looneymum@... asked this question on 4/24/2000:
My son has had his screen name stolen twice. The first time he supposedly sent 12 pornographic emails to 520 people. He was in school at the time and couldn't have done it. This time he was on vacation and someone used his name to send instant messages of an obscene nature and took the names off his buddy list and sent hate mail. AOL said if I get a court order they would gladly hand over the telephone # that the hacker signed on from. How would I go about getting the records? Any help would be greatly appreciated.
D.S.
NataliePratt gave this response on 4/24/2000:
Unfortunately, this is not an uncommon problem. There is a free program, that is widely available on the Internet to hack an AOL account buddy list. And, I sympathize with you because receiving unwanted pornographic material is very offensive to people. And, to have it sent from your account can be very upsetting.
There are several steps that you need to take. The most important is to stay in contact with AOL. Because, if one of the recipients of the email complains, and AOL thinks your son was the one who sent it, you could lose the account.
Next, if you have a close relationship with your son, talk to him about the incident. Many times these instances come about if he was involved in some sort of "fued" with someone on the Internet either in a chat room, mailing list, or on a newsgroup. He may have a very good idea of who it was, but is afraid to say, because he may "feel" that he has something to hide. It may be as simple as, he made a comment that someone took offense it, or it could be a full blown fued. Have him carefully go through any possibilities, you may get a good lead. A lot of hackers take "revenge" on the Internet, if they feel that they have been wronged.
If you have a copy of the original message that was sent out, that can also be traced. By looking at the extended headers, you will see where the email message originated from. This is one of the best ways to start the search. Many people delete these types of messages right away, but see if you can get a copy. Did AOL tell you of the incident, or did you find out by another means? If you do have a copy, make sure that you have one with the complete headers. I would be happy to have you forward the original email to me (midwest@northnet.net). I will take a quick look at it, and tell you the probability of identifying the sender. I am going to also send you a message I wrote to another writer about tracing email.
As offensive as this matter is to you, be prepared that the only punishment to the individual may be the loss of his ISP account. So, before investing any money in a search to find him decide if it will be worth it for you.
I have also seen several instances where even if they do lose their account, it doesn't matter, they just move on. I, in no means, want to discourage you, but I want you to know the reality of the punishment possibilities before you would spend money.
You should still follow through on the matter, but do so knowing the entire picture. I will be glad to guide you.
These are just a few of the steps to start with. If you decide that you really want to go after this person, then I would have several more questions for before advising you on whether or not to proceed with a court order. For example, how did you find out that he dialed into your son's account, and not just accessed his user name from his own account? If he used his own account, but your son's user name, then getting a court order for the phone number won't do any good. Did your son give his user name out to any of his friends, that may think this is "funny" doing stuff like this? Did AOL tell you the times the messages were sent? Or, did someone who received it? This all makes a difference into finding where the message originated. Did the person who used your son's account do any damage to your computer? Send in a virus? Were there threats of any kind issued in any of the emails? These may help with prosecuting. I look forward to hearing back from you.
Good Luck, and I hope this helps Natalie Pratt Midwest Investigative Consultants
NataliePratt gave this follow-up answer on 4/24/2000:
Tracing email is getting easier every day as technology increases.The first place to start tracing an email is with the headers. By headers, I do not mean what you normally see on an email, but rather what is "on" an email, but not seen automatically. All email headers are stamped on each email,if you open it as a text file or even in some email programs,you will see the headers. For example, if you are using Netscape 4.0, highlight any incoming message in your inbox. Now, go up on top to "view", move down to "headers", and over to "all" and click. Now, go back and look at that same message again. There is a gold mine of information that can be used to trace a message. However, if an individual simply printed out the message and, then deleted the original message, it will be more difficult to trace. Because, all of the headers will not print out automatically on the message. If there is access to the computer that received the messages, it is still possible, in some cases, to pull out the message, even if it has already been deleted from the email "trash" folder. Simply deleting messages is not always enough to remove them entirely from the computer.
The next step is understanding the headers. By pulling out the right information, you will then be able to trace the email back to the origin. The headers are the key to establishing who sent the email because you will be able to trace it to the computer that sent it. For starters, the IP address (do not confuse this with the ISP) of the computer who sent the message is stamped on the message.(The string of numbers enclosed by brackets). There may be more than one set of IP numbers, because it went through various locations to reach you. The bottom one is from the originator of the message, and therefore the one you want. Now, the actual tracing of the email. Take a look at the program, free for the download, called NeoTrace(http://www.neoworx.com). Download that program, and put in the bottom IP number that was stamped on the email. Hit go and watch it trace the IP number to the name and address of the ISP that is hosting that computer. You can also put in a domain name to trace by name as well. From there it gets fun because that is where the detective work begins. If the message came from a public source such as a library or college then it takes more creativity in discovering the identity of a sender, than if it simply came from an individual's house.Of course, you can forge these, by various hacker methods. Or, "take over" another computer and have that computer send it out. Even if it is forged or masked in some manner, it is still possible to trace, it just takes a bit longer. However, by careful examination and a little thinking, in most cases, you will eventually learn the true identity of the sender.
Now, a little different aspect. If you want to retrieve the name of the individual who set up the user name and password on a hotmail account, then you need to go through hotmail (or other free email program) itself. Many users tend to use the same user name for all of their accounts. By looking at the profiles that they may put in, you can skim tidbits of information from several sources,and start compiling a profile. This takes time and determination to accomplish, but again with a some persistence it can be done. Good luck, and I hope this helps.
Natalie Pratt Midwest Investigative Consultants
The average rating for this answer is 5.
looneymum@... rated this answer a 5.