Identify the Hacker


  • Once the source of the attacks has been identified, the next step is attempting to obtain the identity of the hacker or cracker.
  • Clues to the identity of a hacker often exist in cyberspace and in the real world if the investigator knows where to look. 
  • Computer systems of interest to hackers usually keep track of all authorized and unauthorized access attempts. 
  • Records, called computer logs, provide useful and often critical clues that a trained agent or computer specialist can use as the starting point to trace the route taken from computer to computer through the worldwide web, to discover the one computer out of the millions in the world from which an intrusion was conducted.
  • All computers using the Internet are assigned a different numeric Internet Protocol (IP) address while online, similar to country, city, street, and number addresses for houses.
  • Unless the hacker alters the victim’s logs once he or she gains unauthorized access, the victim’s logs should list the precise computer address from which unauthorized access was gained.


The obstacles facing when  identifying hackers

  1. A hacker might hide or “spoof” his Internet Protocol (IP) address, or might intentionally bounce his communications through many intermediate computers scattered throughout the world before arriving at a target computer. The investigator must then identify all the bounce points to find the location of the hacker, but usually can only trace the hacker back one bounce point at a time. 
  2. Some victims don’t keep logs or don’t discover a hacker’s activities until it is too late to obtain records from the hacker’s Internet Service Provider (ISP). A victim who has no record of the IP address of the computer from which unauthorized access was gained limits law enforcement officers to traditional investigative techniques, which alone may be inadequate to identify the hacker.
  3. Some ISPs don’t keep records or don’t keep them long enough to be of help to law enforcement officers. When the investigator determines the identity of an ISP from which records will be needed, the prosecutor should send a retention letter requiring the ISP to preserve the records while a court order or other process is being obtained.
  4. Some computer hackers alter the logs upon gaining unauthorized access, thereby hiding the evidence of their crimes.
  5. Some leads go through foreign countries, not all of which consider hacking a crime. Treaties, conventions, and agreements are in place with some countries.


Identify the Hacker Identify the Hacker Reviewed by Unknown on 12:51 AM Rating: 5

No comments:

Forensicpedia.blogspot.com. Powered by Blogger.