He saw a difference of less than a dollar in the billing. Tracing this, he uncovered logins from a former administrator. He decided to try a few means to track the hacker. He discovered they were coming in from an off site modem. He was able to put in an intercept to catch the traffic before it made it to the computer. This allowed him to print out all the activity without the hacker realizing he was being trapped. By doing so, he was able to continue to track the activity for many months.
The hacker was using the server as a jumping off point to look at many scientific and military computers. Stoll involved the phone companies and network providers to try to trace the origin of the hacker. There were some bits (like different unix commands used and network latency) that indicated they were coming from far away. To help keep the hacker on line for a long time, they planted a honeypot of fake important documents to entice the hacker. The tracing involved multiple government entities and countries along with plenty of bureaucratic challenges. Eventually, the hacker was found (in Germany) and Stoll could marry his girlfriend and live happily in Berkeley.
No comments:
Post a Comment