Reporting Hacking Attempts to the Police (UK)

Forum Moderators: phranque

Message Too Old, No Replies

Reporting Hacking Attempts to the Police (UK)

Frank_Rizzo

11:20 am on Sep 5, 2005 (gmt 0)

I'm fed up of this guy thrashing the server with exploits and trying to break into the members area. I have a few questions.

Which police authority should I report it to?

Say I'm in Kent, the business is registered in Surrey, the server hosted in Yorkshire and the hacker resides in Lancashire?

What is the best way to word the crime report? Even though the authority have a dedicated IT crime unit would they understand the terms exploit, brute force etc?

What action do you think would come of this? Would anything be done?

Hackers ISP has been informed but you never get any feedback from them to say that they have dealt with the issue. Should I send a registered letter to them informing them of police action and that they should maintain their records?

kaled

12:27 pm on Sep 5, 2005 (gmt 0)

Before making an official complaint to the police, you need to gather evidence. Once you have that, you can make an official complaint. However, first, you need to know what evidence to collect so you need to talk to the police unofficially. The place to go is your nearest major station. However, if that's a good distance away, the phone might be better. Most major forces have websites, but ironically, I suspect for this crime, websites will be useless. Don't get bogged down trying to work out which force covers this - just ask.

Having said all that, if you provide sufficient evidence to his ISP, they will probably boot him off unceremoniously. I'm not sure who regulates broadband issues but if the ISP refuses to help, talk to OFTEL. Realistically, if you can deal with this without the police, do so - it will be much quicker. I seem to recall there is a "misuse of telecommunications" act that covers this.

Kaled.

incywincy

12:47 pm on Sep 5, 2005 (gmt 0)

If this guy is stupid enough to not use an anonymous proxy ( I'm assuming this because you say you know his ISP ) then I should think it would be quite easy to identify him and redirect him to a trap or give him a 404.

I'd be tempted to redirect him to a police website and let them sort him out!

Frank_Rizzo

12:55 pm on Sep 5, 2005 (gmt 0)

The guy is dumb this time because he is not using a proxy.

I have hundreds of thousands of log file entries showing his IP and the exploits he is trying.

The attack has lasted all morning. I filed an abuse report with the ISP and spent 20 mins on hold to their support. They would not put me through to the abuse dept and would not say if the email had been read yet (although I have had an auto reply).

The attacks are still going on right now. Clearly the guy has left his PC in auto pilot whilst he's at school / work or something. I started redirecting his IP earlier today but the attacks are still happening.

As I speak I'm faxing the ISP with a stern letter. What would you say is a reasonable time for a small / medium ISP to respond and cut him off? What if this goes on all afternoon?

woop01

1:28 pm on Sep 5, 2005 (gmt 0)

What would you say is a reasonable time for a small / medium ISP to respond and cut him off?

If you hear anything back within two days or so, I'd be impressed.

Frank_Rizzo

2:17 pm on Sep 5, 2005 (gmt 0)

They called me an hour after I had faxed them.

They have contacted the client and the impression implied is that the the client "may have a comprimised PC" or the attack was "spoofing his IP address".

Hmm.

Either way, at least the attacks have miraculously stopped now, and that the client knows the score.

trillianjedi

2:33 pm on Sep 5, 2005 (gmt 0)

That sounds like a good result all in. Well handled.

woop01

2:59 pm on Sep 5, 2005 (gmt 0)

Wow, that's a great response. I've never contacted an ISP here in the states without being asked for subpoena.