{"id":299,"date":"2008-10-16T10:40:12","date_gmt":"2008-10-16T18:40:12","guid":{"rendered":"http:\/\/www.codebelay.com\/blog\/?p=299"},"modified":"2008-10-16T10:54:05","modified_gmt":"2008-10-16T18:54:05","slug":"how-the-fbi-would-have-tracked-palins-hacker-if-he-were-l33ter","status":"publish","type":"post","link":"https:\/\/www.codebelay.com\/blog\/2008\/10\/16\/how-the-fbi-would-have-tracked-palins-hacker-if-he-were-l33ter\/","title":{"rendered":"How the FBI Would Have Tracked Palin&#8217;s Hacker If He Were L33ter"},"content":{"rendered":"<p>It&#8217;s been a few weeks since Palin&#8217;s &#8220;hacker,&#8221; David Kernell, got caught because he left a reference to ctunnel.com in <a href=\"http:\/\/wikileaks.org\/wiki\/Sarah_Palin_Yahoo_inbox_2008\">the screenshots of Palin&#8217;s email<\/a>.<\/p>\n<p><a href=\"http:\/\/www.collegeotr.com\/college_otr\/university_of_tennessee_student_david_kernell_indicted_for_palin_email_scandal_12822\"><img decoding=\"async\" src=\"http:\/\/www.codebelay.com\/img\/enjoyjailpunk.jpg\" alt=\"Enjoy Jail, Punk!\" border=\"0\"\/><\/a><\/p>\n<p>What if David Kernell was able to remove the references to ctunnel.com? What would the FBI have to do to catch him? And how would a would-be hacker avoid detection?<\/p>\n<ol>\n<li>The FBI would have to obtain records from Yahoo and 4chan, and these records would hopefully reveal the IP addresse(s) that accessed Palin&#8217;s account.<\/li>\n<li>The FBI would also have to search data retrieved from a descendant of <a href=\"http:\/\/en.wikipedia.org\/wiki\/Carnivore_program\">Carnivore<\/a>, a wiretapping software used for the Internet c. 2001. Such data could reveal the <a href=\"http:\/\/en.wikipedia.org\/wiki\/MAC_address\">MAC address<\/a> of the hacker. The MAC address would lead to the place of purchase for David&#8217;s network card.\n<\/ol>\n<p>Even if David Kernell photoshopped ctunnel.com from the screenshots of Palin&#8217;s email, the FBI could still have catched him in two ways:<\/p>\n<ol>\n<li>The IP address at Yahoo or through Carnivore-like software would have led the FBI to ctunnel and then to David&#8217;s IP address.<\/li>\n<li>The MAC address gotten through Carnivore-like software at David&#8217;s ISP (which is not really likely) would have led the FBI to the store at which David&#8217;s computer was purchased. Something like &#8220;ping davids_IP &#038;&#038; arp -a&#8221; would have to be run on a LAN level.<\/li>\n<\/ol>\n<p>So how else could David have avoided detection?<\/p>\n<p>1) He could have <a href=\"http:\/\/www.security-forums.com\/viewtopic.php?t=873\">chained proxy servers<\/a>.<br \/>\n2) He could have used a combination of p2p networks like the ones used for downloading movies and music to get to the web pages.<\/p>\n<p>But even then, the FBI would still be able to catch him.<\/p>\n<p>The FBI could still log name server look ups, the very techology that allows your computer to see www.fbi.gov as 64.212.100.43. If a log of name server look ups matched the time stamps of when the hacked pages were accessed, then the FBI would have a strong reason to believe that the hacker was using the ISP that provided the name server lookup, and from there get to David.<\/p>\n<p>Okay, okay. Let&#8217;s say that David disabled name server lookups. Could the FBI catch him if he went as far as that?<\/p>\n<p>If somehow his MAC address got leaked that would lead right to whoever purchased his computer&#8217;s network card. If he paid cash for his network card on the black market, or Craig&#8217;s List, then the FBI would be on a wild goose chase.<\/p>\n<p>I think if he took all the precautions above, the FBI would be at a total loss for tracking Palin&#8217;s Hacker if he were l33ter.<\/p>\n<p>Thoughts?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s been a few weeks since Palin&#8217;s &#8220;hacker,&#8221; David Kernell, got caught because he left a reference to ctunnel.com in the screenshots of Palin&#8217;s email. What if David Kernell was able to remove the references to ctunnel.com? What would the FBI have to do to catch him? And how would a would-be hacker avoid detection? [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[189,203,204,168,202,205],"class_list":["post-299","post","type-post","status-publish","format-standard","hentry","category-webapps","tag-craigslist","tag-david-kernell","tag-fbi","tag-hacking","tag-sarah-palin","tag-security"],"_links":{"self":[{"href":"https:\/\/www.codebelay.com\/blog\/wp-json\/wp\/v2\/posts\/299","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.codebelay.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.codebelay.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.codebelay.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.codebelay.com\/blog\/wp-json\/wp\/v2\/comments?post=299"}],"version-history":[{"count":0,"href":"https:\/\/www.codebelay.com\/blog\/wp-json\/wp\/v2\/posts\/299\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.codebelay.com\/blog\/wp-json\/wp\/v2\/media?parent=299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.codebelay.com\/blog\/wp-json\/wp\/v2\/categories?post=299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.codebelay.com\/blog\/wp-json\/wp\/v2\/tags?post=299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}