Irked by cyberspying, Georgia outs Russia-based hacker -- with photos
In an unprecedented move, Georgia reveals startling details of a hacker it says is stealing its confidential information
IDG News Service - In one of the photos, the dark-haired, bearded hacker is peering into his computer's screen, perhaps puzzled at what's happening. Minutes later, he cuts his computer's connection, realizing he has been discovered.
In an unprecedented move, the country of Georgia -- irritated by persistent cyber-spying attacks -- has published two photos of a Russia-based hacker who, the Georgians allege, waged a persistent, months-long campaign that stole confidential information from Georgian government ministries, parliament, banks and NGOs.
The photos are contained in a report that alleges the intrusions originated from Russia, which launched a five-day military campaign in August 2008 against Georgia that was preceded by a wave of cyberattacks.
The photos of the hacker were taken after investigators with the Georgian government's Computer Emergency Response Team (Cert.gov.ge) managed to bait him into downloading what he thought was a file containing sensitive information. In fact, it contained its own secret spying program.
The hacker had been tricked and hacked, with his mugshot taken from his own webcam.
Georgia began investigating the cyber spying linked to the hacker in March 2011 after a file on a computer belonging to a government official was flagged as "suspicious" by a Russian antivirus program called Dr. Web.
The investigation uncovered a sophisticated operation that planted malicious software on numerous Georgian news websites, but only on pages with specific articles that would interest the kinds of people that the hacker wanted to target, said Giorgi Gurgenidze, a cyber security specialist with Cert.gov.ge, which handles computer security incidents.
The news stories selected to attract victims had headlines such as "NATO delegation visit in Georgia" and "US-Georgian agreements and meetings," according to the report, jointly published with Georgia's Ministry of Justice and the LEPL Data Exchange Agency, which is part of the ministry.
CERT-Georgia won't say exactly who that first infected computer belonged to. But what followed is best described as an epic electronic battle between Georgia's good guys and a highly skilled hacker -- or likely team of hackers -- based in Russia.
The agency quickly discovered that 300 to 400 computers located in key government agencies were infected and transmitting sensitive documents to drop servers controlled by the hacker. The compromised computers formed a botnet nicknamed "Georbot."
The malicious software was programmed to search for specific keywords -- such as USA, Russia, NATO and CIA -- in Microsoft Word documents and PDFs, and was eventually modified to record audio and take screenshots. The documents were deleted within a few minutes from the drop servers, after the hacker had copied the files to his own PC.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts