I get questions like this all the time.
Individuals’ accounts have been hacked and they want to know who did it, or they already believe they know. And with that knowledge they want to do something. Typically, they want to see the offender get punished in some way.
Sadly, life on the internet just isn’t that easy.
My big, fat caveat
You probably know this part’s coming, but I have to include it for your protection as well as my own.
I am not a lawyer and nothing I say here, or anywhere for that matter, should be taken as legal advice. I’ll certainly share what I would do in situations that might be similar, and perhaps even hypothesize on some of the options you may have available to you. But ultimately, it’s all opinion and in many ways conjecture on my part.
If you have what you believe is a serious legal issue or question, I strongly encourage you to contact a legal professional in your area that is well versed with the laws that may apply to your situation.
Finding the perpetrator
I want to back up to a question that’s very common, which in this case has already been determined: who did it?
You need to realize that your life and mine, also known as the real world, is not like television or the movies. It take’s a lot more effort than a quick click or backdoor hack here or there to trace the source of harassing emails, malware or active account hacking activity. It’s just not as easy as the entertainment media would make it out to be.
Further, to the extent that this kind of tracing is possible, it’s not something that is available to you or me. Depending on where you live, typically the only resource you have available to you is local law enforcement. If they have time, if they have the expertise, and if the issue is deemed serious enough for them to spend time on, then they can investigate.
I think you’ll find that unless financial fraud has been committed, you’re not likely to get any help from law enforcement for a simple case of email account hacking. It’s not that it’s not important; it’s that they simply don’t have time compared to more pressing issues that they need to deal with.
The internet is global
One of the harsh realities of illegal activity on the internet is its global nature.
This manifests in several different ways:
- Things that are illegal in one country may not be in another.
- The country in which the perpetrator might reside may simply not have the resources, or expertise, to deal with this type of issue.
- To be even more blunt: the country might simply not care about something as simple as an email account being hacked.
To further complicate the issue: when issues are serious enough to warrant investigation, you’re now looking at having to coordinate different agencies in different countries to make it all happen. Even in the best of circumstances, those wheels of bureaucracy turn very, very slowly.
So you think you know who it is
In your case you’ve saved the investigators some time. Shouldn’t that get you some extra consideration?
First, do you have proof? Proof that would stand up in a court of law – in the country where the perpetrator resides? I’m guessing you don’t, really. Without such proof, it simply boils down to a case of two people disagreeing without evidence of a crime.
So you’ll need proof; hard evidence. That brings us back to local law enforcement who may or may not help you out, or hiring your own investigator, which of course will not be cheap.
Ultimately knowing the source of the hack doesn’t really help, unless things are really serious.
When things are serious
Contact local law enforcement. Get your issues on record. If they agree that your situation is serious enough, then you’re on your way.
In the U.S., and particularly when your issue crosses state or international boundaries, it’s the FBI that investigates issues relating to cybercrime. And yes, I have heard of successful results from having contacted the FBI when the issue is serious enough. A hacked email account probably doesn’t qualify.
If you’re not in the U.S. then you’ll need to determine which local law enforcement agency is appropriate.
What would Leo do?
I don’t know all the specifics of your situation, nor do I really want to. But in a situation where I found my email account and or phone being hacked by a family member, ex-family member or friend, here’s what I would do:
- If I needed to keep the email account I would secure the heck out of it. That means everything listed in my article Email Hacked? 7 Things You Need to do NOW as well as enabling two-factor authentication, or any other additional security measures available.
- If I didn’t need to keep the email account, I’d switch, perhaps phasing in a new email account over time. And of course I’d secure the heck out of that new account from the start.
- I’d talk to my mobile phone provider about what could be done to secure that from attack. The options vary depending on phone and carrier, but the carrier is the place to start.
- I’d consider changing my mobile phone number at the same time.
And yes, I would report the abuse to both my email service provider, and the mobile phone provider. I wouldn’t expect much action based on that, but I would at least want to have it on record in case more action was needed later.
What should you do?
I don’t know. I can’t know. There are simply too many important specifics in situations like this for me to make any specific recommendations, other than to consult a legal professional if you feel the situation warrants it.
In the mean time what I can tell you to do is this: keep your online accounts, your mobile phone, your digital life as secure as you know how.
If you’re not sure how, then learn how. That, at least, is most definitely important.