Identifying IP addresses of hackers
 

Okay, majorly freaked out here. I was talking to someone on Facebook last year for quite awhile, odd fellow, very paranoid.....but only through text (we never spoke over the phone, or met).
They were on the political forums, and we chatted. He sent me his resume(??) saying he was in a doctorate program studying AI and doing "research".
He claimed to be from Texas, but definitely spoke Russian. He got progressively more paranoid and even unfriendly, and finally dropped off/became completely unresponsive.

That's when I found out MONTHS LATER he had hacked into my Facebook account, and was still logged in, reading my messages to other people. I know this with 100% certainty it was the same person. What's more, he seemed to have some kind of alert set up (I guess to his mobile phone). Something happened that proved without a doubt he instantaneously knew what I Facebook messaged to someone else. That may explain why he remained logged in, instead of just hacking the password.

I haven't logged in my Facebook account since, I abandoned it in August. I'm just too freaked out to use it. But now.... I discovered this person has apparently hacked my email account now also, and has been sitting in there about two weeks, reading my email correspondence. At least, someone did....I'm fairly certain its him- same location, Bolingbrook, IL.

My question is- and I'm not a networking expert- I have 3 IP addresses who have hacked my Facebook and email, and all 3 of them have the first 3 numbers identical. (XX.XX.XX.XX)
Why would the 4th number vary, and is there any way to confirm who this is if you have all 4 parts of the IP address?
How did he even know my email address?
This person was SO bizarre. Anyway I looked up all 3 IP addresses on AbuseIDP, they have already been reported many times, over several years. Whoever this is a big time hacker and stealing stuff, apparently.

The fourth octet will vary depending on the network used but don’t even worry about chasing an IP down, it’s pointless. A good hacker is not going to ever leave a trace of where they are or were. Sure, you can say “this IP came from X country” but who knows if the hacker is in a completely different country and is using a VPN, compromised machine, Tor, etc, to obfuscate their real location.

If one thinks any of their accounts has been hacked, the first thing to do is change the password!
Just sayin’

@scasey hit the nail on the head! Change the password on any account you have! NOW!!!

Never use the same password on multiple accounts, use secure passwords, and be extremely paranoid on social media. Leaving someone in a facebook or email account for months without changing the password is just plain dumb!

How he got your email is simple. He had access to your facebook account and the email was in your profile. Most social media accounts and many business accounts use your email to log in and / or to identify you. Once he knew the email address he could spend the time it took to crack the password. Facebook has had their password database hacked in the past. Do you really believe it is any more secure now?

It is up to you to make certain every online account is secure. Strong passwords, not sharing passwords between accounts, and strong user names that do not directly identify you are some of the things you can do. Research internet security needs.

Aside from the very good advice others have given here, some things raise questions:

• You say you only chatted through text (never on the phone or met)...so how, exactly do you know he 'definitely spoke Russian'??
• You say you found out months later he 'hacked' into your Facebook account...how did you find this out??
• You claim to 'know with 100% certainty' it's the same person...again, how??
• You say there was something that proved without a doubt he 'instantaneously knew' when you messaged someone...again, how??
• You say you know this person has been reading your email for weeks...yet you don't change the password, or call your email provider for help?
• You claim you're not a networking expert, but seem to know enough to be able to identify these IP addresses, and know how to use geoIP services to find a location, know enough to look up things on IP abuse systems, and know about previous reports??
• You claim this person is a 'big time hacker' who is stealing stuff...again, how do you know this??

How does Linux fit into all this?? What brings you to THIS forum, for assistance? Why haven't you contacted any cybercrimes units in Chicago, since you claim to have already found the location and addresses, and let the police handle this? As sevendogsbsd points out, a good hacker won't leave traces...odd that this 'big time hacker' does.

There are many other 'hacked' threads on this site that have been started over the past year...may want to look at those.

First, chill out please. My only question was how to identify IP addresses. I only gave additional information for background.
As for your questions, fine, I'll answer them.

>>>>
You say you only chatted through text (never on the phone or met)...so how, exactly do you know he 'definitely spoke Russian'??
You say you found out months later he 'hacked' into your Facebook account...how did you find this out??
You claim to 'know with 100% certainty' it's the same person...again, how??
You say there was something that proved without a doubt he 'instantaneously knew' when you messaged someone...again, how??
You say you know this person has been reading your email for weeks...yet you don't change the password, or call your email provider for help?
You claim you're not a networking expert, but seem to know enough to be able to identify these IP addresses, and know how to use geoIP services to find a location, know enough to look up things on IP abuse systems, and know about previous reports??
You claim this person is a 'big time hacker' who is stealing stuff...again, how do you know this??
>>>>

1. I have seen him posting messages in Russian to other people in Facebook groups, and he also told me and many other people online that he did. Also his resume he sent me said he is fluent in Russian.
2, 3, 4... I'm not going to go into how I know, because I well know whoever this is could read my answer here at some point, and god knows they don't need any pointers in covering their 'craft'. I am 100% positive who it is, and that they hacked me. Also this person has hacked at least 9 other people on Facebook and elsewhere, and has been at it for years.
5. I did call my email provider for help today, they told me to enable 2 factor authentication, change my password, and anything further would be paid support. I already have done that.
6. This IP address has been reported many times, elsewhere I have found. I know who it is. So here's my question:

This person is being trained/getting a degree in skills that will be used in their completely unethical behavior. They are already spying, if not stealing information from people. Why else would they be doing this?
So what is my responsibility to report them. Or should I just do nothing, and let people be victimized.
WWYD?

