Results 1 to 7 of 7

Thread: Finding people that don't want to be found

  1. #1
    Junior Member
    Join Date
    Feb 2004
    Posts
    2

    Finding people that don't want to be found

    Recently the company I work for was subjected to an intrusion. A machine was backdoored, accesses were made to critical systems.

    Well I was able to track the person down. I was able to identify him. Although he denied it, We were able to find prior complaints. When he was confronted, He explained that he knew nothing about computers and was being framed by people connecting through "botted computers". Hah!

    Anyway, the police didn't care because there was no proof, just a little curcumstantial evidence and a good hunch.

    I don't want to find him, I know who he is and where he lives. I want to find him online, or traces of him.

    He is here! He may even be reading and posting on this site...

    How could it be so easy to go from anonymity to a physical person, but so unimaginably harder to go the other way around?

    Anyone had any luck doing this?

    Seems like it'd be good to have an MO directory, of sorts. Where as much information regarding the identity of the person doing the attack and maybe some specific, and obvious details about each person. (source ips, style, files found, obvious identifiers in files like urls and the such) It may then be possible to find that someone else was compromised by the same 'john doe'.

    Seems like organized crime fighting should possess such a database, but based on my experiences the ability for local police departments to collect and process this kind of information is limited.

  2. #2
    Ok, first how do you know it was the guy that you think. Trust me it is very easy to frame someone for something.

    Now as far as your question. It is probably as easy if not easier to track someone in reverse order (i.e) Real person --> Online life. How do you do it. Well there are several ways.

    First Real person has an IP address that they are assigned. Find it and you can get all that you need. (You will be surprised how much an ISP will, tell you about a person if they think the person is doing wrong. You can Social Engineer **** loads of Info out of them.)

    Next way. Alot of people when they set up Email accounts use there real name for the subscriber. Well that is also a way. Another good thing. Believe it or not try google. You would be surprised what info might be there about you.

    I will tell you this much if you have the time and don't mind doing the work, you can find an amatures or someone that doesn't cares fake life quiet easily.

    If you need anymore help with this let me know in PM and I will see what I can do.

  3. #3
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    That sounds about right....since you know who it is and he works in your company, try monitoring his computer. Either remote logging, IP monitoring, or key logging would be good options.
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    You may consider looking at what JP left on AntiOnline... http://www.antionline.com/hacker-profiling/?s= I haven't checked it out in over 2-3 years myself...

    It works in the opposite direction of what you seem to be doing, but I guess that any reading is better than none at all. Good luck and hopefully it helps.


    And Googling does find a lot. What do these other people you said you meet with to determine that you had your man think about his online identity? They may have done some work already.

    But for true evidence, there are some very important steps to follow. 1) You will need to NOT do ANYTHING to the PC. Turn off, remove HDD, get a HDD cloner and clone the HDD. Then bag the original one and it *should* be permissiable as evidence. Search the cloned HDD for info you are looking for. Not following at least that can ruine evidence-worthiness... For more, search AO and you might find something, I think a tutorial was written a while back.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    "How could it be so easy to go from anonymity to a physical person, but so unimaginably harder to go the other way around? "

    Well it is logical if you think about it. You trace the "anonymous" to the "physical" because they have made contact with you.

    You have no idea how many proxy accounts, fake e-mails, ISPs, or even computers that they have.

    Let's face it, it could be me, because you have had no contact from this ISP?

    It is difficult enough tracing an attacker, if they know what they are doing, if they don't attack you, then you really have little chance, as they could be anyone on the internet and that is a very large number?

    Cheers

  6. #6
    Junior Member
    Join Date
    Feb 2004
    Posts
    2
    ==================================================================
    since you know who it is and he works in your company
    ==================================================================

    Where did cmbaron say this? I see "I was able to track the person down. I was able to identify him" and "I know who he is and where he lives"... but I don't see anything like you assumed....I have reread the post about 15 times, and I still don't see it.

    If "he" worked for the company in question, then "he" probably would no longer have a job?

    ===================================================================
    remote logging, IP monitoring, or key logging would be good options
    ===================================================================

    Bad advice.

    Are you saying that it's ok to install monitoring software, or backdoor someone else's box? If "he" is an employee (which still hasn't been verified), and unless part of the terms of use "he" had to sign when "he' started employment have specific terms stating that computer usage may be monitored, then it's illegal to do so. It doesn't matter who owns the equipment.

    You should never give advice based on assumptions.

  7. #7
    Junior Member
    Join Date
    Feb 2004
    Posts
    8
    Actually, it is possible that he was being used by the actual culprit as a Zombie, which means his comp was being used to hack the comp by the culprit because of a backdoor in his comp.
    you want commitment put on your best suit, get your arms around me now we\'re goin\' down down down

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •