Georgian Government IDs Russian Hacker
Georgia's Computer Emergency Response Team used a ZIP archive named 'Georgian-Nato Agreement' to bait the hacker.
The government of Georgia recently published two webcam photos of a Russian hacker accused of stealing data from Georgian Web sites.
"The photos are contained in a report [PDF file] that alleges the intrusions originated from Russia, which launched a five-day military campaign in August 2008 against Georgia that was preceded by a wave of cyberattacks," writes Computerworld's Jeremy Kirk. "The photos of the hacker were taken after investigators with the Georgian government's Computer Emergency Response Team (cert.gov.ge) managed to bait him into downloading what he thought was a file containing sensitive information. In fact, it contained its own secret spying program."
"In order to lay the bait after the attacks increased in severity over the course of 2011, Georgia allowed a computer to be infected on purpose," writes ZDNet's Charlie Osborne. "Placing a ZIP archive named 'Georgian-Nato Agreement,' once opened, the investigator's own malware was installed. While the alleged hacker was being photographed, his computer was rapidly mined for sensitive documents. One Word document contained instructions on who and how to hack particular targets; as well as website registration data linked to an address within Russia."
"Georgia’s Computer Emergency Response Team says the hacker is behind the 'Georbot Botnet' which targeted major governments around the world, including Georgia, the US, and France," writes Ubergizmo's Kif Leswing. "The botnet was pretty sophisticated, using 0-day vulnerabilities, embedding itself in links on major Georgian news sites, and turning on microphones and webcams to glean important government data from infected computers."