How to Trace Illeagal Hackers?

Discussion in 'General Mac Discussion' started by seabass069, Dec 3, 2005.

  1. seabass069 macrumors regular

    Oct 5, 2005
    I am writing a report for school and I would like to know if anyone knows if and how the government traces the hackers that illeagally break into computer systems. Is there software that the government uses? I brought up a point to my class that since everyone that logs onto the internet needs a USERNAME, why is so difficult to trace the hacker? Why does it take a long time to track them down?

    Any help would be greatly appreciated!!
  2. ITASOR macrumors 601


    Mar 20, 2005
    Some companies trace people by IP. The ISP tells them who owns the IP and then they find them. Yes I know people get around that, but it's a way of tracking them sometimes at least.
  3. mrichmon macrumors 6502a

    Jun 17, 2003
    There really isn't any simple answer to the questions that you are asking. But you should know that not everyone needs a username to log into the internet, Also even if you use a username to connect to the internet, the data that you send out is not labeled with the username.

    There are no real automated or software ways to track people down. Mostly finding people who crack into computer systems is a task of finding little traces of information that can help point you to what is going on. The difficult part is that these traces of information are burried in massive log files and you often need to track down snippets of information that is collected on many different machines.

    A good book to read about this is "A Cuckoos Egg" by Cliff Stoll. The book is written by an astronomer who discovered a discrepancy in the accounting data for a shared computer at the Lawrence Livermoore Labs. Tracking down the cause of this discrepancy ended up taking more than 18 months and lead to the arrest of a few crackers in Germany and other places. This book will give you a good feeling for the answers to many of the questions you asked.
  4. OutThere macrumors 603


    Dec 19, 2002
    A good hacker who is looking for something specific and not there just to cause trouble, as many people think of hackers, will leave extremely little trace of his presence.

    Ultimately it comes down to someone noticing something strange on their computer systems, either from logs of connection attempts, or from missing/new files. From there they might be able to trace the connections made to their computer to, say, a place where the hacker had passed through a proxy. Proxies create facades that people using the internet can mask themselves with, and it's possible to tunnel through several proxies to obscure yourself even more. Basically, it's all about finding little clues along the way...little things that somehow got left behind, and that give hints as to where they came from...bits and pieces of files. A lot of times it will lead to dead ends, and a lot of other times it will lead to public places where the person was able to get on to the internet without allowing his identity to be revealed...which then turns the case into a police case, because they're looking for someone who was there at some point. A lot of times, though, the trail will end at a random person's internet connection, an internet connection which the hacker had spoofed.

    There's no real way that the government cracks down on hackers, it's just a matter of lucky clues and unavoidable mistakes on the hacker's part. It also happens that former hackers will become consultants, and work with big companies to safeguard their computers and data. Since these guys used to do it themselves, they know of the back doors and secrets that hackers like to use, and can sometimes spot when one has been used.:)
  5. seabass069 thread starter macrumors regular

    Oct 5, 2005
    Thanks for information. You guys have been great help. This will definitely help out my report.
  6. mrichmon macrumors 6502a

    Jun 17, 2003
    Also remember that strictly "hacker" is not the same as "bad". "Hacker" is also not the same as "cracker". Popular media has used hacker to label people breaking into computers to perform questionable or illegal activities. Strictly this use is incorrect... although to be fair this terminology battle is almost completely lost.

    But, since it is a pet peeve for me I'll point out the difference.

    A "hacker" is someone who is very skilled with computers and can apply novel and non-obvious techniques to do things with technology. A good "hack" is both elegant and efficient and in many ways a work of art. Hacking does not have anything to do with breaking into computers, although some master hackers have been known to gain unauthorized access to computers so that they can "explore" with no intent of causing damage.

    A "cracker" is someone who breaks (cracks) into computers with the intent of performing illicit or illegal acts. A "cracker" sets out with the intent of doing no good.

    The Jargon File (an old compendium of computer terms) lists the definition of

    Sorry for the rant, but the confusion of these terms is a pet peeve.
  7. ChrisBrightwell macrumors 68020


    Apr 5, 2004
    Huntsville, AL
    Ah, someone beat me to the punch.

  8. greatdevourer macrumors 68000

    Aug 5, 2005
    Borrow someone's wireless connection for a coupla minutes to do some preliminaries (find out what OS, what ports, etc), and if there's a readily available exploit, get in that way. If it's without a point&sploit, then take that info and do some research, either find a readymade or make your own, then find a WiFi spot somewhere (can be anyone's, but getting the same one twice points to the owner of that router, instead of just "someone roaming with a laptop"). Also, use MAC spoofing, tunneling through previously sploited machines (if you want one, then just scan for some pre-XPSP2 box and RPC it). Good enough?
  9. portent macrumors 6502a

    Feb 17, 2004
    The general procedure goes something like this

    1. Using a server's connection logs, find out the IP address of the hacker
    2. Find out the ISP that owns the IP address
    3. Get a court order, and find out to whom or what the IP address was assigned
    4. Determine whether you've found the actual source of the attack, or just a machine that was used as a zombie or proxy. Repeat 1-4 as necessary.

    Step 3 is often difficult for legal reasons, and it takes time. Steps 1 and 4 can be complicated if the hacker used multiple "hops," or connection logs weren't kept.

Share This Page