Cyber-security experts turned the tide on an alleged hacker by applying his own malware to film him through his own laptop webcam.
Specialists from Georgia’s Computer Emergency Response Team (CERT-Georgia) tricked a man they claim has been targeting their networks by obscuring the virus within a file titled ‘Georgian-Nato Agreement’.
Subsequently the attacker stole that archive from an infected PC in their lab, they were able to seize control of his computer and capture video of him at work.
They found that the attackers had planted malicious links to install the malware on specific news-site webpages that would be of interest to the kinds of people they wanted to target.
The investigation found the infiltration commenced as early as March 2011, with the virus undergoing a series of modifications as hackers tried to stay one step ahead of whatever security measures were used against it.
CERT-Georgia’s experts discovered that whenever they were able to trace the botnet’s command and control hosts, to which files were being uploaded, the hackers would alternate the destination country and IP address. To fight the infections, the team blocked these IP addresses as soon as they were discovered they cooperated with anti-virus software companies and foreign intelligence agencies to develop countermeasures.
But their masterstroke was to work out how to take control of the botnet themselves and infect one of the hackers with his own malware. They then recorded him as he worked.