Internet privacy and security course
Aa font
AA font size
About translation
Previous Next
How hackers get caught

Chapter 19

How hackers get caught

The second chapter explores how hackers and the most wanted cybercriminals get caught out. Why should I be talking about criminals? It’s quite obvious: their stories will clearly show the process of deanonymization - identifying a person on the Internet. So this part of the book will analyze the reasons that led to the arrests of known (and not so known) hackers.

After watching movies portraying hackers, many readers see the process of hackers getting caught as an intense cat-and-mouse thriller that unravels in virtual space and depicts a war of technologies, with errors occurring at the code level. But in reality, it’s not the code errors that get hackers found out. The let themselves down out of laziness, sloppiness, poor judgement or plain stupidity. Eliminating these shortcomings is the first step toward assuring your safe and anonymous work online. To lend more credibility to this assumption, let’s move on to looking at a few stories of how hackers get found out and cybercrimes are solved.


Hackers are taken down by code errors or using state-of-the-art technologies against them.


The majority of caught hackers were taken down by their own laziness, sloppiness, poor judgement and plain stupidity.

Let me get started by telling you about Jeremy Hammond, the FBI’s most wanted hacker, who, among other cybercrimes, attacked the computers of the intelligence firm known as Stratfor. Stratfor was founded in 1996 and today is commonly referred to as the private CIA, boasting the government and major corporations among its clients.

Jeremy was able to access the information about the crimes exposing Stratfor and private military contractors that tightly cooperated with the U.S. law enforcement. Hammond deleted the files from Stratfor’s servers, copied the internal emails and passed them on to Wikileaks. He used Stratfor’s clients’ credit cards to rack up $700,000 in donations, and I personally view his deeds bordering on crime and feat of courage.

However, the U.S. justice found nothing courageous about his acts, and on November 15, 2013, Jeremy Hammond, aged 28, got sentenced to ten years in prison and three years of supervised release after. But how did the FBI succeed in catching him and how did the special agency find the proof of his guilt?

The FBI revealed Hammond’s identity with the help of a hacker who infiltrated the loosely organized hacking group Jeremy was involved with. At least this kind of version was spread by the mass media. Infiltration is one of the most popular methods employed by special agencies. I don’t know how the infiltration process works specifically, but I suppose the agencies catch the most stupid hacker, and he agrees to cooperate in exchange for his freedom or a reward.

We tend to trust people we constantly work with more than strangers from the street. Even the most clever of hackers are mere humans, and the need for communication and social interaction remains an essential part of their life too. But not only hackers and criminals should fear being exposed through an accomplice, we all should stay alert when interacting with people on the Internet; your correspondence is getting saved, and it may so happen that in future someone can get ahold of your content.


When you communicate with someone on the Internet, carry on correspondence as if you are being watched over by the representatives of special agencies. I believe this is the best advice on how to best protect your correspondence.

But deanonymization – revealing the user’s identity alone is not enough. To hold a cybercriminal accountable for his acts, one should gather the evidence against him – get access to the data that stores the information about the crimes he committed.

Jeremy Hammond is a consummate professional and he, undoubtedly, encrypted his hard drive. But the problem was that the password he chose was “Chewy 123” – the name of his cat. The FBI had been watching him and knew this information, so cracking the password didn’t require that much effort for them.

Let me take a detour now to explain how a password is brute forced. First the experts will check if you used one of the several dozens of millions of common passwords (for instance, QwErTy1234567890), then they’ll draw a list that will include your address, phone numbers, relatives’ names and last names, pets’ names, your favorite soccer team, singer, professional athlete, school number. Next, they will check them with the help of a program that will tweak with these numbers adding different data. You are severely mistaken if you think that your mother’s maiden name and 123456 coupled with it make for a safe password.

Moreover, the experts will try to find out your passwords for other resources and if they see that you used Ovid’s quote as a pass for one of them, they’ll make sure to check all his quotes with different additions.


When setting up passwords, don’t use your mother’s maiden name, your name, address, the name of your favorite soccer team, phone number, pets’ names. Otherwise, they should be part of a very sophisticated password where you rely on the rest of the characters for a unique, strong password.

Passwords, their creation and storing, the methods used for their cracking and stealing are extensively covered in this course and should be thoroughly studied. We have a separate chapter exploring this theme.

What would be the biggest takeaway from the Jeremy Hammond story? Do not violate the laws of the country you live in (or