Slashdot Mirror
Irked By Cyberspying, Georgia Outs Russia-based Hacker
coondoggie writes "In one of the photos, the dark-haired, bearded hacker is peering into his computer's screen, perhaps puzzled at what's happening. Minutes later, he cuts his computer's connection, realizing he has been discovered. In an unprecedented move, the country of Georgia — irritated by persistent cyber-spying attacks — has published two photos of a Russia-based hacker who, the Georgians allege, waged a persistent, months-long campaign that stole confidential information from Georgian government ministries, parliament, banks and NGOs."
Can somebody help me out here? Since the title of this submission has "hacker" in it, I thought it'd be about some guy who does cool stuff with hardware, or somebody who has been writing some intense open source software. But I don't see any of that here. Is this submission actually discussing a "cracker", rather than a "hacker"?
Communist dirt bag Got caught with his shirt off.
The real story is they pawned him with porn lol
Once again, we can see how tremendously useful public servants have been in setting up secure systems, using secure OSes, good security practices, etc.
The infection vector was what? Some automatically run PDF shipped Base64-encoded in an XML file?
I mean. Like. Opening a PDF gets you rooted!?
Wow. Just wow.
But, hey, no problem... Because from TFA apparently some taxpayers money had been spend buying some local "Dr. Web" antivirus.
As long as people are going to consider it normal to be infected this way and find excuses like: "Things are complicated, PDF is needed and remote-root exploits opening a PDF are something very difficult to prevent" , we're gonna be in deep, deep shit.
This looks like another Adobe exploit. Both the bad guy and the good guys used it. And when they infected Boris Badenoff's computer, they only took .doc's and not .pdf's. I wish I could be so selective.
Everything I've ever learned the hard way was based on a statistically invalid sample.
"Bearded man found shot dead in Russian apartment, found hunched over keyboard."
The Georgians don't mess around, any more than the Russkies do.
He'd better watch his back.
".
This guy looks Georgian to me. He could be a human rights activist who is now accused to be a spy. Politics are dirty and the truth is far from what the officials say in that part of the world.
~ Best man at your service.
Story says hacker knew he was hacked after 10 minutes. How does that explain two pictures different angles one shirt less.
Why would Georgia admit to it?
Public Service Announcement:
Don't hack with a web cam plugged in.
#fuckbeta #iamslashdot #dicemustdie
Except it was the other way around - russkies wanted their colonies back. And speaking of escaping the gravity well, Estonia seems to be in the clear. Good on them!
I love the carpet on his ceiling. Not sure how easy it is to vacuum though. Also, have I seen that guy in a movie somewhere?
First his ARM got hacked..... then his legs and head!
Captcha: deterred
...Computer Hacks You! Seriously loving the decor though.
Story says hacker knew he was hacked after 10 minutes. How does that explain two pictures different angles one shirt less.
It's a well-known and interesting fact that hackers can move their laptops and put on a shirt in less than five minutes.
systemd is Roko's Basilisk.
Since when does having a mustache enough for one to be considered "bearded". As a bearded man myself I'm offended. lol
My worry is what did the web cam capture between shots when he stood to get a shirt.
How is that not the first thing removed if it isn't built-in or covered up with a piece of duct tape if it is? High skilled dumbass apparently.
Don't hack the country you're in. Russia has a history of excusing hackers who steal from other countries. You almost get congratulated if you steal and bring more money into the local economy. Even if they're upset, a lot of countries don't like to extradite.
Anonymous americans will swallow anything and then regurgitate it as fact. Georgia attacked the Russkies at the border, the Russkies chased them all the way back to the capital. If they "wanted their colonies back" they could easily have stomped the capital there and then and made the case that it was for their own defence. But that's not what happened, having marched to the city limits of the capital they had proved their point to the world and reiterated that point by simply walking away.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Does using a trojan count as hacking? I can't keep up with things these days.
Still the part where the 'hacker' downloads an executable file, and runs it...that's weak sauce. One, it tells us he's probably running Windows. Two, it shows he is an idiot: what 'hacker' blindly runs an executable file, even one given to him by 'friends'?
See, if the 'authorities' had managed to capture an image of him by pulling apart a botnet client, tracing the originating command server through several wayward paths, spelunking their way up the internet one router at a time until they found the source of the packets containing a fraudulant origin IP address, then exploited a weakness on a service running on a common port that wasn't patched / no one knew about, then turned on his webcam to grab a photo or two of him while quietly copying evidence off his machine, I'd be inclined to say "GG" and award some finger-snaps for one-upping someone on their own battlefield.
