Privacy can be both a boon and a bane in the digital realm. It means that users’ identities are protected, which is crucial due to the prevalence of identity theft and other related crimes. On the flip side, the anonymity that privacy protection brings also gives cyberattackers confidence. This often becomes a significant roadblock for cybercrime investigators as anonymity makes back-tracing difficult. files can help investigators overcome this challenge, though, as illustrated in this post. Geolocation database download Using a Geo IP Database Download to Back-Trace Criminal Activities Even though attackers can hide behind privacy protection solutions, there is still a way to trace them. The process begins by examining system logs, which come in the form of application, security, and other event logs. These documents record all events that occurred within a computer, which may include a perpetrator’s IP address. Let’s consider this scenario as an example: An unauthorized network access occurred. When you check the security logs, you notice several Secure Shell (SSH) login attempts from the IP address 218[.]92[.]0[.]215. The first course of action is to report the IP address if considered malicious. Although helpful, this won’t stop the attackers behind the IP address. In fact, 218[.]92[.]0[.]215 has already been reported more than 16,000 times on but is still being used in hundreds of brute-force attacks as of this writing. AbuseIPDB Therefore, security teams would also want to investigate and try to trace the IP address back to its user or device. An investigation is all the more required when there is a potential data breach. A geolocation database download would reveal that 218[.]92[.]0[.]215 is a Chinese IP address with the following details: Jiangsu Region: Nanjing City: 32.06167 Latitude: 118.77778 Longitude: 210008 Postal code: UTC+08:00 Time zone: 1799962 GeoNames ID: 4134 Autonomous System (AS) number: China Telecom AS name: 218[.]92[.]0[.]0/16 Route: http[:]//en[.]chinatelecom[.]com[.]cn/ Domain: NSP Type: CHINANET Jiangsu Province Network Internet service provider (ISP): Broadband Connection type: Such data from an IP address database download can point investigators toward two directions. First, plotting the latitude and longitude would lead them to the center of a city in China. From there, they can coordinate with local authorities to conduct surveillance and launch an in-depth investigation. Another direction is to turn to the ISP, which, in this case, is CHINANET Jiangsu Province Network. The investigators can communicate with the ISP, report the malicious IP address, and ask for ownership information. Security teams can further use an IP geolocation database to pinpoint other IP addresses that belong to the ISP in neighboring netblocks. At the very least, these IP addresses can be included in the victim’s watch list, or if the organization does not have any dealings with anyone from China, they can also even decide to block the IP addresses. --- Even the most seasoned cybercrime investigators face roadblocks at the onset of an investigation, mainly because attackers often hide behind privacy protection services. But this shouldn’t stop them from digging deeper. From time to time, attackers would get sloppy just like what happened to Russian hacker Gucifer, who his virtual private network (VPN) before logging on to Twitter. As a result, he exposed his IP address to investigators. forgot to turn on And even if the attacker doesn’t get sloppy, event logs are relevant threat data sources that can be contextualized with the help of an IP address database download. A geo IP database download can enrich cybercrime investigations and bolster the threat detection capabilities of security solutions. But when you buy geolocation data, keep in mind that not all IP geolocation databases are the same. You have to make sure that the you use contain precise and wide-ranging geolocation data. IP geolocation sources

BOON

Trace

Twitter

Winner of Noonies 2020 for the award Hacker Noon Contributor of the Year - GOOD COMPANY.

How IP Geolocation Database Downloads Support Cybercrime Investigations

Too Long; Didn't Read

Companies Mentioned

WhoisXML API

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...