How to Catch a Hacker

By Ed Oswald

Computer hackers can create havoc within your IT deployments. While many of us work tirelessly to protect our networks, sometimes holes in our security strategies develop and a hacker will exploit them. But there are steps you can take to catch the intruder and prevent future break-ins. This could make the difference between a trouble-free IT operation and one in which sensitive information is compromised.

Catching the Hacker

Step 1

Look for warning signs of intrusion. One of the most obvious is hard-drive activity. If you monitor your networks, you will get accustomed to a typical level of hard-disk activity. If this increases unexpectedly, verify the integrity of your data.

Step 2

Inspect files on your hard drive and look for signs of tampering, such as file deletion, editing or corruption, when you know that no one has touched the files.

Step 3

Look for persistent requests from the same IP address to your firewall. Often, anti-hacking software will alert you to suspicious requests. If this occurs around the time a hacking event occurs, this IP address is probably your hacker. Take action to block it.

Step 4

Track that IP number to a geographical location using a program such as Netstat. Turn this information over to the authorities. As a precaution, it might be a good idea to move sensitive data off the affected server or shut it down altogether to prevent further intrusion.

Step 5

Prevent future hacking incidents by ensuring your system is completely up-to-date with the latest fixes and patches. Often these will remedy security flaws that hackers would exploit. In addition, ensure that you have installed some type of firewall and are using it.