PDA

View Full Version : computer experts?



twiharder
08-26-2012, 02:33 AM
In my story I want character "A" to email character "B" using a fake email account, say gmail, but I want character "B" to use their skills with computers to track character "A" all the way back to their house.

Is that possible?

What would character B have to do?

WriteKnight
08-26-2012, 02:39 AM
I googled "How to trace fake email" and got a number of links. Here's one'

http://www.irongeek.com/i.php?page=security/fakemail

Trebor1415
08-26-2012, 02:57 AM
I googled "How to trace fake email" and got a number of links. Here's one'

http://www.irongeek.com/i.php?page=security/fakemail


The info from WriteKnight's source would work.

This does assume that character "A" is NOT overly computer literate. If he/she is supposed to be a "regular person" who thinks using a fake e-mail is "clever," I can buy this.

But, if character "A" is supposed to be any sort of "hacker" I'd have a hard time with this. Knowing how to use a remailer account is pretty basic and there are plenty of other ways people with more than a little knowledge can hide their tracks. So, it depends on how smart/computer savvy your character "A" is supposed to be.

twiharder
08-26-2012, 06:27 AM
I just did exactly what was described in that link, just to test it, and while I could see my real IP address, I fail to see how I can get a physical street address from my ip address. In fact, when I look up my ip address it tells me that I am in a city 3 by car hours away.

I want my character to come to their house and cause some problems once he figures out who the emailer is.

DragonWing
08-26-2012, 06:53 AM
You can't do that just by looking at an email. Bare minimum, this takes at least three different "hacks," although that includes reading the email message headers as the first part. Then you would need to hack into the administration servers for whatever service originated the message to find out the client that had that connection at that time. And then you'd likely have to hack the customer service database to turn that client ID into a name/address.

Bare minimum.

Some services (like GMail, I believe) don't even record the IP of the client that was connected to send that email. All you see in the message header is the IP of the server that first processed that email.

Wing Stand
08-26-2012, 01:35 PM
You could have character B hack into the Gmail account (or whatever) of character A and have them obtain A's real e-mail address from the account settings, which might give them a clue to A's identity.

glutton
08-26-2012, 07:20 PM
You could have character B hack into the Gmail account (or whatever) of character A and have them obtain A's real e-mail address from the account settings, which might give them a clue to A's identity.

The problem with this is that no one with half a brain creating a fake Gmail account would associate their real email with it.

tirial
08-26-2012, 08:22 PM
If Character B can get Character A to open a link or click on an attachment (possibly disgusing it as spam on a topic A would be interested in, among other spam emails), they can get software on the machine that will tell them what they need to know, or let them backdoor in and start browsing files for info.

That does assume A is doing this from his own machine, and clicks links, or is using an email program that opens attachments automatically.

DragonWing
08-26-2012, 11:17 PM
You could have character B hack into the Gmail account (or whatever) of character A and have them obtain A's real e-mail address from the account settings, which might give them a clue to A's identity.

Won't work. The OP reported that it was a fake email account. Even if the account itself exists, the account could already be hacked, or even outright spoofed.

MoLoLu
08-27-2012, 03:22 PM
Not much of a network guru here but my thoughts are:

Short of going through the ISP / Phone Company to see which IP is linked up to what, you'd be damned hard pressed to get more than an IP. That IP will probably be a mail server, so you'd then have to figure out which account sent that and where they were logged on from (were they at home? in a restaurant? free-wlan in the metro?) And, assuming you ever get that far, if the IP is behind a router w. many machines (e.g. an Office, public WLAN), you'll be even more hard pressed to figure out which one it was unless you can get inside that router and figure out what goes where - all assuming you can do that before the router clears all its logs.

Without any of that, which generally requires some court order/similar or very good personal contacs, you're pretty limited. There's a reason spam bots and jumk mail dispensers are easier to block than shut down for good.

Simply put, it'd be costly and tedious, without any guarantee of result. Anonymity is big on all levels of the internet. If you're trying to go unnoticed, it's pretty effective until the big-budgets go after you - or you allow someone to associate account A with account B with account C which somehow leads back to your real name, which most of us probably do. Thing is, I'll never buy anyone being intentionally devious with any knowledge of the internet to be that silly. It reminds me of the character who shoots someone and leaves the gun & fingerprints beside the victim, not even bothering to try and get rid of it.

