nanog mailing list archives
Re: How to catch a cracker in the US?
From: Mark Seiden <mis () seiden com>
Date: Wed, 12 Mar 2014 14:38:39 -0400
On Mar 12, 2014, at 9:56 AM, William Herrin <bill () herrin us> wrote:
On Tue, Mar 11, 2014 at 3:00 AM, Markus <universe () truemetal org> wrote:I'm an ISP in Germany and a cracker (not a hacker :) ) has targeted a customers of mine in the last days. The cracker was successful and caused financial damage / was successful with data theft. I set a trap and finally caught his real IP address - a Comcast user in the US (100% not a proxy or bot). What would be the next steps to pursuit him? If I contact local authorities here in Germany I'm afraid months will pass by and Comcast will have possible already deleted their logs by then (?). Any advice?Hi Markus, A couple of suggestions: 1. Ask Comcast to preserve the records associated with the IP addresses and timeframe in which the problem occurred. They can't give them to you absent a valid US subpoena but they can save them from automatic deletion while you work on that. 2. Be specific about the problem. Be liberal with the shared details! Comcast can be your partner in this endeavor. If you treat them as your enemy by being cagey, they may behave as your enemy by doing the minimum required by law. Which turns out to be not much. 3. Once you have done these things, then go to the police. Share information about your specific contact with Comcast with the police and share your specific police contact with Comcast. This will start them talking, which is half the battle in getting the police to investigate a computer crime. Who knows, U.S. authorities may already be investigating the same user which would make your job so much easier.
how long ago did this happen? they preserve subscriber information forever, and dhcp logs for quite a long time. the police = your local federal police. there is an mlat between .de and .us which means the us police has to cooperate and pursue german cases and vice versa. yes, it takes longer. there is also a hotline system where the .de police can request records preservation by US entities with the promise that an mlat request is forthcoming.
Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Re: How to catch a cracker in the US?, (continued)
- Re: How to catch a cracker in the US? Jay Hennigan (Mar 16)
- Re: How to catch a cracker in the US? Doug Barton (Mar 16)
- Message not available
- Re: How to catch a cracker in the US? Larry Sheldon (Mar 13)
- Re: How to catch a cracker in the US? shawn wilson (Mar 13)
- Re: How to catch a cracker in the US? Tei (Mar 14)
- Re: How to catch a cracker in the US? Sholes, Joshua (Mar 17)
- Re: How to catch a cracker in the US? shawn wilson (Mar 17)
- Message not available
- Re: How to catch a cracker in the US? Larry Sheldon (Mar 17)
- Re: How to catch a cracker in the US? Tei (Mar 12)
- Re: How to catch a cracker in the US? Mark Seiden (Mar 12)