Witty hackers create junk pages on 3rd party sites

[freetraff]

I had an ask for help.

A person found that among other indexed pages Google indexed some junk (keyword stuffed pages that have no relation to the topic of the site).

We got inside his hosting. Wow. Someone broke into the hosting account and uploaded malicious software that create junk pages inside one folder of the site.

Surely we deleted the software and reported hosts about it.

But, do you think that it is possible to catch the hacker by hand. I mean they've been sending traffic to a specific site and I don't think hackers do it for free. So, we can nail those who paid them for traffic to disclose those who technically did it.

Do you think it's real?

[freetraff]

<bump> Any ideas?

[HostRail]

My company has come across fraud and hackers from time to time.
Its very hard to track someone down. And unless they have caused significant damage the authorities will not help. You can log a report but I'm not sure what they do with those. (probably nothing)

In our experiences the place to start is the IP address.
If you know where the attacks came from you can do a reverse DNS lookup and often times find the host or data center. now this is often not the hacker himself but at least you can try to shut down their access point. And the host can look more closely at their security settings.

One thing to note is that if any of these links contained child pornography it can get more attention from the authorities.

[Tech Manager]

Quote:

Originally Posted by freetraff

I had an ask for help.

A person found that among other indexed pages Google indexed some junk (keyword stuffed pages that have no relation to the topic of the site).

We got inside his hosting. Wow. Someone broke into the hosting account and uploaded malicious software that create junk pages inside one folder of the site.

Surely we deleted the software and reported hosts about it.

But, do you think that it is possible to catch the hacker by hand. I mean they've been sending traffic to a specific site and I don't think hackers do it for free. So, we can nail those who paid them for traffic to disclose those who technically did it.

Do you think it's real?

It is possible to catch a specific hacker. I've done it. However, it is extremely difficult to catch the more sophisticated hackers because many are relying on botnets and chained proxies to engage in the criminal behavior. Many of the botnets are themselves semi-controlled from other infected machines. Many of these infected machines are controlled through the use of chained-proxies. Many of these chained proxies traverse multiples countries and jurisdictions. Many of the countries and jurisdictions completely ignore foreign pleas for assistance. China, Russia, Korea, Ukraine, Iran, Syria, Palestinian Authority, Morocco and Nigeria are perfect examples.

I've had some luck dealing with Latvia and Brazil. But, even in North America it can be extremely difficult to deal with Hackers in the United States and Canada.

The FBI has some unwritten rules (based on communications I've had with agents) on what constitutes a case where they are willing to become involved. If you are a Fortune 500 company and have some documentation of an attack you won't have a problem. If you are a small company or a home user you are out of luck unless the attacks against you are linked to a larger criminal conspiracy.

Local law enforcement is a bit stymied because often they neither have the resources nor the expertise to handle your complaint. In many states it is difficult to get law enforcement actively involved in identity theft complaints. It is more difficult to get them involved in a hacking complaint because the crime is often vague and unclear.

Even politicians and elected representatives don't have a full understanding. Not to mention that most people with a strong technical background don't want to have non-techies make decisions related to technical matters they are not qualified to make as they don't understand the technology involved.

All in all, it is more expedient to practice safe computing, write secure code and develop a hacker-resistant or hacker-proof website than it is to get the legal community involved.