Tracking a Hacker (in Reference to Recent FairUse4WM Posts)

Please note that this post was migrated to my new blog platform. There may be bad formating, broken links, images, downloads and so on. If you need an item on this page, please contact me and I will do my best to get it from my backups.


During the recent FairUse4WM lawsuits that Microsoft is heading up recently, I’ve started to learn more and more about thePlaysForSure DRM answer that Microsoft has created to try to satisfy the DMCA bitches (think BMI, Universal - anything DVD of CD Audio related).

What I found interesting is the age-old techniques I’ve used to track down hackers (and prosecute them in court, via companies that have hired me in the past) has become so commonly understood these days that they explain it in their recent lawsuit against Viodentia - and people understand exactly the process.

See, back in the day (late 80s, early 90s) no one had a clue how to track down a hacker.  I made some side cash tracking down these guys so long ago cause no one knew the technology enough.  Now someone makes a post, and it amazes me how common-knowledge it has become.

Now don’t get me wrong.  I’ve done my fair-share of cracks and hacks, and knew enough about re-writing the tcp stack to hide my tracks.  So don’t get pissed if it was me that testified against you way back then.  Did I do it against the underground pirate groups?  No.  It was for those guys that would hack into computers of friends of mine to do nothing more then destroy their networks.

Aren’t the best Security Experts the best hackers?  Was always my sales pitch in the  past for such jobs.  :)

Err, off the point.  The post above clearly outlines one of the most common methods for tracking a hacker.

ISPs will not talk to you unless you have a court order.  So create a suit (as MS did above), then talk to the ISPs.  They will gladly hand over any and all records.  Which most of the time you can track to a single IP and MAC address at that time of the email/file submission/port connectivity/logs/etc.  MACs on broadband are linked to a physical address on file for that user that is being billed, which will be handed over via the ISP.  Either have the feds ask for the warrant, or contact the local courts for the area to obtain one - and have the local PD/fbi unit conduct the search/arrest.

Rest is normal process. 

There are dozens of way to get around the above, that most hackers don’t even attempt.  Like accessing a computer has been hacked, then a remote hacker would piggy back everything they do off of that machine.  That’s just one of many ways.

Now in this case, Viodentia claims to live outside of the United States.  That’s good and bad, depending on his country.  This adds an extra (and extra thick) layer of law process, as you now must go through federal courts to obtain an extradition.  Now this I have never been involved with, so I’ll leave that part up to the lawyers.

> Revision History
> About the author