Snick
08-27-2012, 04:43 PM
I(t isn't that difficult to track down an IP address using a tracing program. But it is easy to set up an email account that will not give the user's actual IP but the IP of the email server. If character A is supposed to look bright, then have him use a tracer. If character B is supposed to do well, then have him set up an email account in some strange place and use that.

twiharder
09-07-2012, 05:07 AM
Thanks for all the input guys. Lots to think about.

xC0000005
09-07-2012, 05:19 AM
The other places I like to look when sleuthing in email are the MIME boundaries, message id, and in reply to, along with the x-mailer.

MIME builders are all unique (which is to say, the MIME built by hotmail is easily recognizable as such, the MIME built by Exchange is, as are each of the Mac's Mime builders.

X-mailer, document properties, message id headers (UTC time @ generating host was a common method for a while) are all great ways to "point back" to someone else.

Turning an IP address (like x-originating-ip) into an actual user is a lot more work, and won't work right behind NAT in many cases. Document properties, on the other hand, trip people up, as do mailer headers.

WeaselFire
09-07-2012, 03:35 PM
Don't use a fake Gmail account, those suckers are impossible to trace, even with a warrant. Have them set up an account with their broadband provider and be using a business-class account, which gives them multiple email accounts and fixed IP addresses. A connection to the broadband router by the IP address (All have default management accounts that are easy to find) will allow you access to the account info, with the address.

Or have them ask Jack Bauer's people for the address, along with infrared satellite imagery on his iPhone. :)

Jeff

RandomJerk
09-07-2012, 07:45 PM
The problem with this is that no one with half a brain creating a fake Gmail account would associate their real email with it.

Someone not tech savvy could BCC a copy to their real e-mail address, something to gloat over in the future. Meanwhile, person B would know that the BCC info still remains in the header.

xC0000005
09-07-2012, 08:22 PM
Someone not tech savvy could BCC a copy to their real e-mail address, something to gloat over in the future. Meanwhile, person B would know that the BCC info still remains in the header.

BCC is an envelope or "transport" property, available to the transferring MTA. So for SMTP, to "bcc" someone, you have an RCPT TO set to the bcc'd user, with the 822 content not containing the user.

Mac H.
09-08-2012, 10:37 AM
Don't use a fake Gmail account, those suckers are impossible to trace, even with a warrant.No . That is incorrect. GMail do hide the IP address from the recipient but they still obey the law.

If served with a warrant then they do comply with it - and hand over all details. Including the IP address, other terms googled during the session, etc.

There have been recent examples where people have believed that 'Gmail is impossible to trace' and failed badly because of it.

One obvious example is here:


The note read: "Powerful new technology plastic explosives are located inside the small black combination case delivered to you. The case is booby trapped. It can ONLY be opened safely, if you follow the instructions and comply with its terms and conditions."

It said not to contact authorities, and provided a Gmail address. "You will be provided with detailed Remittance Instructions to transfer a Defined Sum once you acknowledge and confirm receipt of this message."

Police linked the account to Chicago airport and identified Paul Douglas Peters as having been there.

They examined computers that has accessed that account, and used CCTV to identify a vehicle that led them to Kentucky. Peters flew to the US five days after Madeleine's ordeal began. The account had reportedly been accessed on NSW's central coast, presumably at the Kincumber Library, where police seized a computer during an intense two-week investigation.

Read more: http://www.smh.com.au/national/man-charged-after-gmail-account-led-kidnap-police-to-kentucky-20110816-1iwes.html#ixzz25rDH5615Basically once he had listed the email address in the threat and then checked the email address from somewhere covered with a security camera it was all over.

A warrant on Google gave the IP address. A warrant on the Service Provider proved that the IP address belonged to the airport.
A call to the airport (possibly involving a warrant) gave the logs to show which computer it was.
A review of security camera footage showed who it was, and splicing together security footage led to the number plate of the vehicle he used. That led to his identity.

(There is more detail in the extradition request, which is public information)

The good news is that he was caught because he believed your myth .. so maybe we should keep perpetuating it.

Mac

Mac H.
09-08-2012, 10:46 AM
BTW - There is a simple way if they use Hotmail instead of GMail.

If 'Person A' is really in contact with 'Person B' under their real identity then the IP addresses may well the same between their 'real' communications and the fake one.

It isn't 100% proof - but if the IP addresses match up then it's a pretty easy conclusion to make.

Mac