messages, emails, address books, call logs and other data.
According to Jester's blog, The Jester used his Twitter account (first picture above) to compromise hundreds of smartphones by changing his profile picture to a QR code over a five day period last week. When users scanned the QR code with their smartphone, a link opened in their browser, where an image of The Jester and the text “BOO!” appeared.
In the background, there is hidden code that exploited a known vulnerability for Apple's Safari and Google's Android and Chrome Web browsers.The hidden website code connected to another server, which was running a network diagnostic tool called Netcat.
Netcat checked if Twitter software was installed on the target phone. If so, the script would check for a linked Twitter account, then send that account's user name back to The Jester's server.
The Jester claims he checked these credentials against "hit list" of Twitter accounts associated with Anonymous news sites and chat rooms, Islamist recruiting sites and WikiLeaks.
This week, he posted a 143.08 MB text file, which he refers to as the “resulting raw dump of the verbose output log from this exercise,” on MediaFire. It’s encrypted with his PGP Public key.
"I encrypt my [data] dumps as a matter of course because I am not the same as my detractors who drop personal info all the time," he told msn. "The right people have the plain text dump. It would be highly irresponsible of me to be dropping anything in the open."
