Georgia turns the tables on Russian hacker

Georgia turns the tables on Russian hacker

Summary: What happens when you're continually the target of cyberattacks? You hack the hacker.

SHARE:
TOPICS: Security
14

The Ministry of Justice of Georgia was fed up.

Continual, persist cyberattacks that stole confidential information from various government agencies, parliament, banks and NGOs had carried on for months. The activity warranted an investigation, and so in March 2011, Georgia launched an investigation to find the perpetrators.

russian hacker alleged georgia cyberattacks

IT World reports that after tricking a lurking hacker into downloading what he thought was sensitive information, the tables turned, and his mugshot was taken through his own webcam.

The publication recounts how investigators from the Georgian government's Computer Emergency Response Team (Cert.gov.ge) baited the alleged Russian hacker, took his photo, and then published several images in the government's cybersecurity report (.pdf).

The cyberattacks planted malicious software on a number of Georgian websites -- but in a sophisticated move, the software only installed on pages that "would interest the kinds of people that the hacker wanted to target," according to government security specialist Giorgi Gurgenidze.

These targets included headlines recounting U.S.-Georgia relations and NATO.

After discovering several infections, the agency found that up to 400 computers in government agencies were being exploited by the malware. Forming a botnet called "Georbot", sensitive documents were dropped into servers controlled by the hacking parties. Once transferred to a PC from the drop servers, files were wiped to make tracking more difficult.

In addition, the hacker was able to replicate a government email address which contained a malicious PDF attachment that delivered malware.

In order to lay the bait after the attacks increased in severity over the course of 2011, Georgia allowed a computer to be infected on purpose. Placing a ZIP archive named "Georgian-Nato Agreement," once opened, the investigator's own malware was installed.

While the alleged hacker was being photographed, his computer was rapidly mined for sensitive documents. One Word document contained instructions on who and how to hack particular targets; as well as website registration data linked to an address within Russia.

The report concludes that "we have identified Russian security agencies, once again," but considering the volatile political relationship between Russia and Georgia, it is unlikely any prosecution would ever take place.

(via IT World)

Image credit: Cert.gov.ge

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • Oops

    You definitely don't want your webcam connected when you're burgling other people's computers (or maybe you put some duct tape over the lens if it's built in).
    John L. Ries
  • Story sounds like joke

    Good for those who has no clue about computers. Suits political agenda (for Georgia = those bad Russians). For some local players - hey we are being targeted, we need more resources (money) to do our job. Etc. Elderly people in charge with very little understanding of the IT might fall for that.

    zip archive installs a malware...photographing the "hacker"...hired by specs (as always, specs are 100% morons and retards, if you dont believe that, watch a hollywood movie) - LOL
    nitekatt
    • "for Georgia = those bad Russians)" -- correct, especially since the guy ..

      in the mugshot does not really look Russian at all. But whatever, if there is any way to excuse another try to put in political agenda.
      DDERSSS
      • Not so sure

        There appears to be a Vodka bottle in the back ground..thats a dead ringer.
        ammohunt
      • Doesn't Look Russian?

        In that dark, odd angle pic, you see that he doesn't look...Give me a break. From what we can see, this man can easily pass for a bonafide Russian. I speak from what I know. You don't, or you wouldn't post such an inane comment.
        Seriously wonder just who's payroll you're on, DDERSSS.
        PreachJohn
        • Not quite; does not look like Russian, really

          Seriously wonder just who's payroll you're on, PreachJohn.
          DDERSSS
        • Ignorance exposed!

          Dear P. John,

          Allow me to shed some light on a subject you are preaching about, or rather, trolling about, a subject you are obviously ignorant about.
          The man on the photo has an extremely typical eastern complection "as in" Gerogia, Kazahstan, Kirgizia, Uzbekistan etc.

          In view of above said, please refrain from posting such blatant - but at the same time -very confident appearing messages which I am sure will only manage to confuse the people subscribed to the IA (Ignoramus Annonymous).

          The man on the photo is surely not of a Russian descent although he might have a Russian nationality, and BTW, his name is defenitely not Ivan but (probably) Balanchivadze.
          fo128
          • Typo!

            Apologies for the typo.
            Should have been complexion instead of complection.

            The man on the photo has an extremely typical eastern complexion"as in" Gerogia, Kazahstan, Kirgizia, Uzbekistan etc.
            fo128
          • You're both wrong...

            Obviously that is Nicholas Cage.
            dcolbert1
          • Nicolas Cage...

            ....leading a "double" life from his tiny little hut in the "Taiga" by hacking unsuspecting Georgian web sites.

            The plot is thickening!
            :)
            fo128
    • Don't be so dismissive if you don't understand the tech

      "Good for those who has no clue about computers. [...] zip archive installs a malware"

      You think the idea of a ZIP archive installing malware on your computer is laughably implausible?

      Try searching for 'zip buffer overflow'. You'll find that most software commonly used to work with ZIP files was vulnerable to a buffer overflow at some point, allowing remote code execution via a specially crafted ZIP file.

      In fact, the problem was so widespread that many popular ANTIVIRUS suites would automatically infect your computer with malware, since they used third-party archive extraction libraries to look inside ZIP/ARJ/etc files during background scans!
      exolon
  • Hih?

    Yes because people never immigrate rom other locations and only Russians can be Russian if their heritage goes back 10 generations.

    According to that, I live in Germany.....only my family has been American for five generations.


    I keep a business card over taped over my cam and keep it off line whenever it's not being used.
    Allen Frady
    • Not relation.

      Ie....how someone looks has about as much to do with what nationality they are as a news story has to do with fact (read.....one has nothing to do with the other any more).

      But um....thanks to both the "experts" above for their professional opinions
      Allen Frady
  • I wonder if they use a Flash attack/exploit

    Most people don't realize that by default Flash is granted access to Mic and Camera if available/connected to a system or built-in to a laptop. Cover camera and mic and if savvy enough, disable flash from accessing camera mic and storing files on system. Same for Java.

    Nice bait though.
    Free Webapps