Georgia Counterhacks Russian Hacker with His Own Malware! Takes Pictures of Him

As the Russia-Georgia War showed us in 2008, there is no love lost between Russia, and Georgia who declared independence from them in 1991. This was actually the second time that Georgia declared independence from Russia. They broke away from Russia in 1918 during the Russian Civil War, only to be attacked by the Red Army and re-absorbed in 1921 during the Soviet-Georgian war.

Georgia claims that Russia is still attacking them, but now in the cyber realm, and they offer as proof, video snapshots of an alleged Russian hacker that was caught in a counter-hack sting!

Since the Russia-Georgia war in 2008, Georgia has claimed that Russian hackers were infiltrating their computer systems.

The Georgian Computer Emergency Response Team (CERT) has released a 27 page document(Pdf) explaining a Russian Botnet that was detected.

The report also includes a counter-hacking operation that netted a hacker that they claim has ties to the Russian government!

Once infected, according to the report, Russian malware used key word searches for sensitive words inside documents on Georgian machines.

The malware ran from a control panel and uploaded stolen information to command and control servers. The malware was also able to steal certificates, and configuration files, execute remote commands, scan for other targets on the network and most importantly in this case –  record audio and video.


The attacks focused on Georgian government sites, critical infrastructure, banks and other non-government organizations. The attacker was able to record live video, and update and modify the malware code from the Command & Control panel.

The Georgian CERT team began dissecting and analyzing the malicious attack. When backtracked, one of the domains used in the attack was owned by the Russian Ministry of Internal Affairs, Department of Logistics, which is located right next to the Russian FSB.

Going a step further, they infected one of their own machines with the Botnet and put a tempting file on the computer named “Georgian-Nato Agreement”. This file, according to the report, was infected with the SAME MALWARE that the botnet was using, except this time it connected to Georgian controlled systems!

Unbelievably a suspected Russian hacker fell for it, stealing the file and becoming infected with their own malware. They not only got screenshots of the hacker through his own webcam, but also were able to recover his e-mails, location and even watched him create new modules for the Botnet!

Of course I am sure Russia will deny the allegations, and I doubt the hacker will be arrested, especially if he has ties with the Russian government. But Georgia has some pretty convincing proof.

Hackers and Predators – The Dangers of Social Networking

Social Engineering and Phishing attacks (bad guys pretending to be someone else to obtain information from you) are some of the biggest threats against your network today. Why would hackers spend days, months, years trying to hack through a firewall or corporate website when they can get quick access by tricking someone to open a backdoored document or run a remote access program?

But how do these attackers know who to attack in a corporate network, or the best way to word a malicious communication attempt to get you to click on it?

Social Media sites!

Two years ago I became aware of a tactic of hackers gaining access to systems by targeting teens. Hackers created malicious sites based on popular teen based movies and pop stars. Now it seems that hackers and cyber criminals have shifted a lot of focus to social media sites.

Hackers target social sites like LinkedIn and even Facebook to to obtain tons of information about potential targets. As a matter of fact, Social Engineers have created bogus LinkedIn users and used a programming interface to easily search for users at a particular place of business and pull a lot of information from their account that could be used in a Social Engineering attack.

Unfortunately there is also a disturbing trend of stalkers and predators possibly using social media sites to track or find potential victims. For over a year and a half, the community awareness website showed internet users how easy it was to pull geotag information from pictures posted on social media sites. They would post a picture pulled from a social site along with the posters user name and… Their Location!

Sadly a recent story by the Associated Press talks about how predators in Indonesia were using Facebook to solicit young teenage girls, and then kidnap and traffic them:

“When a 14-year-old girl received a Facebook friend request from an older man she didn’t know, she accepted it out of curiosity. It’s a click she will forever regret, leading to a brutal story that has repeated itself as sexual predators find new ways to exploit Indonesia’s growing obsession with social media.

The junior high student was quickly smitten by the man’s smooth online flattery. They exchanged phone numbers, and his attention increased with rapid-fire texts. He convinced her to meet in a mall, and she found him just as charming in person.”

The young girl was smitten by the online user’s charm. The simple friend request, exchange of information and finally an in-person meeting led the 14 year old girl into the hands of a 24 year old predator. The monster kidnapped her, she was drugged, beaten and raped.

According to the article there were 7 girls this month in Indonesia who were abducted by people they had met on Facebook.

People are way to trusting on Social Media sites. Do not friend people that you do not know. Be careful how much information you put on business sites like LinkedIn. Keep an eye on young users using social media and warn them about the potential risks of strangers.

Social media is a great thing, it helps us keep in touch with friends, family and co-workers. But there are dangers with online networking. Surf safely!

GFI Cloud Based Network Monitoring eBook

Are you in a Small to Medium Business and overwhelmed with trying to manage your network and run your business?

Are your computer support personnel over-tasked with trying to support your users and keep your servers up and running too? Then GFI’s Cloud Based Network Monitoring might be for you.

With this free eBook from GFI you will learn how to:

  • Remotely manage and monitor all your workstations and servers
  • Identify and solve system issues before they become a problem
  • Free up IT resources to focus on strategic projects instead of break-fix
  • Easily scale your IT infrastructure to grow with your needs

Check it out!