News Stay informed about the latest enterprise technology news and product updates.

How to identify an internet stalker

Internet stalker/social engineering

This article is a response to a question posed to our security expert, Luis Medina. See the question here

No need to apologize, you've directed your question to the right person. Yes, it is possible to identify this one person among a pool of people so large, but it will take time and effort. Not knowing all of the details of your situation and working with limited information, I've provided some suggestions for you to consider while investigating the personal identification of the "ghost". The important thing to remember is that this should be a team-based effort and not a single-person effort - in other words, get other officials involved (i.e., police, University, ISP Abuse Team, etc.).

Security's weakest link: People
IM putting enterprises at risk to viruses, attack
Thwarting social engineering attacks

First, before I offer any suggestions, I would ask that you seriously and carefully examine any threats made against you or your loved ones (on-line or off-line) or if you have been a victim of a computer crime. If the answer is yes, then I would contact the local police department and report the situation to the authorities immediately. (You'll need to meet with your immediate family to gather all the facts and register any concerns.) If the answer is no, I suggest at a minimum, that you still log a call with the police and let them tell you what course of action to take regarding your concerns. If possible, schedule a meeting and put a face (not just a voice) to your list of concerns.

Second, is your daughter, other family members, or friends attending or working (full-time or part-time) in the same large University the "IP and HOST address of this person" that you called "stalker" is registered to? Keep in mind, if this stalker is also a hacker, he/she can hijack many hosts and IP addresses - in other words, the large University could simply be a red herring in this matter. Regardless of your answer, I suggest that you notify your bank(s) and credit card companies immediately and request that they issue your household new account numbers. Make sure that you explain your situation to the above lending institutions using another medium other than a computer, e-mail, cell phone, or your home telephone (e.g., initiate your request using your parents' or in-laws' phone).

Third, contact the (above) University and register a complaint with them and their Internet Service Provider (ISP) leasing the IP address of the host you think the stalker is using. The network administrator should be able to run a trace (tracert ) on the IP address (or addresses) and eventually locate the internal [compromised] host. An experienced hacker/stalker is likely to use hundreds of IP addresses, making it difficult to trace back to the origin. It is important that you collect emails and observe behavioral patterns (e.g., language patterns, word selection, and other characteristics) that could assist you in identifying whether the Internet Stalker (flaming, cascading, or trolling) is a family member, close friend, or stranger. I suggest that you change your host name, passwords, and contact your ISP to request that they renew your dynamic IP address with a different IP address and not just recycle your old IP address. Collect any e-mail sent to you by the Internet Stalker and provide a copy to your ISP to take appropriate action. Consider changing ISP to one with a network abuse policy if they are not prepared to help you.

Fourth, visit to learn if you are the victim of a computer crime and take the appropriate course of action. Consider using tools (e.g., automating "netstat –na >> log.txt" via scheduler) to monitor all the connections to your computer. Make sure your computer is running the latest software patch and security hotfixes. Closely monitor any chat rooms/channels and forums your daughter participates in. You may want to create new chat accounts using new nicknames and no do not disclose any personal information.

Fifth, keep in mind that an Internet Stalker can be a long-term predator and may want to show off how much personal information they have collected about you. It's also possible that they will use this information to break into your home. For this reason, I suggest that you change your passwords, including your home alarm. You'll have to find the answers to these questions: Why is the Internet Stalker focused on you? How severe is the threat(s)? How much information has the stalker revealed to you? What other private information could the stalker have obtained? Do you think you, your husband, or daughter triggered this action? Where online did you provide this private information?

You may want to take into consideration social engineering (and use any language patterns from Internet Stalker) in your attempt to isolate the culprit. No doubt, this is a psychological strain, however it is possible to track the Internet Stalker with good sleuthing and patience.

Dig Deeper on Network Security Monitoring and Analysis

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.