll find timing coincidences of course. However, compare Jester and Tom Ryan’s accounts on any given day and you’ll spot a predictable pattern: they always broadly correlate i.e. there is a short burst of tweets, followed by a 45 minute break while Jester/Ryan goes for a wank or to chow down some beef jerky.

Right, two more points to raise and then I’ll leave you in peace:

#17: When LulzKitten tweeted Jester’s dox on 29th March, how did Tom Ryan – the man with the military wallpaper on his Twitter page – respond? “@J_P_Holloway @lulzkitten @YourAnonNewsyou guys really suck at DOXing thinking I am@th3j35t3r everyone knows I was never in the Army #fail”

Two things stand out here: firstly, we have no way of knowing that Jester was in the army. Yes, he has an interest in all things military, but the rumor that he actively served in the army is widely believed to be false.

On 13th March however, TR tweeted the following: “When I was in the military, Greenpeace would try to board Aircraft Carriers. Some things aren’t smart & never thought of till it’s too late.”

Military, shmilitary; does anyone see a connection here? Thought so. Without further ado, let’s proceed to our final, fateful tweet of interest. On 10th February, Thomas Ryan tweeted the following:

“I wonder if operating Multiple Personas has ever given anyone Multiple Personality Disorder.”

I don’t know Jester, you tell me ;) Tick tock. No response? Oh well, Stay Frosty…


POSTSCRIPT: Could it be that Tom Ryan is such an attention-whore that he’s trolling us all in the hope of being mistaken for the Jester? I guess it’s technically possible, but if so, it’s the most elaborate and painstaking trolling campaign ever conceived – and one that would have to involve the collusion of both parties. If, by some miracle, Thomas Ryan is not Jester, he knows exactly who Jester is – to the extent where he probably even vacations with him. When you review all the evidence however, there can only be one logical conclusion to draw: they are one and the same person.

On 13th March, Tom Ryan posted the following poignant message: “@ArtByAlida although Anonymous doesn’t like@th3j35t3r I do. It’s safer that certain people are never doxed.”

You’re right Tom – it would be safer, but the truth always comes out in the wash, don’t you find? I hope you’ve got a few passports lying around, cos you’re gonna need them. Remember those Muslim extremists whose websites you downed and whose threats you retweeted? Oh, they mad. They real mad.

One last thought before I shovel the dirt over Jester’s shriveled corpse: I notice that your Twitter nick is Boondock Saint, in tribute to The Boondock Saints, a movie about two Irish vigilantes. Just out of interest, I wonder what The Internet Surname Database would make of Thomas Ryan’s moniker?


Why, they appear to believe that Ryan is an Irish surname. To quote from my favorite hacktivist for good, ‘Coincidence much?’

Congratulations Thomas; you just got pwned by an amateur who doesn’t even have the skills to label himself a skid, never mind a hacker. Butthurt much?

In the words of your nemesis, @anonymouSabu, “Nigga, troll harder.”

pwned by @spoolfiend



LulzKitten tweet linking TR and J: https://twitter.com/?utm_medium=twitter&utm_source=twitterfeed#!/YourAnonNews/statuses/185150794079809536

Check when th3j35t3r and RobinSage joined Twitter: http://www.whendidyoujointwitter.com/

TR’s LinkedIn (where you’ll see proof that he attended Hacker Halted and DEFCON last year): http://www.linkedin.com/in/tommyryan

TR and J professing their love of sushi:

Tom Ryan dox by AntiSec: http://pastebin.com/ZAxBWKi8

J likes to say ‘Hmmm’ a lot:


Occupy Wall Street?? 99%?? Ummm.





TR also likes to say ‘Hmmm’:







J goes ‘Tick tock’:






Lulzsec’s CloudFlare Configuration

TR goes ‘Tick tock’:


J ‘Stay frosty’:







TR ‘Stay frosty’:










J likes to wink:







TR likes to wink:











J ‘much?’:



If ya can’t beat em, make some shit up??? LMAO!

