Username: Save?
Password:
Home Forum Links Search Login Register*
    News: Keep The TechnoWorldInc.com Community Clean: Read Guidelines Here.
Recent Updates
[September 09, 2024, 12:27:25 PM]

[September 09, 2024, 12:27:25 PM]

[September 09, 2024, 12:27:25 PM]

[September 09, 2024, 12:27:25 PM]

[August 10, 2024, 12:34:30 PM]

[August 10, 2024, 12:34:30 PM]

[August 10, 2024, 12:34:30 PM]

[August 10, 2024, 12:34:30 PM]

[July 05, 2024, 02:11:09 PM]

[July 05, 2024, 02:11:09 PM]

[July 05, 2024, 02:11:09 PM]

[June 21, 2024, 01:43:48 PM]

[June 21, 2024, 01:43:48 PM]
Subscriptions
Get Latest Tech Updates For Free!
Resources
   Travelikers
   Funistan
   PrettyGalz
   Techlap
   FreeThemes
   Videsta
   Glamistan
   BachatMela
   GlamGalz
   Techzug
   Vidsage
   Funzug
   WorldHostInc
   Funfani
   FilmyMama
   Uploaded.Tech
   MegaPixelShop
   Netens
   Funotic
   FreeJobsInc
   FilesPark
Participate in the fastest growing Technical Encyclopedia! This website is 100% Free. Please register or login using the login box above if you have already registered. You will need to be logged in to reply, make new topics and to access all the areas. Registration is free! Click Here To Register.
+ Techno World Inc - The Best Technical Encyclopedia Online! » Forum » THE TECHNO CLUB [ TECHNOWORLDINC.COM ] » Ethical Hacking / Security / Viruses
 How To Catch A Hacker
Pages: [1]   Go Down
  Print  
Author Topic: How To Catch A Hacker  (Read 1194 times)
Taruna
Elite Member
*****



Karma: 13
Offline Offline

Posts: 845

Hi ALL


View Profile
How To Catch A Hacker
« Posted: January 03, 2007, 11:48:03 AM »


Tip 1: Hackers cover their tracks. Experienced hackers cover them more thorougly, but amateur hackers sometimes leave things behind. Don't expect them to leave any really big evidence behind; expect more of little things here and there you might find surprising. For example, if you're writing a term paper and a black hat hacker accidently saved it when he took a paragraph out- that's suspicious. Where did that paragraph go? Well, for one thing, now you know he was in that area. Check the folders surrounding the file- you might find something.

Tip 2: Decipher between the type of hackers that are attacking you. Experienced hackers will have a more in depth look around when they penetrate your system. They won't touch much because they know that that won't add too much to their knowledge. But if you know a hacker's been in, and some files are messed with, and you have a log of someone guessing passwords to a file or something of that sort, its probably some newbie who's just starting out. These are the easiest hackers to catch. They usually get so caught up in thoughts like "I'm in!" that they forget the basics, such as work behind a proxy.

My friend was setting up a webserver once. His first time too, and he wasn't to anxious to set up some good software to protect against hackers and viruses. He didn't put up one IDS, and before you know it, the obvious happened. But this time, a newbie had struck. The nice log files showed, bluntly across the screen, multiple instances of a foreign IP address that stood out. Some stupid newbie had tried to login as "uucp" on my friend's XP computer, with a password of "uucp." Well, that's great, but he also had tried the same user/pass combination three times, enough to get himself logged nicely. Even a semi-brainless user with some form of neurological system knows that uucp isn't a default XP account. Again, excitement toiled this hacker's brain, and maybe if he hadn't done that, along with a few other stupid things, he wouldn't have gotten caught. What other things did he do? Well, lets see. He openned 35 instances of MS-DOS. He tried to clean the printer's heads, and he edited a .gif in notepad. Then he uninstalled a few programs and installed some html editor, and replaced four files with the words "14P."

He might as well have posted his phone number. In a few days, we had tracked him down to a
suburban town in Ohio. We let him go, not pressing any charges, because he had done nothing really damaging and had provided me with an example of a moron for this guide.

Tip 3: Don't go crazy if you lose data. Chances are, if it was that important, you would have backed it up anyway. Most hackers nowadays wish they were back in 1989 when they could use a Black Box and having a Rainbow Book actually meant something. Most hackers aren't blackhat, they are whitehat, and some even greyhat. But in the end, most hackers that are in systems aren't satisfied by looking around. From past experiences, I have concluded that many hackers like to remember where've they been. So, what do they do? They either press delete here and there, or copy some files onto their systems. Stupid hackers (yes, there are plenty of stupid hackers) send files to e-mail addresses. Some free email companies will give you the IP of a certain e-mail address's user if you can prove that user has been notoriously hacking you. But most of the time, by the time you get the e-mail addy it's been unused for weeks if not months or years, and services like hotmail have already deleted it.

Tip 4: Save information! Any information that you get from a log file (proxy server IP, things like "14P", e-mail addresses that things were sent to, etc.) should be saved to a floppy disk (they're not floppy anymore, I wish I could get out of the habit of calling them that) incase there's a next time. If you get another attack, from the same proxy, or with similar e-mail addresses (e.g: one says Blackjack [email protected] and the other says [email protected]) you can make an assumption that these hackers are the same people. In that case, it would probably be worth the effort to resolve the IP using the proxy and do a traceroute. Pressing charges is recommended if this is a repeat offender.

Tip 5: Don't be stupid. If you've been hacked, take security to the next level. Hackers do talk about people they've hacked and they do post IPs and e-mail addresses. Proof? Take a look at Defcon Conventions. I've never gone to one, but I've seen the photos. The "Wall of Shame"-type of boards I've seen have IPs and e-mail addresses written all over them in fat red, dry-erase ink. Don't be the one to go searching the Defcon website and find your e-mail address posted on the Wall of Shame board!

Tip 6: Don't rely on luck. Chances are, sometime or another, you're going to be targeted for an attack. Here you can rely on luck. Maybe they'll forget? Maybe they don't know how to do it? If you think this way, a surprise is going to hit your face very hard. Another way you could stupidly rely on luck is by saying this: It's probably just a whitehat. On the contrary, my friend, it's probably just a blackhat. A blackhat with knowledge stored in his head, ready to be used as an ax. It's your data. You take the chance.

Logged

Pages: [1]   Go Up
  Print  
 
Jump to:  

Copyright © 2006-2023 TechnoWorldInc.com. All Rights Reserved. Privacy Policy | Disclaimer
Page created in 0.125 seconds with 23 queries.