Ars Technica has a fascinating look into a ‘cyber-spat’ (trademark pending) between Georgia and Russia.
A custom piece of malware started showing up in Georgian systems, which searched for documents based on political keywords. Those documents were then sent off to a server and retrieved by the hackers.
The CERT team in Georgia analyzed the malicious program and traced it back to Russia. When hacks occur across international lines, there is often little legal recourse. This was true here, and Georgia determined that the best course of action was to bait the attacker into taking a file which would infect his own computer.
They were successful.
Now this may not seem to accomplish much. If the Russian government is in fact sponsoring these attacks, they will continue. The identified hacker is not facing any legal proceedings. But, as the source article puts it:
The goal isn’t necessarily to get the host country to ease up on the hacks—though it may have some temporary effect—but to raise public awareness so that other forces like Congress or NATO will themselves put more pressure on some country you can hardly hope to stop alone.
Right now, there is little that is agreed upon in international law when it comes to computer crime. This will change as state sponsored attacks grow more sophisticated and gain the potential to do serious harm. Chemical warfare was outlawed after its devastating effects were seen in World War I, we’ll see some Internet attacks outlawed if state sponsored attacks start taking out electrical grids or water treatment plants.
Hopefully the world can agree on some rules of engagement before it comes to that.