This article is a response to a question posed to our security expert, Luis Medina. See the question here
No need to apologize, you've directed your question to the right person. Yes, it is possible to identify this one person among a pool of people so large, but it will take time and effort. Not knowing all of the details of your situation and working with limited information, I've provided some suggestions for you to consider while investigating the personal identification of the "ghost". The important thing to remember is that this should be a team-based effort and not a single-person effort - in other words, get other officials involved (i.e., police, University, ISP Abuse Team, etc.).
First, before I offer any suggestions, I would ask that you seriously and carefully examine any threats made against you or your loved ones (on-line or off-line) or if you have been a victim of a computer crime. If the answer is yes, then I would contact the local police department and report the situation to the authorities immediately. (You'll need to meet with your immediate family to gather all the facts and register any concerns.) If the answer is no, I suggest at a minimum, that you still log a call with the police and let them tell you what course of action to take regarding your concerns. If possible, schedule a meeting and put a face (not just a voice) to your list of concerns.
Second, is your daughter, other family members, or friends attending or working (full-time or part-time) in the same large University the "IP and HOST address of this person" that you called "stalker" is registered to? Keep in mind, if this stalker is also a hacker, he/she can hijack many hosts and IP addresses - in other words, the large University could simply be a red herring in this matter. Regardless of your answer, I suggest that you notify your bank(s) and credit card companies immediately and request that they issue your household new account numbers. Make sure that you explain your situation to the above lending institutions using another medium other than a computer, e-mail, cell phone, or your home telephone (e.g., initiate your request using your parents' or in-laws' phone).
Third, contact the (above) University and register a complaint with them and their Internet Service Provider (ISP) leasing the IP address of the host you think the stalker is using. The network administrator should be able to run a trace (tracert
Fourth, visit http://www.cybercrime.gov/reporting.htm to learn if you are the victim of a computer crime and take the appropriate course of action. Consider using tools (e.g., automating "netstat –na >> log.txt" via scheduler) to monitor all the connections to your computer. Make sure your computer is running the latest software patch and security hotfixes. Closely monitor any chat rooms/channels and forums your daughter participates in. You may want to create new chat accounts using new nicknames and no do not disclose any personal information.
Fifth, keep in mind that an Internet Stalker can be a long-term predator and may want to show off how much personal information they have collected about you. It's also possible that they will use this information to break into your home. For this reason, I suggest that you change your passwords, including your home alarm. You'll have to find the answers to these questions: Why is the Internet Stalker focused on you? How severe is the threat(s)? How much information has the stalker revealed to you? What other private information could the stalker have obtained? Do you think you, your husband, or daughter triggered this action? Where online did you provide this private information?
You may want to take into consideration social engineering (and use any language patterns from Internet Stalker) in your attempt to isolate the culprit. No doubt, this is a psychological strain, however it is possible to track the Internet Stalker with good sleuthing and patience.
Dig deeper on Network Security Monitoring and Analysis