Saturday 30 November 2013

0

How to catch a person who is harrassing on web

Posted in
Leo Traynor, an Internet user inIreland, had a problem. More specifically, he had a troll, a very nasty troll. At first, the troll just sent him nasty messages on Twitter, telling him that he was a “dirty f*cking Jewish scumbag,” for example. Every time Traynor blocked the troll, it would reappear with a new account. (Note to Twitter: perhaps you should let users block the IP addresses associated with harassing accounts, along with the accounts themselves to prevent this from happening.)

Then the troll moved to other forums, spamming Traynor’s blog, sending himFacebook messages, and flooding his email account with “foulmouthed and disgusting comments & images… of corpses and concentration camps and dismembered bodies.” And you thought your email backlog was bad.



Traynor made his accounts as private as possible, so the troll moved on to Traynor’s wife, again targeting her via Twitter. Then the troll switched to real world harassment, sending a package to Traynor’s house containing a plastic box full of ashes and a note, “Say hello to your relatives from Auschwitz.” Traynor details the abuse in a post on his blog. He also describes how he was able to find out who the anonymous harasser was — without legal intervention — and his eventual confrontation with the troll, who wound up being the 17-year-old son of one of his friends. It’s a great and twisted read.



So how did he do it? How did he figure out the identity of his troll without going to court and getting a subpoena to get various tech companies to reveal the identity behind the faceless accounts that besieged him? (And how can you do it too?)


Traynor says he was approached by “a friend, who’s basically an IT genius” who helped him bait and catch his troll. That friend wishes to remain anonymous, but another IT professional, Evert Bopp, outlines the techniques involved on his blog. Here are the steps:

1. Your troll-trap is a blog. If you don’t have one already, you’ll need to set one up.

2. You’ll want to be able to keep track of the IP addresses of visitors to your blog. Programs like AWStats or Webalizer will keep visitor logs for you that will reveal where your readers are coming from. Alternatively, you can hope your troll comments on your blog. If they do, their IP address will be captured and sent to you along with the comment. Yes, readers of the Not-So Private Parts, I see your IP addresses when you leave your (usually delightful) remarks here.


How comments on this blog look to me

3. Lure your troll to your blog. Traynor did so by including links to the blog on Facebook and on Twitter. If you’re very audacious, you could email your troll directly with the link. (Keep your fingers crossed that your troll is not using an IP masker.)

4. Once you’ve captured the IP address, whether from a blog comment or from visitor logs, it’s time to see where it originates from. You can do that onIPTracker. ”It will show you the user’s Internet Provider, a fairly exact location, the map coordinates and a satellite view of their location,” writesBopp. The Google stock advice comment spam above, for example,  appears to originate from an office building in Islamabad, Pakistan, a block away, coincidentally, from Kashmir Highway.

5. Now you may know where your troll lives, and if it’s someone you know in real life, you may already know who it is. Alternately, you can try searching the address online and see if it turns up anyone who seems likely to be the culprit. “Plug the location into Google Streetview and it will give you the actual address,” writes Bopp. “You can then put the address into Google to find out more details.”



“The IP address alone will not lead you to the troll’s address in all cases,” says Bopp in an email. “But it will narrow the location down and using cross-referencing and further research, it is very much feasible to create a profile, extract a name and a location.”

This technique is far easier than the other option: suing your John Doe and going to court to get Internet companies to help you identify him or her. Back in 2010, model-turned-business consultant Carla Franklin was upset by nasty comments about her on YouTube that came, she said, from someone stalking her. A judge ordered Google to hand over the IP addresses behind the nasty comments. Now, two years later, she is finally unmasking the tormenter, who she is suing for stalking, harassment, invasion of privacy, defamation, and identity theft, among other claims.

These were the steps she had to pursue to go after her online harasser. Franklin described by email the two-year-long process involved in outing (and suing) her troll:

Obtain the IP and e-mail account information (which cannot be faked) through court order:
Google (like any only service, i.e. Yahoo, Reddit, etc) only has access to IP addresses, e-mail accounts (for confirmation), and user name (which can be faked).  There were 2 distinct IP addresses
After I won my order against Google, I received the IP and e-mail account information from the company in October 2010.
I did some investigative work and discovered that the internet service providers (ISPs) were 1) Earthlink-home ISP and 2) Wholesale internet – a reseller to the financial services community. So, I knew that my stalker committed the crimes from home and work.
Obtain the home and office address from the ISPs that own the IP addresses:
Through another court order (that I brought by myself), in February of 2012, I subpoenaed Earthlink and Wholesale Internet for the physical street addresses the and client names that were associated with the IP addresses in question (see Exhibit C).  My subpoenas and court order did not contain the name of the person that I suspected of stalking me, only the IP addresses associated with each ISP.
I had each company served by process.  They had roughly 20 days to respond, I believe.
Wholesale Internet contacted the business associated with the IP address and told them that they received a court order regarding a John Doe who was stalking and harassing me, and the IP address linked back to their offices.  The company’s IT team investigated further and found that the IP address for the date in question linked back to the a specific employee’s computer.
Earthlink owned the other IP address, and sent notice to the home address of the account holder associated with that IP address that I had a court order to obtain his true name and address because the IP address had been used to commit a cybercrime.  The account belonged to the same person.
As you can see, the court route is more arduous. Of course, if you have plans to press charges against your troll — or sue him or her — you may need to take the more laborious route to get the evidence to stand up in court.

0 comments: