Picsl2,
There are many ways to report a hacker, and some of this depends on
how much information you know and what you hope to get out of it.
First, save all logs and files which prove that a hacker was present.
It's best to keep these logs on a disk not connected to the internet
so that the hacker himself won't discover them and delete them! Try to
copy these logs and files without modifying them in any way.
CERT [ http://www.cert.org ] says the following on their FAQ page:
"The CERT/CC is a major reporting center for Internet security
problems. Staff members provide technical advice and coordinate
responses to security compromises, identify trends in intruder
activity, work with other security experts to identify solutions to
security problems, and disseminate information to the broad community.
The CERT/CC also analyzes product vulnerabilities, publishes technical
documents, and presents training courses."
They have advice for reporting security issues at [
http://www.cert.org/tech_tips/incident_reporting.html#III ]. In
summary:
* Your site security coordinator (This is your ISP or service
provider)
* Your site's security team.
* CERT's Coordination Center
* Other sites involved in the incident. (Warning! Contacting another
site may tip off the intruder if they're snooping e-mail!)
* The police, the FBI, or other law enforcement agencies
I recommend that you browse the CERT site for more information about
reporting hacker activity.
Please remember the importance of closing the security hole which
allowed the hacker to access your system in the first place! Apply
security patches for your software, but also ask yourself whether the
hacker may have been an "inside job" of somebody who already had
access to your system.
I hope this helps you. Please ask for further clarification if needed.
Search Strategy:
CERT is known in the computer security community as a resource for
security information. I searched for their web page.
/ephraim |
