Georgia silently takes over Russian hacker’s computer – uses his webcam to secretly take video footage of him at work

// October 31st, 2012 // Hacking and Security

Advertisements

imageIn a report titled “Cyber Espionage against Georgian Government”, the Georgian CERT (Computer Emergency Response Team) claims it has linked an attack on its systems to Russia’s security services.  The report describes how Georgia’s CERT purposely infected one of their own machines with malware, a ZIP file named “Georgian-NATO agreement”.  The hacker took the bait and opened the infected file which silently installed the malware on his PC.  The planted malware allowed CERT to turn on the hacker’s webcam and shoot video footage of him stealing information from their machines.

Video footage showing aleged Russian hackerThe software also allowed them to capture his city, ISP, email address (eshkinkot1@gmail.com) and password, and “other information”.  It is not known what “other information” was captured but the paper published by Georgia suggests that the software can also be used to capture files from the remote computer, scan the drives for documents, take screenshots, record audio, scan the local network of the attacking PC, and execute arbitrary commands on the remote system.

Georgia’s CERT claims that “a domain used by the attackers was registered to an address in Moscow belonging to the Russian Ministry of Internal Affairs, department of logistics – which just happens to be based close to the Russian Secret Service (FSB).”

The Georgia paper describes some of the attacks, coming from Russian IP addresses, against Georgian news outlets and government entities and the malware that was left behind after the attacks.  Malware that was planted on Georgian systems connected to command and control servers located in Russia, United States, France, and Germany (likely other compromised computers).  The self-patching malware they discovered specifically checks for their time zone and then injects itself into explorer.exe.  Code fragments and communication routines showed contacts made between the malware and warynews.ru and rbc.ru, both owned or linked to the Russian Business Network (a supposed state-sponsored hacking criminal group from Russia).

Advertisements
Geek wear at Ivy and Pearl Boutique




« « Previous Article: Wonderful Dogxter parody video shows what the intro to Dexter would be if the serial killer were a dog     » » Next Article: Unique home built inside an abandoned nuclear missile silo in Abilene, Texas gives owner some piece and quiet


Leave a Reply

You must be logged in to post a comment.

%d bloggers like this: