Intelligence Gathering & Prosecuting Hackers

[SparTacux]

I've seen quite a bit of advice given here about cracked systems is to do a re-install and start over. There's plenty of info on how to secure your system. But what about actually locating the hackers, tracing them and seeing what legal actions you can take.

I was wondering if the guys who work in computer security have successfully managed to identify someone or catch them in the act with a view to possibly prosecuting them.

The internet seems to be like the Wild West with little in the way of deterrents. Law and Order only works if there is a punishment as a deterrent. Anybody done any work on honeypots, setting traps and generally observing hackers in action? What action did you take against them ( if any ) - obviously there are International borders and different rules of law to consider.

What steps can you take in this direction?

[Thewhistlingwind]

1. Prosecuting CRACKERS. The hackers did nothing. (Usually)

2. Unless your really interested in tracing a rooted box through a VPN through a second VPN through a second rooted box through several more chains of rooted machines and VPN's back to the originator of the attack, who lives in an obscure country with no extradition laws.

Don't bother.

[Dangertux]

1. Prosecuting CRACKERS. The hackers did nothing. (Usually)

2. Unless your really interested in tracing a rooted box through a VPN through a second VPN through a second rooted box through several more chains of rooted machines and VPN's back to the originator of the attack, who lives in an obscure country with no extradition laws.

Don't bother.

+1

There is little to no point. Unless the cracker (again not hacker) did something REALLY REALLY bad, like I don't know obtain documents pertinent to national security. Attempting to track them would be rather pointless.

If anything you analyze logs and dumps to determine the way the system was exploited so you can make sure it doesn't happen again, not so much for the purpose of tracking and prosecuting the attacker.

[haqking]

I have never been traced once (i jest)

+1 to above.

Little or no point and mostly what you would find are false positives.

You will get as much co-operation from any law and enforcement agency as you would in them hunting for girls phone number you lost on a napkin in the local bar.

Peace

[OpSecShellshock]

There really is just no point. The best thing to do is just make sure that whatever the attacks are, they won't work. People have enough trouble with that as it is. And really, suppose one of them does get prosecuted. What about the next couple thousand? Closing off the vulnerabilities does more than putting one or two guys in prison.

There are other things to consider. Law enforcement has a different purpose and different set of incentives than information security has. It makes perfect sense for law enforcement investigators to allow known bad activity to continue until such time as they have sufficient evidence for extradition and/or prosecution. From an information security perspective, what you want is for the bad activity to not work and/or to cease as quickly as possible whether the parties engaging in it go to prison or not. In the end, you're never going to stop the problem completely by applying punishment to bad actors--it's simply too easy to pull off attacks and there are just too many people doing it. The budget that would be needed to effectively implement prosecution as a deterrent can't exist in a stable and sustainable economy (not to mention the high cost to lawful expression!).

The "wild west" type of environment might make the web scary, but it's also what has made it great. By applying an understanding of most attackers' motivations (hint: it's money), you can predict a lot of their moves and protect yourself from them, which in turn increases their costs while reducing their returns. And that's what we have to do if we want to preserve the greatness while reducing the danger.

[SparTacux]

You will get as much co-operation from any law and enforcement agency as you would in them hunting for girls phone number you lost on a napkin in the local bar.

Peace

LOL - that bad .

That would probably explain the reason for $billions lost to cyber crime.

It's just too easy to be a criminal on the internet.
Theft by stealth - no risk to injury - little chance of getting caught.

I personally can't see that remaining the status quo ( just my opinion )
The powers that be won't let it happen - I'd say expect even less privacy.

[Thewhistlingwind]

I personally can't see that remaining the status quo ( just my opinion )
The powers that be won't let it happen - I'd say expect even less privacy.

Do I need to repeat my paragraph about rooted boxes and VPN's?

The problem isn't anonymity. The problem is that (At least) 90% of users on the Internet aren't qualified (In the pure skills sense.) to operate a computer in a networked environment.

That, and most systems come configured in a state that can only be described as "open for the taking" because locking it up by default would cause outrage.

[OpSecShellshock]

Unfortunately, you're probably right about where it's headed. It's a pity, though, because none of the privacy-compromising solutions is actually going to effectively reduce the criminal activity.

Secure development, least privilege, whitelisting, end-to-end encryption--these are the things that will reduce risks the most. Oh also judicious release of information into the world. Problem is that all of those things come at a high up-front cost to those who would need to implement them at a given layer so nobody wants to do it.

[SparTacux]

I take it Law Enforcement on the internet is virtually useless. The cost would be too high. Your expert cyber crimes division is too costly to run due to the high salary cost of experienced computer professionals, etc. These guys are only going to get involved if something really big is happening.

So - It's pretty much look after yourself from a users point of view.

It'd be nice to see more effective counter measures given to users for self defence such as boobytrapped documents, pdf.s that 'phone home' if stolen. I've heard about this sort of thing being applied to hardware such as stolen laptops phoning home and taking photo's of the culprits. One or two convictions have been successfully made using this sort of technique.

[haqking]

I take it Law Enforcement on the internet is virtually useless. The cost would be too high. Your expert cyber crimes division is too costly to run due to the high salary cost of experienced computer professionals, etc. These guys are only going to get involved if something really big is happening.

So - It's pretty much look after yourself from a users point of view.

It'd be nice to see more effective counter measures given to users for self defence such as boobytrapped documents, pdf.s that 'phone home' if stolen. I've heard about this sort of thing being applied to hardware such as stolen laptops phoning home and taking photo's of the culprits. One or two convictions have been successfully made using this sort of technique.

There are tons of cyber crime divisions, and crackers get caught and prosecuted all the time.

Other things you refer to come under entrapment. actully i re-read your post and they dont

Crime has always been around everywhere and always will, the internet and computers are just another tool in the criminals arsenal.