Is all hacking illegal?
March 10, 2007 1:21 PM   Subscribe

Is hacking just to find out the identity of someone illegal? The short story is I'm being harassed via email, have IP addresses, headers, all that, but not enough stuff that comes off as threatening enough to get anyone in authority to care. I downloaded and tried to use BO2k and realized I'm in over my head. I contacted a few "public" hackers and asked for help, but they claimed they don't do that sort of thing. I just want to know who this person is who knows my name and details about my family. I don't want credit card numbers, passwords, etc. Is what I want illegal? Is it _how_ I want it that's the problem? Public replies or emails welcome: painted_nails_20@yahoo.com
posted by anonymous to Computers & Internet (15 answers total) 1 user marked this as a favorite
 
The only time hacking is legal is if you're a security consultant and someone is paying you to do a penetration test, or if you're in a country where it's not yet illegal. (I believe there was a fairly recent case where there were hackers in the Phillipines or some such country who were caught, but were unable to be prosecuted, because there wasn't a statute against it.)

So yes, installing BO2K on someone's box maliciously is going to be illegal. Yes, "all" hacking is illegal, at least in the United States. If you were to break into someone's house just to find information on the person who was harassing you via snail mail, it would still be illegal, even if you weren't stealing anything.

If you want to pay someone to find out who's doing it, try finding a private eye who specializes in computers. They'll know legal means to get the information.
posted by kdar at 1:50 PM on March 10, 2007


can't you report this to the cops? they can usually track an IP legally, right?
posted by Salvatorparadise at 2:18 PM on March 10, 2007


You probably only have the IP of the mail server they're using, and you certainly don't want to go mucking about the servers of a big ISP with lawyers and highly-trained sysadmins. If they're threatening your life, call the police; if they're just being annoying, see what you can dig up via google or hire a PI if you really have nothing better to do with your time.
posted by bizwank at 2:23 PM on March 10, 2007


Have you tried searching for comparitive information? For example: Don't search for the full email address, just search for the alias, or some variation thereof. If, for example, they're emailing you with a reply-to email address of: omggandalfrulez@hotmail.com, then do a search for omggandalfrulez, and see what you come up with. People tend to like to maintain a consistent identity if they register for forums or use other email addresses.

Other than that, if you've got the IP address, you can see if guestbooks or forums have been used with that IP address (provided that information is made public). It's circumstantial evidence at best, as anyone could have used that email address in the past.

If this person is clearly harassing you, then they've at least violated the terms of service for their ISP, and you can get their account shut down merely by complaining (and providing all of the email offending correspondence) to the Abuse desk for that ISP.
posted by thanotopsis at 2:48 PM on March 10, 2007


If you really have their IP (not just the mail server), then there's stuff you haven't told us.

Here's a legal public tool, though, that works much better than other such tools. it's not what you want, but it's something:
http://www.ip-adress.com

It's not that easy to get through to the abuse desk at ISPs. They tend to be overwhelmed. And in the unlikely event you get them shut down, they just pay someone else the $20/month. No huge big deal.
posted by jimmyjimjim at 3:04 PM on March 10, 2007


I have, in past, found a surprising amount about certain people just by googling their IP address.
posted by Steven C. Den Beste at 3:18 PM on March 10, 2007


The ends do not legally justify the means if the means are illegal. Simple as that.

If his email address is from a smaller website, you might be able to get the owner to help you out. If it's on a Yahoo, etc. and there have been violent threats, it can be subpoena'ed.
posted by tmcw at 3:41 PM on March 10, 2007


The ends do not legally justify the means if the means are illegal.

Thank you for the insight, Javert.

Anonymous, I would suggest that it would be much more effective to simply change your e-mail address if your goal is to merely end the harassment and not to seek redress.
posted by solid-one-love at 4:11 PM on March 10, 2007


Yes and it would fall under "unauthorized intrusion" if you wish to run a program on their machine which gains information without their authorization. I do not know which statute it would fall under in your locale, but I would do the following:

(1) Print out all e-mail correspondence between you and said person, including full headers.
(2) Either block the address or change e-mail addresses.
(3) Immediately cease contact with the person

You didn't download any programs from them right? You haven't really stated the nature of the e-mails but you say that you don't feel threatened yet some anonymous person knows about you and your family. I would consider this threatening (even as a joke it is not funny, beyond the age of 15).

If the person continues to try to make contact with you I would definitely look into consulting a lawyer who specializes in criminal harassment. I would let the lawyer retain the services of a PI if needed, but I would not recommend going that alone.

It is going to be very hard to trace e-mails back without legal or professional help, ethically. An ISP or e-mail provider will be reluctant to divulge such information, rightfully so.

I would definitely not recommend intruding into his system or anything of that nature as it could have consequences should this escalate to something more sinister.
posted by geoff. at 4:44 PM on March 10, 2007


There's a lot that can be done with an IP address & email address without stepping over the line, but as you discovered you need the skill & knowledge to do it. Hiring hackers to handle this sort of thing rarely works out, there's no trust between you & no quality control to make sure you get what you're paying for. If you're serious about it my suggestion is to go to either a lawyer or private investigator who specializes in online harassment cases.
posted by scalefree at 4:46 PM on March 10, 2007


Oh I forgot to add: I personally would format my computer and reinstall all programs from the CD. It is rather trivial to write a back door trojan that is unique and virus definitions will not pick it up. Some bored kids get kicks out of doing things like this, and changing your address will be ineffective if he has some sort of remote control installed on our machine.
posted by geoff. at 4:47 PM on March 10, 2007


Are you positive it's not spam? There's this new really insulting spam going around. link
posted by IndigoRain at 7:25 PM on March 10, 2007


If you really have their IP (not just the mail server), then there's stuff you haven't told us.

Not necessarily. If you read the headers, you usually get far more than just the mail server's IP addres.
posted by oaf at 7:37 PM on March 10, 2007


I can spell address properly on the second try.
posted by oaf at 7:37 PM on March 10, 2007


If you've hit the point where you've tried to hire a hacker, it means the legal route isn't too much out of your price range:

Sue, and then subpoena the ISP. You'll need a lawyer, and it'll be damned expensive. But it sounds like you've got a good faith basis for suit.

(IAAL, but I am not your lawyer.)
posted by kingjoeshmoe at 9:26 AM on March 11, 2007


« Older Huh. Turns out silence actually IS golden.   |   Nip Tuck UK Newer »
This thread is closed to new comments.