When someone began hacking into the TeraGrid – a network of 11 supercomputing sites across the United States – in 2004, a team at the National Center for Supercomputing Applications (NCSA) began a manual traceback to find the culprit.
In a session on Thursday afternoon, James J. Barlow, director of security operations and incident response at NCSA, explained the how the hacker was caught.
After following the path of compromised machines to several sites in the United States, then to computers in France and Croatia, the NCSA team discovered the hacker was a Swedish 16 year old. The NCSA began monitoring his IP address while the FBI worked with Swedish authorities to set up an arrest.
While monitoring the hacker, the NCSA noticed that he had posted images of his computer screen online because his girlfriend had designed the desktop patterns. A closer look at these desktop images showed open windows that proved the hacker was accessing an unauthorized computer when the images were made.
That evidence directly led to his conviction in Swedish court.
– Joe McLaughlin