- Nov 5, 2011
- 5,855
To Russia with Love? Georgia snaps 'cyber-spy' with his own cam - topic here ..
To Russia with Love? Georgia snaps 'cyber-spy' with his own cam: Govt puts pics on internet - not much else they can do - By John Leyden : http://www.theregister.co.uk/2012/10/31/georgia_russia_counter_intelligence/
'Georgia has taken the unusual step of publishing photos of a man it suspects of being the hacker who has been attacking the former Soviet Republic's systems for months.
Photos of the alleged cyber-spy were captured after Georgia security experts set up a honeypot sting, tricking the person they believed to be the hacker into downloading what spoofed "sensitive information" before capturing the man's image using his own web cam.' ..
'The attacker(s) planted malicious code on various Georgian news sites but only inserted into stories featuring headlines involving US-Georgia relations and NATO, subjects likely to be of interest to his target audience. The tactic was used to seed infections associated with the Georbot information-stealing zombie network. Georbot managed to infect between 300 to 400 computer in Georgian government agencies alone.
Connections to the command and control server associated with the Georbot zombie network were blocked. In response, the hacker/s launched a further wave of attacks' ..
'The PDF attack was unusually sophisticated because it featured abuse of the XDP file format, a tactic that circumvented anti-virus defences for some months before security experts latched onto the trick, IT World reports.
The use of the tactic is clear evidence that the Georgians weren't dealing with a common-or-garden script-kiddies but a cadre of sophisticated hackers located in both Russia and, evidence suggested, Germany.
Georgian security experts launched a counter-offensive by deliberately allowing a machine to become infected. This computer contained an infected ZIP file' ..
'The alleged perp, who was named only by his online nickname Eshkinot, is unlikely to have acted alone. Georgian authorities allege that Russian intelligence agencies are mixed up in an ongoing cyber-espionage operation, citing intelligence obtained from their counter offensive (including data from Georbot C&C systems, decrypted communication mechanisms and malicious files) as evidence.' ..
'The best evidence for this assertion is that a domain associated with the Russian Ministry of Internal Affairs, Department of Logistics, in Moscow was the source of spam emails bearing infectious PDF files spoofed to appear to come from admin@President.gov.ge”, an address ostensibly associated with the Georgian president. This is a bit circumstantial since it doesn't rule out the abuse of open relays at the Russian ministry to send "perfectly spoofed" spam or other trickery along these lines.
The Georgians also concluded that the IP and DNS servers used to control infected Georgian computers belonged to the Russian Business Network, better evidence but still not conclusive.' ..
Georgia DDoS Attacks – A Quick Summary of Observations
by Jose Nazario : http://ddos.arbornetworks.com/2008/08/georgia-ddos-attacks-a-quick-summary-of-observations/
Here’s a chance for troubled skiddies to start a new life and put their skills to good use: join the Air Force Cyber Command : http://mikeabundo.com/2008/10/08/us-air-force-reopens-cyber-command/
To Russia with Love? Georgia snaps 'cyber-spy' with his own cam: Govt puts pics on internet - not much else they can do - By John Leyden : http://www.theregister.co.uk/2012/10/31/georgia_russia_counter_intelligence/
'Georgia has taken the unusual step of publishing photos of a man it suspects of being the hacker who has been attacking the former Soviet Republic's systems for months.
Photos of the alleged cyber-spy were captured after Georgia security experts set up a honeypot sting, tricking the person they believed to be the hacker into downloading what spoofed "sensitive information" before capturing the man's image using his own web cam.' ..
'The attacker(s) planted malicious code on various Georgian news sites but only inserted into stories featuring headlines involving US-Georgia relations and NATO, subjects likely to be of interest to his target audience. The tactic was used to seed infections associated with the Georbot information-stealing zombie network. Georbot managed to infect between 300 to 400 computer in Georgian government agencies alone.
Connections to the command and control server associated with the Georbot zombie network were blocked. In response, the hacker/s launched a further wave of attacks' ..
'The PDF attack was unusually sophisticated because it featured abuse of the XDP file format, a tactic that circumvented anti-virus defences for some months before security experts latched onto the trick, IT World reports.
The use of the tactic is clear evidence that the Georgians weren't dealing with a common-or-garden script-kiddies but a cadre of sophisticated hackers located in both Russia and, evidence suggested, Germany.
Georgian security experts launched a counter-offensive by deliberately allowing a machine to become infected. This computer contained an infected ZIP file' ..
'The alleged perp, who was named only by his online nickname Eshkinot, is unlikely to have acted alone. Georgian authorities allege that Russian intelligence agencies are mixed up in an ongoing cyber-espionage operation, citing intelligence obtained from their counter offensive (including data from Georbot C&C systems, decrypted communication mechanisms and malicious files) as evidence.' ..
'The best evidence for this assertion is that a domain associated with the Russian Ministry of Internal Affairs, Department of Logistics, in Moscow was the source of spam emails bearing infectious PDF files spoofed to appear to come from admin@President.gov.ge”, an address ostensibly associated with the Georgian president. This is a bit circumstantial since it doesn't rule out the abuse of open relays at the Russian ministry to send "perfectly spoofed" spam or other trickery along these lines.
The Georgians also concluded that the IP and DNS servers used to control infected Georgian computers belonged to the Russian Business Network, better evidence but still not conclusive.' ..
Georgia DDoS Attacks – A Quick Summary of Observations
by Jose Nazario : http://ddos.arbornetworks.com/2008/08/georgia-ddos-attacks-a-quick-summary-of-observations/
Here’s a chance for troubled skiddies to start a new life and put their skills to good use: join the Air Force Cyber Command : http://mikeabundo.com/2008/10/08/us-air-force-reopens-cyber-command/
