Tag: david kernell

Categories
WebApps

How the FBI Would Have Tracked Palin’s Hacker If He Were L33ter

It’s been a few weeks since Palin’s “hacker,” David Kernell, got caught because he left a reference to ctunnel.com in the screenshots of Palin’s email.

Enjoy Jail, Punk!

What if David Kernell was able to remove the references to ctunnel.com? What would the FBI have to do to catch him? And how would a would-be hacker avoid detection?

  1. The FBI would have to obtain records from Yahoo and 4chan, and these records would hopefully reveal the IP addresse(s) that accessed Palin’s account.
  2. The FBI would also have to search data retrieved from a descendant of Carnivore, a wiretapping software used for the Internet c. 2001. Such data could reveal the MAC address of the hacker. The MAC address would lead to the place of purchase for David’s network card.

Even if David Kernell photoshopped ctunnel.com from the screenshots of Palin’s email, the FBI could still have catched him in two ways:

  1. The IP address at Yahoo or through Carnivore-like software would have led the FBI to ctunnel and then to David’s IP address.
  2. The MAC address gotten through Carnivore-like software at David’s ISP (which is not really likely) would have led the FBI to the store at which David’s computer was purchased. Something like “ping davids_IP && arp -a” would have to be run on a LAN level.

So how else could David have avoided detection?

1) He could have chained proxy servers.
2) He could have used a combination of p2p networks like the ones used for downloading movies and music to get to the web pages.

But even then, the FBI would still be able to catch him.

The FBI could still log name server look ups, the very techology that allows your computer to see www.fbi.gov as 64.212.100.43. If a log of name server look ups matched the time stamps of when the hacked pages were accessed, then the FBI would have a strong reason to believe that the hacker was using the ISP that provided the name server lookup, and from there get to David.

Okay, okay. Let’s say that David disabled name server lookups. Could the FBI catch him if he went as far as that?

If somehow his MAC address got leaked that would lead right to whoever purchased his computer’s network card. If he paid cash for his network card on the black market, or Craig’s List, then the FBI would be on a wild goose chase.

I think if he took all the precautions above, the FBI would be at a total loss for tracking Palin’s Hacker if he were l33ter.

Thoughts?