3

How can I report a hacker to the local authorities? I'm in the USA and someone from Norway hacked into my site and changed a lot of data on my site and my database. I'd like to report him if for nothing else to get something on his record so if he does this often he can get some fines or jail time.

His IP is xxx.xxx.xxx.xxx and his company is http://www.getinternet.no/web/

I've never cared to do anything about small hackers before, but this person did damage my site, data and business image. Please post any advice or recommendations. Thank you.

Tyler
  • 249
  • 1
  • 6
  • 12

5 Answers5

16

Making false accusations is also a serious matter. Not only is that company a broadband provider so likely to be a customer IP rather than employee, more than likely it is a compromised machine controlled by someone else based anywhere in the world. Have you made a complaint to abuse@get.no? The FBI have no jurisdiction outside of USA so even if you had any evidence whatsoever you wouldn't be likely to get very far unless it was a serious crime. You are better off putting your effort into fixing the vulnerabilities in your own site.

JamesRyan
  • 8,138
  • 2
  • 24
  • 36
  • 1
    @EK: "The FBI have no jurisdiction outside of USA" - what relevance is that? Tyler doen't give his/her location. No police organisation has international jurisdiction - but they will cooperate / refer issues. But agreed that it may well be a compromised system and that the first port of call would be the contact address published in 'whois' (None for this domain) – symcbean Jun 28 '10 at 13:39
  • 2
    He did state that he was in the US and that comment was mainly in response to others suggesting the FBI. There is an abuse contact for the domain in the whois which I included in my answer. – JamesRyan Jun 29 '10 at 09:28
4

The FBI will generally not do anything for cases unless there is $5000 of damage. However, that threshold usually puts you at the bottom of a very long list, usually eliciting an interview, some questions, they take the logs, details, etc and forward it to their computer squad. Defacements/hacks of a single site, the fact that the hacker wasn't in the USA and probably hacked your site from a compromised machine makes it much more difficult to track down unless that host is willing to log/capture data and hand it over.

You can try posting details to http://ic3.gov/ or contacting your local FBI office. Archive the logs, any modified files, etc and burn it to a CD/DVD so that you can hand it over. The more analysis you hand over with your report the better, but, don't get your hopes up for them actually doing much to catch a hacker that is most likely outside the USA.

karmawhore
  • 3,865
  • 17
  • 9
4

You've got an IP address, but that doesn't mean that the person who (legitimately) had the IP address at that time is the person responsible for the attack on your site? How do you know the system using that IP hadn't been compromised? For all you know, the legitimate user of that IP address may also be (and probably is) a victim?

At the end of the day, if you have an insecure system, it is inevitable that this will happen. If you aren't 100% sure your system is secure, don't publicly expose it to the internet.

Don't get me wrong though, I'm not defending the malicious person who did this, on the contrary, they should be punished to the full extent that the law allows, and I definitely do sympathise with your situation, but I believe your time would be better spent learning how they got in to your system and ensuring it can't happen again, rather than starting a finger pointing exercise, which will almost certainly be fruitless.

Edit: Just saw the answer from @JamesRyan, who should have got the accepted answer to this question IMHO.

Bryan
  • 7,538
  • 15
  • 68
  • 92
  • Thanks Bryan, but the question wasn't why should I do? It was how do I report. – Tyler Jan 03 '12 at 23:39
  • 1
    Very true Tyler, but the point I'm making is that you are likely reporting an innocent party. I don't know the specifics of the event you suffered, and you might well have evidence that you haven't disclosed that proves you know beyond doubt who the assailant is, the fact that you didn't suggests to me that you were trying to starting a wild goose chase. Apologies if this isn't the case, I'm just going of the info available. If you do have evidence that proves this, then I wish you the best of luck, however I'm afraid I can't answer the specific question you asked. – Bryan Jan 03 '12 at 23:49
  • It's in the past friend, I figured who it was, got them to admit it and resolved any issues. Thank for your help. – Tyler Jan 04 '12 at 00:01
  • Glad you got it sorted, apologies for digging up an old question. – Bryan Jan 04 '12 at 00:04
3

The (old and possibly outdated) CERT "Recovering from a System Compromise" document suggests several methods for people in the US, mainly the FBI. It's also worth reading the page for forensic investigation and cleanup strategies.

Andrew
  • 7,772
  • 3
  • 34
  • 43
3

Here's some good advice about when to call the police if you've been the victim of computer crime:

http://it.toolbox.com/blogs/securitymonkey/tips-and-tricks-episode-one-41613

There's some good advice there by security ivestigator

schulz
  • 31
  • 1