On Tue, Mar 11, 2014 at 2:00 AM, Markus <universe@truemetal.org> wrote:
Hi,
Your goal should be to keep together and preserve all the evidence/documentation you have: make sure you have and can verify the authenticity and chain of custody for all relevant materials that you say evidence attacks and their source, including your "trap" and how that works, and how it proves the apparent source/origin, contact the local authorities. By the way, without surveillance of the source network, it is really quite impossible to 100% prove that a given IP address is not running a bot and not being used as a proxy or traffic relay. This does not necessarily preclude contacting Comcast as well, to request they preserve records.
I'm an ISP in Germany and a cracker (not a hacker :) ) has targeted a customers of mine in the last days. The cracker was successful and caused financial damage / was successful with data theft. I set a trap and finally caught his real IP address - a Comcast user in the US (100% not a proxy or bot). What would be the next steps to pursuit him? If I contact local authorities here in Germany I'm afraid months will pass by and Comcast will have possible already deleted their logs by then (?). Any advice?
Thank you! Markus
-- -JH