TechPublishing Now MS Certified

TechPublishing Now MS Certified
Professor Robert McMillen, MBA Microsoft Certified Trainer and Solutions Expert

Saturday, April 7, 2012

Caught by the Internet’s Fingerprints

Caught by the Internet’s Fingerprints

By Robert McMillen, Koin’s Tech Guru

Q- “Why do some people get caught while others get away with internet crime?”

Sarah L.
Portland

A- Every website you go to, and every item you post, is traceable. That now includes tweets and text messages. I remember the first tweet I sent through Twitter many months ago, and I was surprised to see it online a few weeks later. At the time I didn’t realize that I could make it private. That doesn’t mean the message is gone if someone like the police want it bad enough. (Unless of course you have a Sidekick phone. Ha! Sorry about that.)

I will not only explain how the average internet user leaves fingerprints, I’m also going to show you how a hacker does it so he won’t get caught.

When surfing the internet, the website host keeps track of every IP address that has visited their site for however long they feel they should keep the log files. Some, like WebMD, don’t track it at all because of confidentiality rules. Others, like the NSA and CIA, may keep them forever. The IP address can be easily tracked by being turned over to the police, and then the address can be matched up when the police give the internet service provider a court order to tell them who owned that IP address on that date. Then they come knocking on the bad guy’s door.

They don’t do all this for just any type of web browsing, however. They mostly do it for people who threaten harm to others, solicit something illegally, or attempt to load an illegal program like a virus onto your computer.  I have been involved in many types of these cases where they need an expert to gain access to the perpetrator’s information to build a case against them.

Your employer (or your parents) can find out about your web surfing habits by viewing the local web cache on your hard drive. Your computer keeps a list of cookies and photos on your computer for around 30 days to make it faster to visit the same sites in the future. The number of days can be changed, and you can even manually erase this information and delete it from your recycle bin. Some companies even make cache cleaners that get rid of the evidence of your surfing habits. But if the employer also caches that information on the firewall or proxy server, then deleting it off your computer won’t make any difference. I not only have helped many employers set this up, but it’s also how I track my children’s surfing habits- along with a good parental filter.

Even if the people under your administration don’t surf to places they shouldn’t because of a filter, you should also be able to check where they attempted to surf. This gives you an idea if the filter is working properly.

Many of you may have seen the movie about the Seattle riots in 1999. The group of anarchists didn’t just wander from street to street, they used technology like text messaging and cell phone calls to avoid getting arrested, and it allowed them to cause more mayhem. I managed a Seattle office from here in Portland at that time, and I was scared to death for my Seattle staff’s safety. At one point, we told our staff to not leave the building. Fortunately our people were all okay, but I wish I was on the jury to convict all of the anarchists who broke the law. A cold, damp dungeon would be all they would ever see again.

Most internet lawbreakers are not all that tough to catch. They may be good at breaking the law, but they are not good at covering it up. For instance, all text messages are stored and are easy to bring back to court. All internet postings are the same way. Email gets backed up by both the sender’s mail servers and the receiver’s.  The NSA also has an in to the major email carriers and they intercept and store email based on certain keywords in their massive database, along with the IP addresses.

If you go to the library or internet café to do something illegal on a computer thinking you’ll be safe from prosecution, then you would also be wrong most of the time. You can be caught by surveillance cameras that match up to the time of the posting, as well as by the hardware address of your computer. Let’s say you go to a wireless internet access café. Most only take credit cards, but you find one where you can pay cash. The firewall that passes your traffic onto the internet can cache your hardware MAC address. This is a hard coded address that is special to your computer and can be traced back to the place you bought it from. They look you up by your receipt and now you’re caught.

If you find an internet café that accepts cash, has no video cameras, and doesn’t cache MAC addresses, then you’ve found the perfect place to be a criminal. Of course you shouldn’t draw attention to yourself by talking to anyone, and you should wear a fake nose, beard, gloves and makeup. And you shouldn’t ever visit the same place twice. You should also have a MAC address spoofing program to be safe. If you can pull all that off, then good luck.

Another way bad guys try to hide their tracks is by War Driving. This is where you search a neighborhood with a wireless scanner. Once you find an open access point, you connect to it. You can even hack one that is secure if it uses one of the old technologies like WEP where the password and wireless keys never change. Then the police come after the person with the wireless access point rather than the perpetrator. So, if you don’t want to have police come knocking on your door, then be sure to secure your wireless with WPA2 AEP security. If you don’t know how to do this then hire a professional or turn it off.

Hackers use compromised routers they can bounce off of to do their dirty work as well. They may hack an easy to guess password on a server and use it to bounce through several other servers and then attempt to break in to a place, like a financial institution, where they can actually get a payoff. Doctors offices are starting to become an easy target because they rarely secure anything from the outside and they have confidential patient information along with credit card numbers. I have secured many of them, and despite laws like HIPAA and the Oregon Privacy Act, they rarely do anything right without professional help. In my experience most physicians hate computers and security, and if you don’t believe me then next time you see your doctor ask if they know how to log into anything other than a golf website.

Virus and other Malware writers get caught a lot because even though they do know how to write a good piece of Malware, they love to brag about it so much they eventually get turned in. They also don’t know how to cover their tracks as well because that’s not what they’re good at. The exceptions to this are hackers in Asia. When you have state sponsored hacking and virus writing, (where most of the world’s Malware comes from) then who will we arrest? I find it easier to just block any inbound access from the entire continent, and only open it back up when there is a business case to do so. When they learn how to play by the rules, then we can treat them like responsible world citizens. I won’t hold my breath.

So how do you not get caught? Don’t break the rules. It works every time.

To buy my latest book “How to be an IT Administrator,” go to http://howtobeanitadministrator.com/ 

For more great tips, check back here each week and listen to me on the All Tech Radio show at 9:00 Sunday mornings on AM 1360 KUIK and at 10:00 AM on KOL in Seattle, or listen online at http://alltechradio.com./

If you would like your technical question answered here, just email rmcmillen@koin.com. Even if it doesn’t get answered in the column, I will always answer by email.

Published Wednesday, October 28, 2009 10:06 PM by Devereux