Internet forensics on the Zuckerberg hack

Image: Johan Nilsson / Some rights reserved

Charles Arthur’s superb Guardian post on trying to track down who hacked Mark Zuckerberg’s Facebook account is an excellent example of Internet forensics. Here’s an extract:

[W]e might be able to find the hacker if we can find out who changed the Wikipedia page. Unfortunately, it wasn’t done by a registered user. But because of Wikipedia’s clever tracking system, you can see the IP of non-registered users: there it is at the top of the edit page in the screenshot: 131.74.110.168. You can also see what articles machines at that IP address have edited – a very mixed bag–- and also how edits from that IP have been increasingly smacked down by Wikipedia editors (latest on that page coming from October 2009: “Please stop your disruptive editing. If you continue to vandalise Wikipedia, as you did at Lyoto Machida, you will be blocked from editing.”

So who’s behind 131.74.110.168? A quick whois query tells you that it… the US department of defence in Williamsburg. [FULL ARTICLE]

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s