Course of action against a hacker - Please advise

[Restecpa]

There is a person at our forum that keeps hacking accounts of people that he has an argument with. He usually first hacks their yahoo / msn account, following with their forum account. The forum is up to date, and so is the server. AFAIK he does it by exploiting the "buffer overrun" security hole in Windows and planting keyloggers by binding them into JPGs. He might be using other means as well...

Today he managed to hack one of our supermods account and physically deleted almost a month worth of threads. Since it's a busy forum (stats after the hacking (cca): Threads: 23,000, Posts: 290,000, Members: 14,000), the number of deleted posts and threads is far from low.

I would like to take legal action against this person. The problem is, he is considerably web savvy and is using web proxies to access the forum. Nonetheless.... Let's say I somehow get to his IP. What would the suggested course of action after that be? I want him to pay for this and I want to make an example out of him :ballchain: .

I am very upset :frusty: and I would like to thank you for the help you might be able to provide.

 

[Blarian]

I'm not a lawyer, but what I would do is consult with a lawyer and figure out what we need to do (maybe file suit) to be able to get a subpeona to find out who is behind that IP address. I doubt you'll be able to figure out who it is on your own, and ISPs would probably not just give out that kind of information short of a subpeona.

 

[labrocca]

Contact FBI asap.

 

[GT Web]

Would the FBI actually do something about this? I just can't imagine them helping a forum owner in a situation like this...

 

[acronym007]

This guy is awesome I love hackers, best thing you could do is make freinds with him. Something must not be up to date or he would not be able to hack in. The FBI might not get involved in forum if it makes no money, if it's a hobby, however if you are loosing money becasue of his actions I would say yes contact them as it is akin to stealing and there are federal laws, cyber laws. He's the question, if you can't catch him how do you know it's him? I would be careful not to blame anyone as he could be using a hijacked account if he is really smart, also many false IP's which in our world equates to fake ID's. So, be careful in accusing someone, it could be a non-member of your forum and this person is enjoying the show so he claims some credit. Harckers are best when no one knows they were there or who they are. Cheers,

 

[Restecpa]

This guy is awesome I love hackers, best thing you could do is make freinds with him. Something must not be up to date or he would not be able to hack in. The FBI might not get involved in forum if it makes no money, if it's a hobby, however if you are loosing money becasue of his actions I would say yes contact them as it is akin to stealing and there are federal laws, cyber laws. He's the question, if you can't catch him how do you know it's him? I would be careful not to blame anyone as he could be using a hijacked account if he is really smart, also many false IP's which in our world equates to fake ID's. So, be careful in accusing someone, it could be a non-member of your forum and this person is enjoying the show so he claims some credit. Harckers are best when no one knows they were there or who they are. Cheers,

He's been in contact with me through MSN, and he's actually boasting around telling everybody about it. He even made a public threat on the forum prior to it, directly saying that he will do it (hack our supermod) and a few hours from then... a few thousand (just an estimate) of posts gone. Furthermore, he has a history of hacking our members' MSN accounts for some time now. He was even banned before, for hacking MSN accounts, but just came back under a new name.

Also, I'm pretty sure he's a minor... He claims to be one and he acts like one as well. He's quite possibly from western Europe.

Contact FBI asap.

Will they care though? As GT Web said, it's highly unlikely IMO. I guess that with all the terrorism and other real-world threats, they probably won't lose much sleep over it :greenno: (??)

I'm not a lawyer, but what I would do is consult with a lawyer and figure out what we need to do (maybe file suit) to be able to get a subpeona to find out who is behind that IP address. I doubt you'll be able to figure out who it is on your own, and ISPs would probably not just give out that kind of information short of a subpeona.

That's what I was thinking too. I just wanted to consult other webmasters first in case there's somebody already with such or similar an experience here, and to see what the rest of you would do. Thanks for the feed!

Something must not be up to date or he would not be able to hack in.

He usually gets in by planting an "undetectable" keylogger, either by binding it into a picture or using other means. He didn't hack the forum account directly, but MSN Messenger (and Yahoo messenger) account and got to the forum password through that. That's how he's been doing it so far...

 

[pam]

Uhh, why don't you talk to your host about putting you on a secure server? If he can exploit you with a buffer overflow, then gee, why not patch the issue? Ask your host to check Apache logs to see exactly what he is doing, then fix it. If your host won't fix it, change hosts.

As far as the FBI, they only go after hackers who cause a minimum of $5k in damage from what I was told. If you can prove you lost at least five thousand dollars in revenue, then you should talk to them.

If he's using an open proxy, you won't know his real IP.

If he's planting a keylogger, then he's uploading images to your site? Disable the ability to upload images to solve that.

