2

With respect to "interactive" attacks by individuals, wherein an attacker gains access to a remote system and an IP address is necessarily exposed to the target system, is it at reasonable to pursue the attacker by contacting the IP-owner's ISP?

Should I feel significantly impeded in my pursuit by the possibilities that ...

  • It may be less expensive to perform damage control and try to plug the hole.
  • The attack probably comes from a country that wouldn't cooperate with an investigation.
  • Attack proxies simply that bulletproof!
  • Attackers tend to avoid attacking from home.

Is there a damage/cost threshold that would make pursuit worthwhile?

Is there a relatively standard or productive manner in which companies (or individuals) deal with attacks on a legal level?

svidgen
  • 711
  • 5
  • 13
  • 1
    All of the above? Each attack will have their unique situation. – schroeder Feb 09 '16 at 20:39
  • @schroeder So, would refining this in terms of the last question be more answerable? ... I.e., when you *do* notice an attack attempt and are able to determine an IP, is it worth anyone's while to contact the ISP? And/or, is there some cost threshold it would have to pass to be worth my while? – svidgen Feb 09 '16 at 20:41
  • yes, a focus on the last question would make this a much better question (and answerable) – schroeder Feb 09 '16 at 20:44
  • See http://security.stackexchange.com/questions/35738/how-can-i-punish-a-hacker for some interesting perspectives on sort of question. – mti2935 Feb 09 '16 at 21:42

2 Answers2

1

is it at reasonable to pursue the attacker by contacting the IP-owner's ISP?

Most likely not. Any moderately skilled attacker would simply steal someone else's wifi or use a proxy. You can then contact that proxy's ISP which is probably located somewhere in Togo and you will never get a reply. If the attacker sets up servers for backdoors and alike, they will be either temporarily or also hosted abroad.

Is there a damage/cost threshold that would make pursuit worthwhile?

Yes but that threshold is really high. Even when the damage is staggering, pursuing someone over the internet is neither really effective nor is there any hope to get for example stolen assets back. One big reason why cybercrime is so profit-yielding is the fact that it's hard to track down the attackers.

If the source of the attack is from another country (Russia, China), you have absolutely no chance to catch the attacker. Of course, the same applies many other countries.

Is there a relatively standard or productive manner in which companies (or individuals) deal with attacks on a legal level?

Yes, at least in Germany. This is highly depending on the respective national framework of course. Here, critical infrastructures have a central office to report cyber crimes to and get external help, but pursuing the attacker is usually beyond the scope of the investigation. Companies even have to report certain attacks to the police.

As a private individual however, you will most likely only be able to complain to the police. And the police is completely incompetent in that regard.

Almost all methods against cybercriminals are mitigation and prevention, since tracking someone down who attacked from abroad is borderline impossible.

AdHominem
  • 3,006
  • 1
  • 16
  • 26
0

It depends on the situation really. If you're in a company holding sensitive user-information for example, yes, contacting law-enforcement ain't a bad idea and is actually often also required by law. However, if your small blog was attacked you should make out yourself if the hassle of an investigation or even court is worth it if nothing was at risk. But this is actually opinion-based.

Besides collecting and logging evidence, trying to fix the hole or go offline for a while, and contacting law-enforcement, there is nothing more you can do yourself. But note: That in some countries and specific cases you're required to follow a specific procedure to correspond yourself to your customers and other governmental institutions.

And like you stated yourself. Indeed low chance they'll find the hacker, or even try to find him if he used decent anonymity-tools the right way.

O'Niel
  • 2,740
  • 3
  • 17
  • 28