Skip Links

To catch a hacker

Nutter's Help Desk By Ron Nutter, Network World
January 07, 2008 12:03 AM ET

Network World - I have been trying to catch a hacker for over a year. I need a trace program or any program that will stand up in court. Do you know where I could get this? I really need a free trial to see if I like the program before I buy it.
-- Molly

Before getting started on this, I would advise consulting an attorney who specializes in this type of situation to make sure that you aren't setting yourself to be sued for entrapment. Trying to catch a hacker may not be as simple as it seems. Another problem is that what we see in the U.S. as hacking isn't viewed the same in some countries in Europe and Asia.

Having said that, you will probably find that it may take more than one program to help catch a thief as they say. One tool that can be used to help start the information gathering process is a network protocol analyzer or sniffer. This allows you to watch what is going on and record the information to a file for later review/analysis. Using an analyzer and some type of Ethernet tap will allow you to watch what is going on without setting up something that could be a problem in court later on.

The next tool that you can look at using is called a honeypot. In this arena, there are both open source and commercial offerings. I would suspect that staying with the commercial offerings would probably fare better in court than the open-source offerings. How much will depend on the law enforcement folks, the attorneys and the judge you will be dealing with in the entire process.

Examples of the commercial honeypots are Specter and KFSensor. What a honeypot will do is to "emulate" a particular version of OS running a particular set of service(s) that may not may not be patched to a certain degree. When the hacker comes knocking at the door and starts plying his/her tools, the honeypot responds with responses based on what it has been told to do. All the time while it is doing this, it is recording the keystrokes being sent to it for later analysis.

Read more about security in Network World's Security section.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News