[thedoc (OP)]

Do hackers leave a trail?
Asked by Mark, Bletchley


                                        Visit the webpage for the podcast in which this question is answered.

 

[thedoc (OP)]

We answered this question on the show...



 Steven -   It’s very hard not to leave a trail with your breaking into a computer system.  Some hackers will try to cover up what there is, but there’ll generally be something left over.
Ross -   Well, even although there's a trail, the problem is doing anything about it and the root problem in the UK is that back in 2005, the home office agreed that frauds should in future be reported not to the police, but to the banks.  This had the effect of reducing the fraud figures to near zero.  It also had the effects of removing the police incentives to look into the problem.
Chris -  Indeed.  Oh, dear!  That’s an important aspect in terms of who actually claims the credit for discovering this. 

[Schema]

It depends on the quality of the hacker. Every thing you do leaves a trail; a log. But that trail doesn't have to point to you. I suppose a knowledgeable hacker would first hack into someone else's router before attempting to do anything stupid.  The best foolproof method to hacking is using a disposable, sanitized laptop from a wifi hotspot.

[JSparkle]

Agree - everything leaves a trail of some sort - most hackers get caught eventually so I guess there must be a trail for the authorities to follow.

[yor_on]

It depends.

You can either do it Chema's way, in which case the electronic trail itself shouldn't matter, although the expertise shown, as what methodology used, as well as the geographic end-location will. Or you can do it through intermediaries, as some network of computers when it comes to bombing some poor private server. Then you also can use jumping between computers, and creating false IP addresses, dump the log before leaving or just change it. And there are other ways too I'm sure. But except for the first, I think all should be track-able to some origin, as long as there is something to follow, and those nodes involved/used agree to let you see their logs. The last can be a big problem if the cracker went all over the globe before arriving to your server.

And naturally you can combine those two. But the most used and simplest approach seems to 'social engineering', in where you fool someone to give a legitimate password into the system.