TR ‘much?’:


J ‘…’:









TR ‘…’:








J ‘<<arrows>>’:



TR ‘<<arrows>>’:






J using UPPER case:


















TR using UPPER case:


















Jester ‘LMAO!’:









J struggles with apostrophes:




(See his blog for heaps more examples.)

http://www.youtube.com/watch?v=WeO44IWlkfU (Skip to 5:07); ‘lets’, ‘its’ and ‘Thats’ should all have apostrophes.

http://www.youtube.com/watch?v=yJTvzErKHWE Look at the Notepad he’s typing into: ‘lets’ should have an apostrophe and ‘peak’ should have two ‘e’s in it. Skip to 2:20: the text on Jester’s self-designed Xerxes machine also contains typos: ‘SUCCESFULLY’ should have two ‘s’ in the middle. At 2:29, you’ll see that ‘Secured’ has also been spelt wrongly. At 6:52 he also types the same misspelt word into Notepad.

TR also struggles with apostrophes:









J tweets ‘TANGO DOWN’:



TR tweets ‘TANGO DOWN’:



J always writes numbers numerically:







TRB always writes numbers numerically:






Compare TR and J’s tweet patterns, in particular the time of day they tweet at and the hashtags they use: http://tweetstats.com (Open two separate windows and enter their Twitter names).

J using #Fail:






J using #Fail:











J using #Justsayin:


TRB using #Justsayin:






PIRAX DOXING CONTINUED…  (The ‘smedley manning’ debacle)
You took this DOX’ing really well, to be honest. You shook it off as a mere fancification numerous times, and continued forward head-strong, apparently unmoved by those watching from the outside. But you knew deep-down that you had to eradicate this DOX from the minds of the enemies you have procured over the years. You know that a lot of people would like to see you gone. So, you came up with a plan.

The plan went something like this:
On May 10th, you registered the Twitter account @cubespherical and labeled it as “Smedley Manning”, as an obvious satirical homage to the now imprisoned Bradley Manning, a REAL soldier who fought for truth. You then exchanged a few messages with @th3j35t3r to make it look like a legitimate conversation, and began to “leak” information about yourself. We both know that this information is false, and was only created to distract others from the real DOX, located above. We know you are somewhat intelligent. However, there will always be those who will outsmart you. Consider yourself outsmarted.

Here is the analysis, broken down:
After you took down both your Twitter and WordPress blog, the mainstream blogosphere was certain you had finally been figured out. They assumed this was your acknowledgement of your own defeat and were positive you had been successfully DOX’d by @cubespherical. You were finally giving up. You knew they would react this way… It was all a part of your master plan. But, in reality, you ARE @cubespherical. Yes, @th3j35t3r and @cubespherical are the same person. Nicely done, Tom. You fooled almost everyone. But, like all good things (“good” meaning something along the lines of “idiotic” in this case), you must come to an end.

So how can we justify this claim? Where is our proof? Simple: You gave us everything.

Red-Flag #1: You have been a pretty regular user of Twitter until very recently, after the above DOX was published.

Red-Flag #2: An entirely new DOX is now being teased, even while the above DOX is as sure-fire as they come. Who would believe that a DOX coming from @cubespherical, an entirely new one at that, would be legitimate?

Red-Flag #3: You sat idle on Twitter while @cubespherical AKA Smedley Manning openly talked shit about you, only responding once things became heated on InfoSecIsland. This will take some psychological investigation, but it is damning nonetheless. Your article here is the most revealing bit of all:


You started off with the following line, paraphrased: “I thought Smedley was my friend at first [you used the word ‘supporter’] hurr durr, but he then started threatening me hurr durr.” That doesn’t even sound realistic. But it *is* a subtle way to garner sympathy. I applaud you for you effort.

Red-Flag #4: Next up is your subtle jab at Anonymous. You changed @cubespherical’s avatar to a picture of a Guy Fawkes mask and deleted the Bitcoin address in exchange for the “We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us.” motto.

In your article, you say “Even if this was a common troll, he just demonstrated that any fool can speak for and ‘as’ Anonymous.”

It is clear that you did this for one reason: to throw spears at Anonymous while appearing to be a victim of cyber-bullying on a much grander scale.

Red-Flag #5: You are subconsciously promoting @cubespherical’s efforts for Bitcoin donations.
While appearing to mock @cubespherical, while still somehow conveying him as a threat, you still manage to forget to *NOT* post his Bitcoin address. Our thoughts: You WANT @cubespherical to make some money off of some Bitcoin donations. You yourself use Bitcoin pretty regularly and accept it for donations on your blog. How do we know you aren’t just promoting @cubspherical’s Bitcoin address so that YOU can profit? Here are your words, directly lifted form your blog post:

“So here’s the throwdown. ‘Smeddles’ drop my dox. Do it. You have proved and shown nothing. Only that you are completely failing. You have no bitcoins donated, you have shown 2 things to me, Anonymous have too many chiefs and not enough indians, and that your numbers, at least 9000 allegedly, combined have  0.00000001 bitcoins between them. Here is what you have so far. lol.


