Can help me find who hacked me?

Sometimes we get asked to help by people who has had their technology compromised in one way or another; perhaps someone has signed into their account without their permission; perhaps someone has made some online purchases with their account or credit card; or perhaps they've been a victim of some other kind of attack. And in trying to find who did it to them, they discover our website.

Why do they find

Based on what a lot of people tell us; people who have been compromised in one way or another often have very little information about the perpetrator. At best they often have nothing more than their IP address and user agent of the criminal.

Most of the time, it seems that people actually find us due to our user agent listing! In cases like that, it's usually because by googling the user agent they find our website...

So can we help?

Unfortunately in cases like this, if you have nothing but an IP address and a user agent there's really nothing we can do to help you.

We're experts on user agents and have been researching and analysing them for nearly a decade, so it's not that we don't know how to help; it's more that user agent's aren't very useful for tracking down someone.

User agents don't really identify anyone

Remember; the User Agent merely states which web browser someone is using. Knowing the user agent that someone was using when they stole from you or broke into your account is like saying "the bank robber was driving a white Toyta Camry" - there are many, many people who drive the same type of car in the same way that many, many people use Chrome, Firefox or Safari.

Unfortunately, knowing someone's user agent isn't enough information to track someone down. Also, don't forget that user agents can be changed easily as well!

What if I have the hacker's IP Address?

If you are certain that you have the address of the person who is causing you trouble, this may help you... a little bit.

Don't forget that depending on the sophistication of the attacker they may be using someone else's cracked system to hide where they're really coming from. Or they may be using a VPN or some other kind of tunnelling system which makes it much harder to find their actual location.

So even if you think you have the criminal's IP address, just be vary careful about jumping to conclusions about it.

Either way, it's not something that can help you with.

So what can you do?

IP Geo location

If you have their IP address, you can at least start by getting the approximate location of their IP Address. This tool will attempt to find the approximate location of the IP address - it won't give you the street address or anything; many times it's not even the correct suburb, but usually it gives you the right State and Country.

If it's such an approximate location it may not seem like very helpful information by itself, but what you need to do is collect as much data as possible and hopefully you get enough information to give you something to persue with the correct law enforcement agency.

IP Abuse Databases

You can also look up your hacker's IP address in various IP Abuse databases (such as to see if other people have reported problems with the same IP address. There is a slim chance that this may give you more information about your attacker. For example, you may find that other people have been attacked or spammed by the same IP which might indicate that the IP belongs to a compromised web server somewhere. You might then be able to contact the hosting company for that server and see if they have more information which could help you.

They might have been covering their tracks

So while you may know the IP address that is connected to the bad activity on your account; don't forget: Not only is it possible that your attacker was using a stolen/hacked IP to cover their tracks, people's IP addresses can change quite frequently for normal causes (it mostly depends on their ISP). Sometimes IP addresses can be shared between devices as well (for example if you're on the WiFi at a cafe or hotel, you'll probably be using the same IP address as the other patrons.)

So even if you managed to find someone with that exact IP address, there's still a chance it wasn't the person who compromised or stole from you.

To be more certain, you would also need a historical record of exactly who was using that IP address on that date and time. This is something which only their Internet Service Provider (ISP) will have, and they won't provide it to you outside of proper legal procedures...

Go to the police

So as you may have guessed, the best approach may be for you to go to the police about the matter.

Unfortunately, the cases of computer crime has exploded in frequency and complexity in the last decade, and police departments world-wide are understandably swamped with cases and are able to focus only on the largest and most important cases.

We have to be honest; we think it's unlikely that a police department will be able to tangibly help in many small cases of computer crime; the attacker is possibly outside of your local police department's jurisdiction so to pursue it would include involving larger Law Enforcement Agencies - in our experiences it's not realistic that this would happen for very small cases.

By all means give it a go though; it may also register a pattern of similar cases with the police - perhaps the one perpetrator is doing the same thing many times in a row, and so the police are able to track them down and prosecute them.

What else can you try?

Try contacting the site's owners

It depends on your exact case, but if someone has compromised your account on a specific site, you may find that the owners of the site want to help you get to the bottom of it - after all, you're their customer and it may indicate a deeper problem with their website too! Maybe there's a way that people are consistently breaking in to their website which needs fixing!

They may have more information

As well as this, it's the site owner who is going to have additional information about the attack too.

While you having just the attacker's IP and User Agent by itself may not be very useful, if the site owner can see that these same bits of information were used in multiple attacks then maybe they can find a pattern. Eg. do the stolen items all get shipped to the same address? Is the attack somehow linked to another email or username?

Gather information

Finding more and more of these data points will also make it more likely that the police can help you. For example, instead of just telling them "The attacker might have used this IP address", if you and the site owner can notify the police that "The same IP address is responsible for 10 thefts in the last week which total over $5,000" then it may at least make it more possible or likely that they can help.

Get professional help

The advice given here is very general and broad - hopefully it's helpful - but if you've suffered a really serious attack then you may decide that it's worth hiring a professional investigator and/or computer expert to investigate for you.

Again; it depends on how you've been compromised, but for example if someone has broken into your computer they may have left traces behind which can help identify them. Getting advice from a professional that you trust may help you.

Staying safe

We're also working on a series of guides to help you be safe online. Prevention is better than a cure!


Computer security is an extremely complicated and broad topic, so we hope our guide has been able to shed a little bit of light on it. If there's anything that's missing or not clear enough in this article, please get in touch and let us know.

Good luck.

Back to the Knowledge Base

Finished here? Go back to the Knowledge Base index.

Get a VPN to help stay safe online