But using social engineering on someone running a common operating system, someone without the common sense inherent in a level one helldesk operator (do not run unknown executables)...I mean, he doesn't even fire up a VM and lock it off the internet before running the thing? Does anyone actually think this guy was anything more than, at best, a script kiddy, and at worst, a pawn?
If this is the best news that they can put out these days regarding their capture of 'cyber-criminals,' there either aren't any, or they're getting schooled.
Here's a hint for understanding power in the virtual realm -> if you need to work with others to achieve something, or need to get a judge to sign off on something, you're doing it wrong. If you need to call up a Bell to run a data tap to find the equivalent of the opportunistic thief robbing a 7-11...then you don't know enough about technology to 'fight' effectively.
I am John Hurt.
Doesn't look like a government agency to me, although it's possible that the guy works from home.
It was separatists, not the Georgian military, and it happened after a long list of provocations by Russia involving Abkhazia and South Ossetia. In 2008, Russia shot down a Georgian drone over Abkhazia, which they did not technically have the right to do, as it was part of Georgia. Things got worse from there.
Here's the Wikipedia account; start your editors!
http://en.wikipedia.org/wiki/2008_Georgia–Russia_crisis
"This guy had high-class skills", Gurgenidze said
...
I don't think so
--
'The accounts are encrypted with a 1024 bit cipher. Even I can't break through the fire wall', Swordfish
AccountKiller
More importantly, why would this professional, master neo-KGB hacker expose his camera like that? I'm a nobody but even I've heard of masking tape.
Charisma is the measure of someone's ability to lie with a straight face.
My Dad was reading some of those old 1990's cyber-spy-crime-somethinginternet novels recently (think 'Len Deighton' approved, etc.).
He put down one of the books one day and asked me: "How the hell could someone hack into the CIA??" and I said, "Dad, that was like, 30 years ago. Facebook knows more about your life now than the KGB could ever have."
He acted like he knew what I was talking about and continued reading. Later on, he asked me why Virtual Reality hadn't been used in the Gulf War because that would surely have saved lives.
*sigh*
He should have used the phone buster buster.
Agree, there's was a lot more to it than a summary of my recollections, when all's said and done Georgia is just another pawn in the Caspian sea oil wars being fought between the big boys.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
I would think that at some point we are going to see intelligence agencies start to send hit teams to kill hackers. It has probably already happened but we haven't seen headlines for it.
I want to make love explo....
ahhh...fuck it. time for bed. I have web apps to write tomorrow.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Russia shot down a Georgian drone.
Georgia shelled the Russian peacekeeper force barracks, killing several dozen people. And that was a detour - primarily, they were indiscriminately shelling residential blocks of Tskhinval.
Those are totally two comparable "provocations".
One: what difference does it make if he runs Windows or not? Would he be more eligible to be a hacker if he was running AmigaOS or BeOS or what are you trying to say?
Two: The article did not say anything about running a executable file. It said he had downloaded a zip file called ""Georgian-Nato Agreement.", not that the zip contained exe's. There are other files than just executables that can contain malicious code, for example the guy himself is supposed to have used XDP files.
"Tskhinval or Ch'reba; Russian: ()), is the capital of South Ossetia, a disputed region which has been recognised as an independent Republic by Russia and another four UN members, and is regarded by Georgia and all other UN member states de jure as a region within Georgian sovereign territory."
http://en.wikipedia.org/wiki/Tskhinvali
Perhaps you should shell a barracks when a foreign power builds one in one of your cities. At least according to the 189 of the 193 members of the UN who agree that Ossetia is part of Georgia. I'm pretty sure if Mexico built a barracks in San Antonio Texas, if they didn't leave, we'd shell it too.
From the story:
>On that computer, they placed a ZIP archive entitled "Georgian-Nato Agreement." He took the bait, which caused the investigators' own spying program to be installed.
Elite, wasn't he? Infected by a ZIP file...hmm.
All your ghosts are just false positives.
Here's a hint for understanding power in the virtual realm -> if you need to work with others to achieve something, or need to get a judge to sign off on something, you're doing it wrong. If you need to call up a Bell to run a data tap to find the equivalent of the opportunistic thief robbing a 7-11...then you don't know enough about technology to 'fight' effectively.