Either that or they were clever enough to realize you were full of it from the get go. As I have demonstrated and stated many times before, I will never ask the public for any money.”


It is also worth noting that both Smedley Manning and th3j35t3r favor Ubuntu 11.xx releases. They like using GNOME, too:

To conclude this talk, Tom, we would like to take this privilege to give to you a formal FUCK YOU. You have been DOX’d and your master plan to avoid the inevitable by creating a new nemesis and a new DOX while asking fools to send you money for this bogus DOX has been foiled. You are over. No one cares about the small sites you take down with your shitty XerXes tool and everyone knows you didn’t actually DDoS WikiLeaks, or even have the ability to do so. You are a fame-whoring idiot that has finally been pulled so low, you serve no purpose for ever standing up again. Goodbye.

PiraX <3

Donate Bitcoin: 17gMaYgUsx7dj532s3ezXmfMrVhJ1BfRC1
We would also like to give a shout-out to our home on VoxAnon IRC. Much love to #voxanon _________________________________________________________________________




Thomas Ryan: The Guy Who Snitched on Occupy Wall Street to the FBI and NYPD

The Occupy Wall Street protests have been going on for a month. And it seems the FBI and NYPD have had help tracking protesters’ moves thanks to a conservative computer security expert who gained access to one of the group’s internal mailing lists,and then handed over information on the group’s plans to authorities and corporations targeted by protesters.

Since the Occupy Wall Street protest began on September 17, New York security consultant Thomas Ryan has been waging a campaign to infiltrate and discredit the movement. Ryan says he’s done contract work for the U.S. Army and he brags on his blog that he leads “a team called Black Cell, a team of the most-highly trained and capable physical, threat and cyber security professionals in the world.” But over the past few weeks, he and his computer security buddies have been spending time covertly attending Occupy Wall Street meetings, monitoring organizers’ social media accounts, and hanging out with protesters in Lower Manhattan.

Meet the Guy Who Snitched on Occupy Wall Street to the FBI and NYPDAs part of their intelligence-gathering operation, the group gained access to a listserv used by Occupy Wall Street organizers called September17discuss. On September17discuss, organizers hash out tactics and plan events, conduct post-mortems of media appearances, and trade the latest protest gossip. On Friday, Ryan leaked thousands of September17discuss emails to conservative blogger Andrew Breitbart, who is now using them to try to smear Occupy Wall Street as an anarchist conspiracy to disrupt global markets.

What may much more alarming to Occupy Wall Street organizers is that while Ryan was monitoring September17discuss, he was forwarding interesting email threads to contacts at the NYPD and FBI, including special agent Jordan T. Loyd, a member of the FBI’s New York-based cyber security team.


Oh, and what do real PATRIOT VETERANS think … ?

VETERAN: We didn’t “serve our country”; We serve the interests of Capital

“I’ve seen a ton on the facebooks about “thanking veterans for their service.” As a veteran let me just be very straightforward and honest with you. We didn’t “serve our country”; we don’t actually serve our brothers/sisters or our neighbors. We serve the interests of Capital. We never risked our lives or spent months on deployment away from our family and friends so they can have this abstract concept called “freedom”. We served big oil; big coal; Coca-Cola; Kellogg, Brown, and Root and all the other big Capital interests who don’t know a fucking thing about sacrifice. These people will never have to deal with the loss of a loved one or the physical and/or psychological scars that those who “serve”, and their families, have to deal with for the rest of their lives. The most patriotic thing someone can do is to tell truth to power and dedicate yourself to building power to overthrow these sociopathic assholes. I served with some of the most real and genuine people I’ve ever met. You’ll never see solidarity like the kind of solidarity you experience when your life depends on the person next to you. But most of us didn’t join for that; we joined because we were fucking poor and didn’t have many other options.”       -Anonymous


IN CONCLUSION:  An obvious desperate grab to stay relevant – Does anyone care?


ANSWER: jester who?  Now back projects that create positive change in the world, instead of discussing individuals who support & enable the Military Industrial Complex of death, destruction, and global enslavement of Humanity.