ABCNEWS.com : WNT: Policing the Internet

Tracking a Hacker
     The detective’s tools are the same in any age. Look for physical evidence, develop a theory, and then assemble the facts. Only in cyberspace, there are a lot more private eyes to help.
     There are potentially thousands of amateur sleuths like Boston businessman Richard Smith, who spent seven hours dissecting the “Melissa” computer virus and reported what he found to the FBI.
     “What I found was a serial number embedded in the document that related to the computer that created it,” says Smith.
     That led to other clues that exist in all computer code. Code is a series of words, letters and numbers that tell a computer what to do. Each programmer has a signature style, such as how he or she indents a new instruction or uses capital letters.
     Sometimes programmers add pop culture references for fun. Melissa had a Bart Simpson quote buried in its code. It also had, literally, a fingerprint in cyberspace: a unique number code assigned to a computer by the manufacturer. You leave it behind everywhere you go on the Internet. Once police have this physical evidence, they can retrace a suspect’s movements.
     “One of the things the Internet is very good at is keeping tons of information,” says Peter Tippett of ICSA.net. “In computer security, we say nothing ever disappears on the Internet.”
     So security companies like Tippett’s can search years worth of a hacker’s e-mail, programs, and chat-room discussions.
     When Melissa struck, “by the next day we were able to give the FBI and the Department of Justice 300 documents that concisely described the person and his five-year history,” says Tippett.
     Many of those documents contained another code: the electronic address of an Internet on-ramp company in Red Bank, N.J. Once police obtained an electronic search warrant, the company helped match the numbers to a customer.
     “We gave them the name, address and phone number, their IP identification,” says Mark Andrewes of Monmouth Internet. Thus investigators were able to put a face to the numbers.
     Authorities, with some help, had their man. David Smith will be sentenced in May.
     The most recent hacker attacks are more complex and used several computers, which means the suspects covered their tracks better. So it may take a little luck as well as solid detective work to crack the case. But then it’s always been that way.

— Kevin Newman, ABCNEWS