hacker caught on camera by cyber-security experts who infect his computer with HIS OW

[Usr6]

Cyber-security experts turned the tables on an alleged hacker by using his own malware to film him through his own laptop webcam.

Specialists from Georgia's Computer Emergency Response Team (CERT-Georgia) tricked a man they claim has been targeting their networks by hiding the virus inside a file titled 'Georgian-Nato Agreement'.

After the attacker stole that archive from an infected PC in their lab, they were able to seize control of his computer and capture video of him at work.

'Hacker': This is the picture of the alleged cyber-attacker captured by Georgian security experts after they took control of malware on their systems and infected his computer with it

The team also claim to have found out his home city, internet service provider and email addresses, as well as information that links him to Russian security agencies and other hackers in Germany.

CERT-Georgia's experts had been investigating a botnet which had infiltrated the computers of politicians, civil servants, banks and NGOs in Georgia, the U.S., Canada, Ukraine and several other countries.

They found that the attackers had planted malicious links to install the malware on specific news-site webpages that would be of interest to the kinds of people they wanted to target.

'[The] threat was highly encrypted and used contemporary stealthy techniques, so that none of security tools could identify it,' the team said in a 27-page report into their investigation.

Once installed, the virus seized control of the targeted computer, rifling its hard drives to search for Word and .pdf documents containing sensitive words like 'USA', 'NATO', 'Russia' and 'CIA'.

The malware also scanned the computer's local network for find other hosts to infect, took screenshots, and took control of embedded webcams and microphones on machines to eavesdrop on targets.

The investigation found the infiltration began as early as March 2011, with the virus undergoing a series of modifications as hackers tried to stay one step ahead of whatever security measures were used against it.

CERT-Georgia's experts found that whenever they were able to trace the botnet's command and control servers, to which files were being uploaded, the hackers would switch the destination country and IP address.

To fight the infections, the team blocked these IP addresses as soon as they were detected then cooperated with anti-virus software companies and foreign intelligence agencies to develop countermeasures.

But their masterstroke was to work out how to take control of the botnet themselves and infect one of the hackers with his own malware. They then recorded him as he worked.

Espionage: This screengrab provided by CERT-Georgia shows the various keywords that the virus searched for in files on targeted machines

Their report explained, in broken English: 'We have Infected our PC from Lab, then gave Cyber Attacker Fake ZIP Archive with his own virus inside and the name “Georgian-Nato Agreement”.

'Attacker Stole that archive and executed malicious files.

'As we had access to BOT Panel, we had maintained control over his PC.

'Then captured got video of him, personally. We have captured process of creating new malicious modules.

'We have obtained Russian Document, from e-mail, where he was giving someone instructions how to use this malicious software and how to infect targets.

'We have linked him with some of German and Russian hackers.

'Then we have obtained information about his destination city, Internet service provider, e-mail, and etc.'

Russia has long been suspected as behind a string of cyber attacks on Georgian targets. There were crippling denial-of-service attacks on Georgian banks and government networks before the Russian military attacked in 2008, arstechnica reported.

Now, with security experts able to turn the tables on hackers, it appears a new chapter in cyber-warfare has begun.

WHAT IS A BOTNET?

A botnet is a collection of internet-connected computers over which a hacker has seized control.

Each compromised machine - known as a 'bot' - is created when a computer is infected with malicious software (malware) which allows the hacker to direct its activities remotely.

These infections can be accomplished by luring users into making a drive-by download, exploiting web browser vulnerabilities, or by tricking the user into running a Trojan horse program, which may come from via email.

This malware will typically install modules that allow the computer to be commanded and controlled by the botnet's operator.

Depending on how it is written, a Trojan may then delete itself, or may remain present to update and maintain the modules.

Sursa:
http://www.dailymail.co.uk/sciencetech/article-2225743/Alleged-hacker-caught-camera-cyber-security-experts-infect-HIS-OWN-virus.html?ito=feeds-newsxml

Edited November 3, 2012 by Usr6

[nAb.h4x]

Asa patesti daca ai webcam ))

Urat o fost prins

[MkBrv]

pai si ala nu vede ca e luminita aprinsa de la webcam ?

[jetus]

pai si ala nu vede ca e luminita aprinsa de la webcam ?

Nu toate au led