Recently the company I work for was subjected to an intrusion. A machine was backdoored, accesses were made to critical systems.

Well I was able to track the person down. I was able to identify him. Although he denied it, We were able to find prior complaints. When he was confronted, He explained that he knew nothing about computers and was being framed by people connecting through "botted computers". Hah!

Anyway, the police didn't care because there was no proof, just a little curcumstantial evidence and a good hunch.

I don't want to find him, I know who he is and where he lives. I want to find him online, or traces of him.

He is here! He may even be reading and posting on this site...

How could it be so easy to go from anonymity to a physical person, but so unimaginably harder to go the other way around?

Anyone had any luck doing this?

Seems like it'd be good to have an MO directory, of sorts. Where as much information regarding the identity of the person doing the attack and maybe some specific, and obvious details about each person. (source ips, style, files found, obvious identifiers in files like urls and the such) It may then be possible to find that someone else was compromised by the same 'john doe'.

Seems like organized crime fighting should possess such a database, but based on my experiences the ability for local police departments to collect and process this kind of information is limited.