A Computer Hacker Can Be Traced
When a Trojan or a virus hits a PC, we get to know about its presence from the malfunctioning of the machine. But knowing just that is not sufficient. We need to know how it got there and most importantly who put it there. By finding the attacker in the same way that a victim is discovered, one can have a broader view of the picture and establish the steps that are required to be taken against an attacker.
A cracker or a hacker can be tracked down in several ways. Very often a hacker is more able to remove his traces than a cracker. While tracking their activities the emerging evidences should be preserved so that they cannot be lost or tampered with.
Sometimes it is difficult for law enforcement officers to find the identity of a hacker due to the shape in which the Internet is formed and works.
A hacker hides his Internet Protocol (IP), which is called "spoofing". He also conceals his intentions by purposely bouncing some of his communications on computers at different places in the world before attacking on a target computer. So the investigator must track all the bounce points usually to find the exact location of the hacker.
Some victims do not keep logs in their systems or can't understand that a hacker is playing its activities until a long time till records from the hacker's ISP are obtained. Not recording the IP address of the computer from which unauthorized access was obtained restricts the law enforcement officers' investigative techniques.
The network security infrastructure has evolved various changes in its implementation from firewalls along with their upgrade versions, router security techniques, host system security, auditing, incident response plan, and intrusion detection systems (IDS).
Methods in tracking a hacker are -
Tracerouting - This technique shows all the computers within the range of a user and the target machine. Often the hostname address listed in the last machine belongs to the hacker's ISP Company. This way of resolving the ISP enables to find out its location and the areas where the hacker operates. This gives the clue of the geographical location that eases investigations.
Reverse DNS Query - This technique is the most effective way of tracing a hacker. It helps to locate the country where the hacker resides though the exact geographical location cannot be determined without breaking into the ISP's Head Office.
DNS - The 'Domain Name Server' are machines connected to the Internet that keeps track of the IP Addresses and Domain Names of other PCs. A DNS search takes the 'ASCII Domain Name' or simply the 'hostname' and converts it into a numeric IP Address.
By keeping patience in hunting clues the most persistent hacker can be found and stopped.
Related article: A New "Blackmailing" Variant Creeps Around…
» SPAMfighter News - 31-08-2006