Home page logo

nanog logo nanog mailing list archives

Re: How to catch a cracker in the US?
From: William Herrin <bill () herrin us>
Date: Wed, 12 Mar 2014 09:56:49 -0400

On Tue, Mar 11, 2014 at 3:00 AM, Markus <universe () truemetal org> wrote:
I'm an ISP in Germany and a cracker (not a hacker :) ) has targeted a
customers of mine in the last days. The cracker was successful and caused
financial damage / was successful with data theft. I set a trap and finally
caught his real IP address - a Comcast user in the US (100% not a proxy or
bot). What would be the next steps to pursuit him? If I contact local
authorities here in Germany I'm afraid months will pass by and Comcast will
have possible already deleted their logs by then (?). Any advice?

Hi Markus,

A couple of suggestions:

1. Ask Comcast to preserve the records associated with the IP
addresses and timeframe in which the problem occurred. They can't give
them to you absent a valid US subpoena but they can save them from
automatic deletion while you work on that.

2. Be specific about the problem. Be liberal with the shared details!
Comcast can be your partner in this endeavor. If you treat them as
your enemy by being cagey, they may behave as your enemy by doing the
minimum required by law. Which turns out to be not much.

3. Once you have done these things, then go to the police. Share
information about your specific contact with Comcast with the police
and share your specific police contact with Comcast. This will start
them talking, which is half the battle in getting the police to
investigate a computer crime. Who knows, U.S. authorities may already
be investigating the same user which would make your job so much

Bill Herrin

William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]