After taking credit for his involvement in the arrest of Mir Islam, the leader of the UGNazi group, The Jester (th3j35t3r) published some details of a project called “Looking Glass.”The tool, based on the open source Browser Exploitation Framework (BeEF), has been allegedly utilized to track the activity of Islam, aka JoshTheGod, before he was arrested.
The Looking Glass isn’t the first piece of software made by the famous hacker, the denial-of-service (DOS) attack tool known as XerXes being used successfully on numerous occasions.
Unlike XerXes, the Looking Glass is not designed for attacks, but for gathering information on “Anons, Jihadist bomb plotters or forum admins, or whoever.”
“The entire project comprises of the ‘looking glass’ server, and numerous other ‘bait’ servers which have the ‘hook code’ embedded in certain pages that they serve up. Once a target hits the page they immediately pop up on the looking glass HUD and information starts getting logged and a profile of the ‘mark’ starts to form,” he explained.
“The hook code, by the way, can also be injected using XSS into any vulnerable 3rd party website, so the target doen’t even have to hit one of my ‘bait boxes’,” he added.
The program is made of 12 “pretty nasty” modules with names such as Activate Device Microphone, Browse Target Filesystem, Hijack Current Facebook Session, and Seize Webcam.
According to The Jester, he made some details of the project public to warn “bad guys.”
“Again bad guys, Project Looking Glass has been running for months now, and not without success as we have seen. There’s nothing you can do about it, as you have no idea how many hook code snippets are out there, where they are or indeed whether or not you have already accidentally stumbled through the looking glass.”
Many have argued that the hacker had nothing to do with the arrest of Mir Islam or the downfall of UGNazi. However, if the Looking Glass is genuine and it does have all those capabilities, we should see more results of his “work” soon.