I've been beating the drums for the value of tracking down the cyberspies who are attacking US government agencies and private companies alike. Somebody seems to be listening. Counterhackers have already unmasked a Chinese cyberspy.
And now the government of Georgia has landed an even bigger fish, seizing control of a cyberspy's computer and taking screen shots of him. Adding insult to injury, the Georgians also managed to steal files from his computer that strongly suggest ties to Russia's intelligence service. Network World has the story:
The photos of the hacker were taken after investigators with the Georgian government's Computer Emergency Response Team (Cert.gov.ge) managed to bait him into downloading what he thought was a file containing sensitive information. In fact, it contained its own secret spying program.
They allowed the hacker to infect one of their computers on purpose. On that computer, they placed a ZIP archive entitled "Georgian-Nato Agreement." He took the bait, which caused the investigators' own spying program to be installed.
From there, his webcam was turned on, which resulted in fairly clear photos of his face. But after five to 10 minutes, the connection was cut off, presumably because the hacker knew he had been hacked. But in those few minutes, his computer -- like the ones he targeted in the Georgian government -- was mined for documents.
One Microsoft Word document, written in Russian, contained instructions from the hacker's handler over which targets to infect and how. Other circumstantial evidence pointing to Russian involvement included the registration of a website that was used to send malicious emails. It was registered to an address next to the country's Federal Security Service, formerly known as the KGB, the report said.
For those who can't get enough of this satisfying story, here's the original Georgian CERT report on the sting.
But I can't help thinking the Stylistics said it best: "Payback is a dog."