Juha Saarinen: When hackers get hacked themselves

Hacking groups are getting a taste of their own medicine.

By now, anyone who's glanced sideways at the internet and the IT systems that connect to it should be totally aware that it's a very unsafe place, riddled with hackers hell-bent on causing grief for innocent users.

You'd think the hackers would know as much too, but as a few amazing stories lately tell us, they can be as vulnerable as the rest of us.

If true, the Dutch signals intelligence and spy agency AIVD managed not just to break into the Russian Advanced Persistent Threat 29 hacking group, also known as Cozy Bear, but to sit in their network for a long time, maybe as long as two-and-a-half years.

During that time, they were able to use CCTV cameras to watch the Russian hackers go about their attacks, and to identify several people through the imagery they intercepted.

APT29 is thought to be behind high-profile cyber attacks on the United States Democratic National Committee, the Pentagon, and the Dutch and Norwegian governments.

Thanks to the camera footage, the Dutch security agencies were able to recognise several Russian intelligence service spies, making it clear that APT29 has at least some official connection.

While the story in Dutch media is unsourced, the country's Prime Minister Mark Rutte appears to have acknowledged the hacking of the Russians.

It's not the first time elite hackers have been hacked: someone called "Phineas Phisher" patiently probed the networks and computers of Italian spyware vendor The Hacking Team, and got in.

The business of the Hacking Team is hacking, but they fell themselves to a determined hacker who exploited configuration mistakes, unpatched software, and simply did things in an unexpected way.

It wasn't the first time either, as "Phineas Fisher" in 2014 had popped open a competing spyware vendor called Gamma Group in a similar way, which should've been a warning to The Hacking Team.

Technology continues to be a dual-edged sword like that. Pentagon and other military commands are currently panicking as Fitbit runs logged with tracking site Strava which uses accurate global positioning system mapping to visualise sessions and revealed multiple secret bases with beautifully detailed heatmaps.

"When you connect Fitbit and Strava, your Fitbit activities will automatically show up on Strava for all your friends to see," is how the GPS tracking site clearly puts it.

Not every Fitbit/Strava user read that though, and the jogging spooks and soldiers have now mapped out where they are holed up, and put themselves and others nearby in massive danger from enemy attacks.

This should serve as a salutary reminder that not even the most security-conscious hackers can think of everything and anything tech you deploy can be used against you.