 

[Restecpa]

Uhh, why don't you talk to your host about putting you on a secure server? If he can exploit you with a buffer overflow, then gee, why not patch the issue? Ask your host to check Apache logs to see exactly what he is doing, then fix it. If your host won't fix it, change hosts.

OMG... does anybody here actually read the first post? I appreciate your help, but as I said - it's not my server that gets hacked... it's our members and their PCs. He causes us problems by hacking our members (and recently our supermod) and abusing their accounts...

Come on people, please read the first post BEFORE replying. Other than that, thank you for your input.

 

[nickb]

He usually gets in by planting an "undetectable" keylogger, either by binding it into a picture or using other means. He didn't hack the forum account directly, but MSN Messenger (and Yahoo messenger) account and got to the forum password through that. That's how he's been doing it so far...

What gives you the impression he uses this method? and also how does he end up with your other members msn addresses?

just trying to build up a full picture.

 

[pam]

OMG... does anybody here actually read the first post? I appreciate your help, but as I said - it's not my server that gets hacked... it's our members and their PCs. He causes us problems by hacking our members (and recently our supermod) and abusing their accounts...

Come on people, please read the first post BEFORE replying. Other than that, thank you for your input.

Uh, do you read what you write?

By your own words,

There is a person at our forum that keeps hacking accounts of people that he has an argument with. He usually first hacks their yahoo / msn account, following with their forum account.

You said he hacks their forum account. If that's not your server being compromised I don't know what is.

 

[nickb]

You said he hacks their forum account. If that's not your server being compromised I don't know what is.

i dont think this part involves any hacking being done (server attacks at least). once he has access to their email addresses he can just use the 'forgotten email' form to gain access to their forum accounts

 

[POLiSH]

Would the FBI actually do something about this? I just can't imagine them helping a forum owner in a situation like this...

FYI TO ALL. There are agencys out there that can help you with hackers:

Internet Crime Complaint Center
The Internet Crime Complaint Center (IC3) was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate. The IC3 was intended, and continues to emphasize, serving the broader law enforcement community to include federal, as well as state, local, and international agencies, which are combating Internet crime and, in many cases, participating in Cyber Crime Task Forces.

Since its inception, the IC3 has received complaints crossing the spectrum of cyber crime matters, to include online fraud in its many forms including Intellectual Property Rights (IPR) matters, Computer Intrusions (hacking), Economic Espionage (Theft of Trade Secrets), Online Extortion, International Money Laundering, Identity Theft, and a growing list of Internet facilitated crimes. Since June 2000, it has become increasingly evident that, regardless of the label placed on a cyber crime matter, the potential for it to overlap with another referred matter is substantial. Therefore, the IC3, formerly known as the Internet Fraud Complaint Center (IFCC), was renamed in October 2003 to better reflect the broad character of such matters having an Internet, or cyber, nexus referred to the IC3, and to minimize the need for one to distinguish "Internet Fraud" from other potentially overlapping cyber crimes.

IC3 Mission Statement
IC3's mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. For law enforcement and regulatory agencies at the federal, state, local, and international level, IC3 provides a central referral mechanism for complaints involving Internet related crimes.

Significant and supplemental to partnering with law enforcement and regulatory agencies, it will remain a priority objective of the IC3 to establish effective alliances with industry. Such alliances will enable the IC3 to leverage both intelligence and subject matter expert resources, pivotal in identifying and in crafting an aggressive, proactive approach to combating cyber crime.

IC3 accepts online Internet crime complaints from either the person who believes they were defrauded or from a third party to the complainant. We can best process your complaint if we receive accurate and complete information from you. Therefore, we request that you provide the following information when filing a complaint:
Your name
Your mailing address
Your telephone number
The name, address, telephone number, and Web address, if available, of the individual or organization you believe defrauded you.
Specific details on how, why, and when you believe you were defrauded.
Any other relevant information you believe is necessary to support your complaint.

File a Complaint
FAQ

 

[Restecpa]

What gives you the impression he uses this method? and also how does he end up with your other members msn addresses?

just trying to build up a full picture.

I gathered that from talking to him (he likes to somewhat brag), plus from discussing it with members that got "hacked". He gets their MSN addresses through forum (like we have ICQ here), so he just adds them to his contact list OR by getting it from somebody else (it's a "community", so most of the members "associate" by other means as well... MSN being the most popular).

Uh, do you read what you write?

By your own words,

There is a person at our forum that keeps hacking accounts of people that he has an argument with. He usually first hacks their yahoo / msn account, following with their forum account.

You said he hacks their forum account. If that's not your server being compromised I don't know what is.

My appologies then, I guess it came out wrong. What I meant to say was, he gains control of forum accounts through their msn accounts. They are usually connected... An even if they are not, once he plants a keylogger he can "key log" everything.

FYI TO ALL. There are agencys out there that can help you with hackers: ...

Thank you Polish!