You missed the part about having to wear a long black leather trench coat. Everyone knows that all the leet h@xx0rz all wear trench coats.
I am amazed that anyone would see Russia as non-provacative in this situation. The region, Ossetia which is in Georgia, is separated by the equivalent of the Himalyas from Russia. This region is called The Caucas Mountains, as in Caucasian where most fair-skinned people get their classification. These are tall, year-long snow-capped mountains, that the Russians walked over with a few troops of tanks. The UN concluded that Russia's goal was the succession of Ossetia and Abkhazia as an attempt to force Georgia into a "peace" agreement where they recognize these territories as independent.
You know how that works with people like Putin in power right? Shortly after these territories gain their independence, they sign an agreement to "join" the USSR, thereby cutting old Georgia in half. If anyone could implement a diabolical peace plan that starts with tanks it would be these guys.
That's what I call "passive-aggressive"..
When the foot seeks the place of the head, the line is crossed. Know your place. Keep your place. Be a shoe.
He should have bounced his connection through InterNIC and then erased the logs.
No, no, you see: he used the words "Russian peacekeeper force" so, you know, that changes everything!
"but money is the God of Algiers & Mahomet their prophet." - Rich. O'Bryen June 8th 1786
The Russians are only following what the EU/America did 10 years earlier to Serbia (Considered an ally of Russia). I strongly suspect that the reason the EU/US didn't protest much was due to the fact they didn't have a leg to stand on (don't throw rocks from glass houses and all that).
The west Annexes part of a Russian ally, Russia annexes part of a Western Ally. Geopolitics at work, only the small countries and their peoples suffer.
"Tskhinval or Ch'reba; Russian: ()), is the capital of South Ossetia, a disputed region which has been recognised as an independent Republic by Russia and another four UN members, and is regarded by Georgia and all other UN member states de jure as a region within Georgian sovereign territory."
Kosovo was also "a region within Serbian sovereign territory", but when the Serbs started to wipe out the locals - which, according to you, they had full rights to, as a sovereign country - their whole country was pounded much worse than Georgia.
In any case, South Ossetia has already fought a war of independence in 1992, and has been de facto independent and running itself for 16 years before the Georgian tanks rolled the streets of its capital to "restore territorial integrity". For some mysterious reason, the locals were very unhappy about it. Maybe it's because they still remember Gamsakhurdia's talk of "Georgia for the Georgians" from the last war?
Perhaps you should shell a barracks when a foreign power builds one in one of your cities.
The foreign power in question built the barracks because it was part of a peacekeeping force that was officially accredited as such by the joint commission from all sides of the conflict after the last war. Said agreement was not formally withdrawn by Georgia until September, i.e. after the conflict. Ironically, the commander of the Georgian battalion of the same peacekeeping force received orders to participate in the take-over of the city (and carried them out).
Those regions were already de facto independent ever since their last wars with Georgia have concluded in early 90s - just not recognized as such by most other countries.
Oh, and you do realize why Ossetians and Abkhazians fought for their independence even back then, right?
If running a premade script and following instructions someone else wrote makes me a hacker, does that mean I can go buy a toy store chemistry set, perform a few preset experiments and call myself a chemist?
And they only have the 3rd cleanest prostitutes in the region.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Except that the post is fairly accurate. Operational security is considered a big aspect of the h@x0r culture; the higher up you go, the more operational security they tend to use.
What part of that is BS? Or, as I suspect, with no ID and no evidence to counter my argument, you are purely a troll.
I am John Hurt.
Does it matter that he's running Windows? Perhaps not. Does it cast doubt on whether this 31337 h@x0r was anything more than a script kiddie acting on the orders of someone else / using someone else's software? Yes.
Honestly, I do not understand why some people seem to think that to be a cracker, you must be an idiot with a flaw. As in, "despite working with dangerous code on a daily basis, no cracker would ever run untrusted code inside a VM with no ports to the internet." That it's all just some form of autism that grants them the ability to do incredible things in the virtual realm, and their below human IQ outside that realm that has them constantly getting caught. In short, you're talking about the existence of something that can't readily exist, and certainly wouldn't in any great quantity. It's too lopsided, you'd need an invisible hand working tirelessly to just to maintain the state necessary for keep them like that. As Ford Prefect, in the HHGTTG, said, "No way a civilization goes from having the plans for a spacecraft to launching one within a year; no one, no matter how motivated, does that; show it to me, and I still won't believe it."
