Hacking Back #IRL

Eradicating an Intruder from a Network

Dave Dittrich
36 min readJul 31, 2019
Photo by Jakob Owens on Unsplash

“Hacking back” doesn’t always mean going outside your own network. In fact, it is best done quietly, inside your own network where you have home field advantage, and both slowly and deliberately so as to deliver a definitive enough blow to someone’s activities that they leave your network and don’t come back. This is a story of how I did it, and how you can, too.

This story (excerpted from a book in progress) centers on a hacker who I will refer to by the nick “G0by” (spelled with a Zero, and not his real nick.) G0by was part of a criminal hacker gang actively compromising systems around the globe for the purpose of installing back doors, sniffers, Internet Relay Chat (IRC) proxies and bots, which were sold and traded in the computer underground. While fictionalized, this story is based on a series of in-real-life abuse complaints and resulting intrusion response activities at a major university in the United States that occurred in the late 1990s. The victims of this crew included universities, small businesses (including several small local ISPs), and corporations (including an online trading company, a brokerage group, a truck scale manufacturer, and an electronic media publishing company) around the globe.

Facts that underlie this story were learned through detailed analysis of keystrokes and…

--

--

Dave Dittrich
Dave Dittrich

Written by Dave Dittrich

Information Security Researcher, Consultant, Writer. Support my writing by joining Medium https://git.io/JKLPq (affiliate link — I get a portion of your fee)