# I have a computer hacking technology question.



## ironpony (Aug 15, 2016)

In my story, the villains have set up a website where they broadcast their crimes in videos for people to watch and the website is virtually untraceable. Kind of like what the villain was doing in the movie Untraceable (2008).

One of the cop's plan is to upload their own video to the website, making other characters think that the killers uploaded it, as part of their plan to catch the killers. Now in my research I read that a virtually untraceable website can be traced with a lot of work, down the road.

However, if the cops or the FBI haven't traced the website yet, could they hack into it, and upload their own video to it? If they haven't been able to trace the website yet, could they still hack into it?


----------



## JustRob (Aug 15, 2016)

I took a look at the plot of "Untraceable" and cannot make sense of the technology allegedly used there. Mirror servers do not themselves decide to take over when a primary server fails but rather the domain name server chooses to redirect access requests to the mirror. To do this the domain name server must have a list of all available mirror servers, so the authorities could simply shut all of them down by looking at this list or, even simpler, remove the website name from the domain name server altogether. I assume that the website was being accessed by its name in this case. In a dark web situation it would no doubt be accessed directly by its IP address, but if the server with that address were shut down then all access would be terminated. In effect one would need a dark web name server with the list of dark web mirror servers and round we go again, same problem but just different computers. 

The key to this is who runs the domain name server that gives the public access to the website and whether the authorities pursuing the criminal have a working relationship with that body. For example, my website has the suffix ".UK" so its name is managed by the UK organisation Nominet. If I were to do anything nefarious on it then the authorities could simply ask Nominet to delete the name. I myself have corresponded with Nominet about other people's UK websites and they are definitely alert to any infringements of the rules. Whether domain regulators in other countries are so vigilant is another matter, so it's more where the website is registered that matters ultimately rather than how the servers behind it are configured. 

My website regularly detects hacking attempts, probably by wandering robots working at random rather than individuals with specific designs on it. If the plot in "Untraceable" were workable at all then the website could relocate to another server when it detected a serious hacking attempt and any files successfully uploaded would be left on the shut down server and achieve nothing. 

A further problem that I see with "Untraceable" is that multiple mirror servers would have a hard time picking up a live feed from what must be a central source without revealing that source to anyone accessing any of them. Surely the source of the live feed is more important to the authorities than the website itself.

Clearly I am no hacker, regardless of the colour of my hat.

P.S.
I see that the website in _Untraceable_ had the suffix ".com" implying that the American domain name regulators have no control over their own system. This seems highly unlikely.


----------



## ironpony (Aug 15, 2016)

Okay thanks.  Well basically for my story, I want the cops or FBI to not be able to trace the site to any individuals, for months, and then they decide to upload their own video to attempt to get a suspect to react and flush him out.  But is possible to upload a video to website, if the authorities haven't been successful at tracing the site to any individuals?


----------



## JustRob (Aug 16, 2016)

Knowledge is power. The more that a hacker knows about a site the more likely it is that they'll find a way into it. The hacking robots that I previously mentioned just probe sites looking for generally known weaknesses, but they know nothing special about the sites to begin with. If a site is well built then those probes will just bounce off harmlessly. If it has a weak point then a robot may find a way in and take control of the resources. Authorities like the police are more likely to have the cooperation of the administrators of the various components of the Internet, which would make the whole task a lot easier, but that would make tracing the source of the files on the website a lot easier too. To make the story technically accurate you would have to get the relative ease with which the police could achieve various aims properly balanced, but you have already specified that one particular task is very difficult for them, so the factors that make that so may also affect other tasks. Hence an absolute answer to your question isn't possible. 

It just seems unlikely that someone so evidently adept at concealing their identity on the Internet or, to be more precise, the World Wide Web would then allow their website to be hacked by anyone else. One possible answer to this might be that the perpetrator is a script kiddie, i.e. someone who has acquired the tools to do certain things without actually understanding how they work. Someone like that might just happen to do some things well but make stupid mistakes elsewhere. Hackers take pride in having skills, knowledge and understanding across the board and despise script kiddies. You need to decide which category your perpetrator falls into.

As in the film _Untraceable_ it doesn't really matter how technically accurate the details are. Those who know just what really is possible on the Internet are unlikely to share their knowledge with outsiders because knowledge is power. Hence misleading fiction about the Internet is in a way a good thing as it obfuscates the reality, which benefits both the good and the bad. Generally story writers gloss over the details with some techie character saying that it's too complicated to explain but just to trust him that it's so.

Stories about criminal Internet activities are extremely erratic in that way. In a crime-busting TV series there is often a remarkably adept techie working for the good guys and they can apparently always achieve anything necessary to catch the criminal. Eventually however there comes an episode when for some inexplicable reason, inexplicable apart from the need to prolong the story that is, all their techniques fail and the situation becomes desperate. That's the point when the techie says that it's too complicated to explain and we viewers are obliged to believe it, even if some of us smirk.

As is often the case with writing, all you can do is draft out your story and get the right type of people to read it and comment. The devil is in the detail and discussing generalities without sufficient context has limited value.


----------



## ironpony (Aug 17, 2016)

Okay thanks.  What if my perp was the type who is a master at making the site, so that the police have not been able to trace it to them, but at the same time, he is not a master, of making it unhackable?


----------



## Bishop (Aug 18, 2016)

Websites are not untraceable. By their very nature, they are registered to a domain and have specific routing through server(s). There are ways to secure, mask, and spoof locations in order to make it much more difficult to track what a website is doing, where the server is located, etc.

It's a lot more likely the site would be using Tor routing in order to anonymously distribute its data packages to its users. But EVERYTHING on the web has a weakness; EVERYTHING can be hacked. Those that believe something are "unhackable" are either ignorant on the subject or are trying to sell you security software. That being said, hacks are NOT like TV. They can take weeks of preparation and probing, and the process of hacking is fantastically boring; it's much more akin to watching a status bar move across a screen than it is typing matrix code.


----------



## ironpony (Aug 21, 2016)

Yep for sure.  Sometimes the FBI can take months to trace a site such as the silk road site I read about.  However, in my story, the main character does not have months to wait for the site to be traced.  So I was thinking he would get the hacker, to hack into it instead for a different, quicker plan of catching the villains.


----------