>>>The fourth octet will vary depending on the network used but don’t even worry about chasing an IP down, it’s pointless. A good hacker is not going to ever leave a trace of where they are or were. Sure, you can say “this IP came from X country” but who knows if the hacker is in a completely different country and is using a VPN, compromised machine, Tor, etc, to obfuscate their real location.>>>>

Its possible, but the location this person told me they lived in, before I ever knew they were a hacker..... coincides very closely with the tracking location of the IP address, when they hacked from later, repeatedly. Given other coincidences I won't get into knowing the person, its pretty much a smoking gun. But this is not a tip thread on track covering for illicit behavior. Anyway I should never have included all the additional details why I was asking the question, I was just upset at the time. Admins: Delete this thread if you wish.

Is there such a thing as a "good" hacker? To me in some circumstances its no more honorable than sneaking around and peeking in your neighbor's windows and mailboxes. As far as character.... I'm not impressed. If identity theft and other underhanded stuff is involved also, even less.

I think TB0ne's mistrust is justified. Please don't take it the wrong way, James Kiersten.
In any case try to answer TB0ne's questions - it will help you identify at which point exactly and how you got hacked, in other words: it will show you where you provided that piece of information that enabled the hacker to hack you.

I doubt you'll get a reply from James K, just another 'i've been hacked thread'

I'd tend to agree, since a quick look at the OP's profile indicated they were online hours after I posted...no answers. While the OP may actually have a problem, there is again FAR too much similarity to the other 'I've been hacked' threads:

• They 'new' to computers/network
• While they're 'new', they somehow have the knowledge needed to find IP addresses, track them, etc.
• They 'know' who is doing it...yet don't call police with their 'evidence'.
• They 'know' details (somehow) about how this 'big time hacker' is getting alerts?
• This 'big time hacker' is (once again) stupid enough to leave traces EVERYWHERE that even a new person can find.

Theoretically, yes. You determine which organization owns the "network" part of the IP address (the part that didn't vary), and you send them a subpoena.

If you just get another network back, then you send them a subpoena in turn.

Especially odd to register to a forum and write such drivel as a first time poster.

And set up 2FA.

Really?? Then why did you start out by saying you already HAD the IP addresses, geolocated them, etc.?? Why ask what you already know?
As are many others; what, exactly does that have to do with anything?
Again, meaningless. You provide zero proof and most likely cannot. If you're so paranoid that 'they' are going to find you, why on earth would you register with the user name you did, instead of something totally anonymous? And now you 'know' somehow that there are 9 others and that he's been at this for years?? Yet you cannot provide any evidence on how you know. Kind of a tall order for someone with no experience in computers or networking to somehow be able to gather all this information.
So why didn't you change your passwords weeks ago, when you found this 'evidence'??
Exactly...why *WOULD* anyone target you?? Hackers do things for $$$, not for fun. And as has been noted numerous times in the past, in all of the other INCREDIBLY SIMILAR threads on this site, why would an experienced, trained hacker with these incredible skills just leave traces everywhere, for someone who has NO EXPERIENCE to easily find??
You claim to have all this proof and evidence...did you miss the part where you call the cyber crimes unit of the police?? Turn it over to them??

Again: how is this Linux related, and why do you post here for help, when you could just call the police with your 'evidence'??
Then again, you have this 'smoking gun'....call the police and turn over all your 'overwhelming evidence' to them, and let them do their jobs.

Begin using a password vault. Set up passwords that are insanely complex and long. I start with the longest generated password my vault will create and work downward if it's too long for the web site. (Many don't tell you the maximum length so start big and shorten as needed.) Change the passwords in your vault every few months, say, every quarter.Don't save your passwords in your browser. Don't tell your browser to "stay logged in". It's a PITB to work this way but only at first. Then, as you get used to using the vault, muscle memory kicks in.

As for FB, you might be able to get in touch with them and have your account disabled for a period and work with them to get the password changed so your Russian [1] "friend" cannot get back in. Hopefully, you'll be able to repair any bridges that this miscreant has burned for you.

HTH...


[1] -- I wouldn't discount the "Russian" label the OP has put on his FB attacker. I live just down the road from Bolingbrook and there's a sizable Russian community out in Chicago's SW suburbs.