Anyone with computer hacking knowledge?

[Baryonyx]

In the current chapter of my WIP one of the characters website is hacked with a threatening message put on the front page.

Anyway, is it possible for people with computer knowledge to trace where the hacking attack came from and get a town/area of the country where the hacker might live?

My computer knowledge is pretty much limited to using MS Word so need an experts help with this

Thanks

 

[Tsu Dho Nimh]

It depends on how much trouble the attacker went to to conceal their tracks. What does the plot need? Some web hosting software is ludicrously easy to hack into, especially if the owner doesn't update the server software.

And there is always "social engineering", which is sweet-talking someone out of a password.

How far away is the hacker?

 

[PGK]

I know nothing about hacking and very little about computers, BUT . . . a few years back I had a firewall (or an internet security program) that would alert me when someone tried to access my computer and it also had a remote locating feature. It's been a while and I can't remember what any of it was called (or why anyone would want access to MY computer), but I do remember getting messages every now and then from the software claiming someone tried to "hack" my computer. It then gave me the option to track/locate the source and when I did so it showed me a map of the world and started processing "something" until it gave me an answer which usually consisted of an IP address, a country, a city, and the ISP.

 

[Baryonyx]

It depends on how much trouble the attacker went to to conceal their tracks. What does the plot need? Some web hosting software is ludicrously easy to hack into, especially if the owner doesn't update the server software.

And there is always "social engineering", which is sweet-talking someone out of a password.

How far away is the hacker?

The hacker is around a hundred miles away. He is also pretty proficient on computers too.

I just really need him to get an aproximate area for the hackers location since it's that which gives the MC a clue as to who is doing it.


PGK


Thanks, that actually sounds perfect for what I need.

Any computer people know if hackers can conceal their tracks against programmes like this?

 

[DrZoidberg]

Internet security isn't my field specifically, but I work in a related field.

When you go out on the Internet each server you come to, you have to give your IP address. Without an IP address you're not able to do anything on the net. It's simply not possible. A hacking attack has to start with visiting the page in question, at which point you give your IP address.

But you can obfuscate your IP address by going via proxy (as it is called). If you sit behind a hardware firewall, the IP address you give is the IP address of the firewall, not your computer. But the firewall, keeps track of your IP address. You can go via these kinds of chains to a server making it increasingly difficult to track. But if you work backwards, you can always find the offending computer. This assumes that the person investigating can get access to the proxy.

But you can't just move the computer and get away with it, since you don't only send out your IP address. You also send out your MAC address... which is the specific component in the requesting computer that sends out the request. These are unique. But they can be removed from the log.

On the specifics of location. The Internet is organised by a number of domains. The address dog.se means that ".se" is in Sweden, and "dog" is the actual server. You need to go through these when surfing. You start at .se and then find dog. Lookup works backwards as well. The same architecture is utilised in both directions. Each country is divided up between a number of these top domain servers. So this can be used to pinpoint where somebody is. Sweden is divided up into only six of these top domain servers. So if somebody doesn't go out of their way to cover their tracks its relatively easy to pinpoint general location of somebody. But you'll only get the location of the final proxy that calls the server.

 

[Mac H.]

In the current chapter of my WIP one of the characters website is hacked with a threatening message put on the front page.

Anyway, is it possible for people with computer knowledge to trace where the hacking attack came from and get a town/area of the country where the hacker might live?

Sure, it's trivial. It can be obtained from the IP address of where the messages came from.

The problem is the word 'MIGHT'. All you can tell is that the unauthorised change in the website came from there. That doesn't really help.

He could be using a compromised computer in that area and be somewhere totally different. He could be using a proxy. He could be doing something else entirely.

. . . a few years back I had a firewall (or an internet security program) that would alert me when someone tried to access my computer and it also had a remote locating feature. It's been a while and I can't remember what any of it was called (or why anyone would want access to MY computer), but I do remember getting messages every now and then from the software claiming someone tried to "hack" my computer. It then gave me the option to track/locate the source and when I did so it showed me a map of the world and started processing "something" until it gave me an answer which usually consisted of an IP address, a country, a city, and the ISP.

Oh dear - I remember that. Everyone who was slightly paranoid was suddenly convinced that someone was trying to hack their computer.

Any bot sending a request to a non-standard port would suddenly be 'I'm being hacked!!!!'

I'm glad people are a bit more rational about it now !

Mac
(PS:

You also send out your MAC address... which is the specific component in the requesting computer that sends out the request. These are unique

Yes, they are MEANT to be unique.

And, on any off the shelf bit of hardware they should be.

But you can always hack a network interface yourself and give yourself whatever MAC address you want. And you just google [ MAC address spoof ] to find plenty of tools that will make it appear to have whatever MAC address you want to appear as.

 

[dgrintalis]

It depends how knowledgeable your character is. If he/she is an experienced hacker and not just a script kiddie using automated tools, he/she can hide their tracks. If the character is using automated tools, they probably won't have the skill level needed to prevent discovery.

ETA: It also depends on the target machine. Is it a pc at home (most home-based systems are easy to crack into), or a corporate machine? If it's a big corporation with a large IT department, it will make the attack a lot more difficult, and if the company has a good IT security staff, the attack will most likely be prevented by internal systems setup to combat attacks.

And no, I'm not a hacker nor have I ever been, but I worked in IT for a long time, and we had some guys on the team that were seriously knowledgeable about security and the like.

 

[Amadan]

If the hacker is relatively unskilled, careless, or just doesn't care, it's possible to track where it came from, but if he's skilled and careful, there's not much chance of doing so unless you have a federal agency serving subpoenas to every host he used. Spoofing, proxy servers, and other means of obfuscation make it trivially easy to hide your tracks. In theory, you can always track the attack back to the true source, but your hacker 100 miles away could route his attack through servers in Russia, Korea, New York, the Cayman Islands, and then make it look like it ultimately came from the Starbucks down the street.

What's realistic depends on how sophisticated you want the two adversaries to be, but technology favors the hacker. Your hacker doesn't have to be a super-l33t h@x0r to spoof his address and route through an offshore proxy server, and just doing that will make it almost impossible to track him unless your character is a super-l33t h@x0r. So if you want him to trace the attacker's general location, the attacker has to either be unskilled or careless.

 

[ChristineR]

To put it in non-technical terms, it's easy to hide your tracks just by using someone else's computer to do your dirty work. The computer in question could be open to all who want to use it, or it could be a computer that the hacker illegally got control of. In general, the attack will not be logged or traced on the free-for-all machine, and it should be easy for the hacker to wipe his tracks on the hacked machine he controls. Both these machines could be anywhere on the planet. The victim would trace the attack to these machines, and then reach a dead end.

Two things you might consider would be a specialist watching the attack as it happens, and a specialist getting a chance to look at either the hacked machine or the hacker's home machine. The former might point to the hacker; the latter could confirm a suspicion.

 

[IanMorrison]

Perhaps the hacker could launch the attack from an internet cafe and then neglect to cover his tracks? That way you'd get a general location that looks like a dead end to anyone looking into it.

 

[Deleted member 42]

First, this isn't the sort of thing a hacker would do; it's the sort of thing a script kiddie would do.

Secondly, if it were a hacker, the hacker would enter by tunneling through a serious of compromised routers. It's the digital equivalent of taking three different cabs, and telling each cab as you exit to take a different route, and then hopping into a stolen car with stolen plates . . .

Hackers to survive have to be too good to be caught; they're not in it for the money they're in it for the joy of solving the puzzle.