Unlikely suspects.. A businessman, with no programming skills, and an ITE student who actually supposedly wrote his FULL name on the
hacked website, and James Raj Arokiasamy, who is a drug addict.
These are the LEAST likely people to be hackers!
One word: Scapegoats
IT forensic can pick up all
traces and do hop-by-hop tracing to the source address that attack the
websites.
To elaborate, a hacker in
order to access the Internet will need to establish connectivity with the ISPs
or Telcos as a registered Internet user.
For eg. At home the hacker
need to login into his ADSL modem via his phone line to access the Internet.
His userid, phone no. will be logged by the ISP or Telco he registered with.
If a hacker use his tablets,
phablets or smartphone, he will still need to access his Telco – through his device number, imei no., mac address, public IP
address when he access using his voice plan and data plan just like desktop
users.
Upon successful
authenication, ISP or Telco will issue him a unique IP address that will tie to
his mac address of his machine. His access, will be logged, time-stamp and all
his credential that will identify him – will be recorded in the log during access – including all the website he visit.
There are many mechanism to
track all his access information and his surfing activities such as using web
proxy, IPS/IDS, firewall log, dhcp log, server access log, event log, security log, syslog etc managed by Central Loggers.
Security Incident Management
System will have pick up the intrusion.
Thus forensic IT team can
trace all these logs and identify the hackers beyond reasonable doubts.If the forensic IT team can catch hold of the hackers’ notebook or end devices, they can easily pick up his access path – because there are many traces left behind in the Operating System that will reveal what he did.
There are so many logs – like event logs, system logs, security log etc & folders
such as temporary folders, internet folders etc.
Even if these files or
folders are erased or deleted or clear – there are tools that will bring back all the files. The
deletion are not permanent as many people think they are. Thus trace cannot be
removed as long as the hackers did something funny.
Of course there will be professional hackers that will hide
their identity using VPN, NAT, PAT, Proxy, man-in-the-middle attack by IP
spoofing etc – but there
are still ways to track them but require more efforts, more cooperation and
more time. (can write a few pages on these)
No comments:
Post a Comment