Can I track down a hacker?, Part 2

Dennis Faas's picture

Yesterday's Visitor Feedback asked, "Can I track down a hacker?"

My answer to that question was a passive one -- mainly based on the fact it would take an inconceivable amount of time to prosecute each and every hacker who tries to wallow his way into your computer system.

An algorithm for a typical Hacker might look something like this:

  1. Randomly select a computer to hack;
  2. Attempt to gain access to randomly selected computer;
  3. If access is granted, deliver a payload (send virus/trojan, delete files);
  4. If access is not granted, disconnect from this computer;
  5. Repeat process.

With the probability that many hackers online the Internet think similar to this algorithm:

I propose that any given day would have multiple hackers hitting the same computer attempting to gain access. The question now becomes: what criteria would be used to prosecute this hacker, or that hacker considering most of them are probably using the same set of tricks to gain access to your computer system?

Case and Point

If you're a die-hard infopackets fan, you most likely have already visited the infamous page which contains my Free Report on "How to Stop Hackers and Viruses from Malicious Intent." On this page you will find a picture of a software firewall (a program used to block hackers) which shows 416 hack attempts in a 90 hour period.

Would it make sense to (attempt to) track down each and every one of those "hackers"? Most definitely not. Not in my opinion, anyway. Regardless of the scenario, some of you seek retribution. Notably so, I received a couple friendly emails from Gazette readers who have provided some wonderful links to programs that will help to track down a hacker / seek justice.

  • My Net Watchman: The myNetWatchman program (agent) gives users a heads-up that they have a security problem, if their system becomes infected with an Internet Worm virus.
     
  • DShield: Provides a platform for firewall users to share intrusion information (a free and open service).

And, I received a few tips on software and hardware firewalls. Brian P. says:

" I have been successful in tracking down a hacker. Norton Firewall does an excellent job of providing information on the IP address of the hacker. Tracert allows you to see the originating ISP assuming there is no spoofing. In my case I informed the ISP and was informed a few days later the hacker had his account cancelled.

I gather mine was not the first incident. The satisfaction in getting one hacker kicked off the net is worth the effort it takes. If spoofing has occurred, the owner of the IP address used will certainly hear about it if you complain and can then take the appropriate action. Doing nothing just allows the hacker to continue.

Hacking is a criminal activity and every effort should be made to stamp out this activity. Of course I have nothing better to do with my time so I suppose I should not judge those who are busy. The experience gained in learning the intricacies of the web is another advantage. I also take a similar action with spammers and have had several successes in this area. As for spoofing, I know Hotmail very aggressively prosecutes spoofers using their site and I believe yahoo and other web mail providers do likewise so a complaint is worth the little effort it takes. Of course I am retired and have few better ways to spend my time so I suppose I should not judge those who are busy. "

Well said. Mike D. also uses Norton Security. He writes:

" If anyone tries to hack me, Norton logs the IP number. When I receive a hack attempt, I go straight to Symantec Security and use their visual IP tracker to find the IP address of the person. I could use Tracert or Ping from the command line, but Symantec is good being a visual interface. I then report the Hacker to the ISP, threatening the ISP with being reported to the Internet Authority if they do nothing about it. I’ve had results this way, from both US and Ukrainian ISP’s. I also write a rule which blocks any communication from that IP number. "

John B. also wrote in. His comment is a contrast to the other two (above) comments. He writes:

" My advice would be to ditch the Norton firewall (software) and go with a hardware firewall. If properly configured with a private IP (ie. 192.168.X.X), your computer can be invisible to the outside world. The easiest way to obtain this is with a cheap DSL router w/ built in firewall. I suggest the LinkSYS NR041 (about $35). It has tons of features (DHCP, portmapping, DMZ configuration, remote administration, just to name a few). "

Side note: The above comment by John B. has an important update in the November 6, 2002 issue of the Gazette. Click here to read.

Rate this article: 
No votes yet