And the part where h@x0rs get nailed by downloading / receiving a file from a 'friend'? Are we stuck in a time loop? Either they don't read the news on how any of their peers are getting caught / have gotten caught for the last two decades, or this story is purely dressed up for the press.
I am John Hurt.
Kosovo was also "a region within Serbian sovereign territory", but when the Serbs started to wipe out the locals - which, according to you, they had full rights to, as a sovereign country - their whole country was pounded much worse than Georgia.
By "you", I assume you mean the US government, which I assure did not represent my personal views in the matter, and whose executive at the time was an asshole I voted against in the previous presidential election, right?
Get a grip: the US has an internal revolution every 4-8 years; we just do it peacefully, rather than by lobbing shells between the red and blue states. You might want to try it some time.
You guys really don't "get" Democracy yet, do you? So the majority of you elected an asshole, Gamsakhurdia. Georgia has Parliamentary elections every three years; ignore the inflammatory rhetoric from the asshole, and work to get a majority for some other party in the next election in 3 years. Problem solved.
The foreign power in question built the barracks because it was part of a peacekeeping force that was officially accredited as such by the joint commission from all sides of the conflict after the last war. Said agreement was not formally withdrawn by Georgia until September, i.e. after the conflict. Ironically, the commander of the Georgian battalion of the same peacekeeping force received orders to participate in the take-over of the city (and carried them out).
If you can't resolve the conflict internally, then an internally accredited peacekeeping force isn't going to be able to do it either. Appeal to the UN for intervent. There appear to be 189 countries willing to back that, including 3 of the 5 permanent UN security council members, and as of that date, 6 of the remaining 10 non-permanent serving members would probably voted for a resolution as well, if only to piss Putin off.
Yes, I understand the commonly held view that Russia pushes a lot of money into controlling the outcome of the elections in neighboring states - http://www.csmonitor.com/Commentary/Opinion/2012/1001/Beware-Russia-s-hand-in-elections-in-Georgia-Ukraine-Lithuania - but the answer to this is that you have to refuse to be bought, and call out those who are willing to accept the payola.
By "you", I assume you mean the US government, which I assure did not represent my personal views in the matter, and whose executive at the time was an asshole I voted against in the previous presidential election, right?
By "you", I mean all the countries that raised the fuss about the conflict. These were mostly the same countries that directly participated in the military operation against Serbia back in the day, bombing their capital etc.
More specifically, by "you" I mean you in particular, since you've implied that Georgian Army shelling and assaulting an Ossetian city, indiscriminately targeting civilian objects, is a-ok because it is "within Georgian sovereign territory". That's a bullshit excuse, not really any different from Kosovo or Chechnya or Syria.
You guys really don't "get" Democracy yet, do you? So the majority of you elected an asshole, Gamsakhurdia. Georgia has Parliamentary elections every three years; ignore the inflammatory rhetoric from the asshole, and work to get a majority for some other party in the next election in 3 years. Problem solved.
I'm not a Georgian. Anyway, if you've actually read any links about the guy, your advice was about as good as the advice to not re-elect Hitler. It's no coincidence that Gamsakhurdia was eventually killed (or committed suicide) after fighting a civil war against the new government of his own country. He really was a madman, even his own people saw it eventually.
Furthermore, at the point when he was spouting "Georgia for the Georgians" - i.e. right before the first war in Ossetia - he still had considerable public support among Georgians themselves, which constitute the majority of "Greater Georgia". So what exactly were Ossetians to do? Stand back and let themselves be ethnically cleansed, because the majority voted in favor of that? That's your idea of democracy?
By the way, if you're so keen on democracy, I have to remind that, just as the Georgian parliament voted to separate from the USSR and form an independent republic, so did the South Ossetian parliament vote to separate from Georgia and form an independent republic. Surely either both of those were valid (on the basis of the right to national self-determination), or neither was? If you disagree, then explain how one is different from another, without resorting to the hypocritical "we always ran things around here as we wanted before the Ruskies came".
If you can't resolve the conflict internally, then an internally accredited peacekeeping force isn't going to be able to do it either.
Well, it worked for 16 years. Would have kept working beyond that if Saakashvili didn't decide that a nice little victory would do wonders to boost his standing among his (liberal, but also generally nationalist and irredentist) electorate.