Home / Blogs

How to Track Online Malevolent Identities in the Act

Want to be a cybersleuth and track down hackers?

It may sound ambitious considering that malevolent entities are extremely clever, and tracing them requires certain skills that may not be easy to build for the typical computer user.

But then again, the best defense is offense. And learning the basics of sniffing out cybercriminals may not only be necessary nowadays, it has become essential for survival on the Web. So where can you begin?

Place Honeypots

Hackers take great care to cover their tracks. So, it’s important to catch them with their hand in the cookie jar. You can do so by setting up a bait—called a honeypot—to lure them out. It can take the form of a spammable domain or an easily hackable virtual machine which can appear as legitimate targets.

Once attacked, honeypots help you observe what intruders do to the system, know the tricks that they employ to infect devices, and subsequently find ways to counter them. Such forensic evidence enables law enforcers to track unsolicited access and then locate and catch perpetrators.

Reverse-Engineering Malware

Let’s say that despite all the precautions, malware still succeeded in infiltrating your company’s system. Instead of losing sleep, you can use the infection to understand how the malicious program operates and what it’s been engineered to do, such as what vulnerabilities it’s been designed to exploit.

This process is called reverse engineering. It involves disassembling the program to be able to analyze and retrieve valuable information on how it is used or when it was created. It is extremely helpful in finding substantial evidence such as encryption keys or other digital footprints that can lead investigators to the cybercriminals.

Leverage WHOIS Information

When a complaint is received over a dangerous website, the first step in the investigation is to identify the operator of the suspect domain.

This can be done by querying the domain name registry where the site has been registered. A whois database download service, for example, enables users to retrieve the WHOIS data that contains the name, location, and contact details of domain registrants. With this information in hand, security teams can report the matter to law enforcement agents who can then track down malicious operators and apprehend them on the spot.

Inspect Files’ Metadata

Once in possession of files and devices from a suspicious entity, you can analyze the evidence that is saved in them and discover crucial details that can be followed back to the source.

Word, Excel, or PowerPoint files, for example, contain relevant information, called metadata, that can blow a hacker’s cover. They include the name of the person that created the file, the organization, the computer, and the local hard drive or network server where the document was saved.

It is also important to analyze the grammar used in comments that are embedded in the software code. Socio-cultural references, nicknames, language, and even the use of emojis—all can reveal clues on the nationalities of the criminals or their geographical location.

Go On with Tracerouting

One of the best ways to catch perpetrators is by identifying their IP addresses. However, they usually hide these IPs by spoofing or by bouncing communications from different locations. Luckily, no matter how shrewd and clever these individuals may be, malicious addresses can still be identified through an approach called tracerouting.

The technique works by showing the hostnames of all the devices within the range of your computer and a target machine. More often than not, the last machine’s hostname address belongs to the hacker’s Internet Service Provider. With the ISP known, investigators can then pinpoint the geographical location and the areas where the culprit is probably situated.

* * *

Every time you venture online, you’re exposed to malevolent entities that can harm your system and disrupt business operations. Knowing how to trace the source of an attack can stop it in its tracks and prevent the intervention from happening again.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Jonathan Zhang, Founder and CEO of WhoisXMLAPI & ThreatIntelligencePlatform.com

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix