Ok some questions and answers that keep popping up in the blog…
Question: Can Internet Dongles be traced?
Answer: Yes, very easily if you have the equipment and know how. However there are some caveats. If you have an ex with a dongle that you want to trace, no you can’t. However, if the ex has stolen your dongle (or you’re one of the idiots that think they can steal a dongle and get away with it) .. Yes you can. There are 2 serial numbers embedded in the dongle (known as EMSIs) one is programmable, the other is ‘hard coded’ (ie it cannot be changed) If you know the programmable one and not the hardware code, you have to hope the thief has not had it reprogrammed. On the other hand if you have the hard coded one you can trace it. I won’t discuss the details here (or in private questions) as you have to sign paperwork to get that information in most countries, but the one thing I can tell you is, knowing both makes things a hundred times easier.
Question: Can you trace someone using a particular Internet dongle?
Question: Can you trace someone via your blog?
Answer: Yes if they keep connecting to it… Depending on your knowledge and control it might take some coding. However, if the person is stupid or careless, they will leave finger prints all over your blog… for example, someone who spends a lot of time in Florida (USA) is going to get a nasty surprise this year of 2012 if they don’t stop “checking up” as they are going to find themselves in court this year on similar charges of gender discrimination as my ex is. (Final warning: you know who you are, I might not be able to take you to court, but the European court will take the matter up themselves and I will just supply the evidence!)
Question: Can you see what people are searching for when they find your blog?
Answer: It’s simple, just check the ‘referrer’ header it will present the last page visited for example:
22.214.171.124 TwDoP0W3HEMAAAOTCbcAAAAB – – [01/Jan/2012:18:11:59 -0500] “GET / HTTP/1.1” 200 75800 “http://www.bing.com/search?q=michelle+sullivan+malta+blog&form=MSNH14&qs=n&sk=&sc=1-28&x=107&y=13” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)”
The ‘q=michelle+sullivan+malta+blog’ shows the person searched for “michelle sullivan malta blog” whilst using ‘Bing’ as the search engine as a matter of interest from Hollywood, Florida, using Windows 7 x64. (Similar things can be seen with Google, and image searches just the line format changes – Webalizer will decode most of them for you if you have trouble working it out.)
Question: If people have linked to your page, can you see where the original link was?
Answer: Yes, and the same thing works for spotting when someone uses some image on your site on their page, or even Facebook links. Again the ‘referrer’ header is the key field, for example a link from Facebook:
126.96.36.199 TwBOhEW3HEAAAArMSsQAAAAB – – [01/Jan/2012:07:16:04 -0500] “GET / HTTP/1.1” 200 75800 “http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.michellesullivan.org%2F&h=2AQElPj30AQHe6mHhKUmRDmzJE9YdYqc8FksLg6ql4Zxynw” “Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7”
and an image used elsewhere linking back to the site (in this case my MySpace page):
188.8.131.52 TwEF00W3HEMAAAOTCt0AAAAB – – [01/Jan/2012:20:18:11 -0500] “GET /GalleryData/2009/July/12/thumbnails/DSC_4258.jpg HTTP/1.1” 200 4431 “http://www.myspace.com/michelle_i_sullivan” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)”
Question: I see you have had trouble with a stalker, I think I have a stalker as well, can I use the information to prosecute?
Answer: Yes, but you will need help, if you needed to ask this question you are not someone like myself that has given ‘expert evidence’ in court on multiple occasions so therefore you will need someone to help you gather the evidence. Important: Get advice from the local authorities on the matter as soon as possible if you need to, or think you might, go to court. The first thing you will need to do is turn on forensic logging, this is not as simple as using Apache’s “log_forensic” function, but it is a start. You will also need to dump packet headers from the offenders at a network level and record those packets in a format that is considered ‘untamperable’ (ie once recorded it cannot be altered.) You will also need to be able to follow basic tracing (as described in other articles) as you probably don’t want to record everything that hits your website. Lastly you will need to obtain, or have someone obtain court orders on your behalf, to gain access to the remote connections providers access logs so that you can tie the evidence collected to the offender. Be prepared, such issues are long and involved, and in countries such as Malta, unless you know who to call you rarely get to speak to anyone that actually knows what you’re talking about. You should also note that unless there is a serious crime committed (such as “Criminal Libel”, “Racial Discrimination”, “Gender Discrimination” or “Child Pornography”) you will not get any help from most police forces of the world.
Question: Will you help me trace my stalker?
Answer: I just did by posting this, however if you want someone to be your detective, sorry I don’t do that for others, as I don’t really have the time to waste on it myself, get your self in touch with the Police and if they can’t/won’t help, hire a private investigator to help. Tip: I have used a private investigator myself over the last year to help me as they double checked my ‘evidence’ for forensic ‘soundness’ and at times I just didn’t have the time to do all the work myself. Tracing people is not simple or quick when it comes to getting all the evidence needed for a court case. It’s quick and simple if you just want to ‘know’ without having to ‘prove’ it (also in some cases like mine when the tracing goes international, you either have to visit or get help from someone local – particularly when tracing devices such as dongles to a 50m radius.)
Question: My stalker is using proxies (including the “I’m hiding behind 7 proxies” bulls**t) can they be traced or can I stop them?
Answer: Not as simple as a yes or not because it depends on each proxy and the intent of the person who set each up. Most proxies are accidentally setup ‘open’ and therefore there is no malicious intent, if this is the case it doesn’t matter if there are 100 proxies between the stalker and you, it’s simply a matter of looking for the ‘X-Sent-Via:’ and/or ‘X-Forwarded-For:’ headers in your forensic logs (the latter header is pretty much standardised) if found you will find that all of the IP addresses (including the originators) are presented to you in a nice simple comma separated list.