Since publishing some of the data that I had discovered relating to the hacking and attempted illegal taking of my business data, a few things have suddenly changed.
I noticed that my IP address now resolves to a different place on my Statcounter entry. Earlier this week and for the past month or so it was resolving to Ecchinswell, Powys, United Kingdom (which of course does not exist, the ONLY Ecchinswell in the UK is 6 miles outside of Newbury, Berks), but on the checkout page of my business site it pre-populated the address with Coggeshall, (now I happen to know someone from a previous life who lives in Coggeshall, who also works for BT) and was one of the elements that drew my attention that something was not right.
and the traceroute to the online shop looked like this.
Today, the Statcounter resolves me to High Wycombe, Buckinghamshire, United Kingdom and the online shop checkout does the same, despite the fact that I live in South Wales. However, a new trace-route to the online shop backend still shows that there are forces at work.
The ‘asymm’ in the right hand column means that the path to the hop and back have been different (asymmetric). This usually happens when there is some link in one direction jammed or the network architecture encourages different paths for the different directions. The number after asymm shows the grade of asymmetry (i.e. how many hops are different). but in this case there is no next hop, the link is still blocked.
Of course that missing link on line 5 is the really interesting bit, as this is probably where the split takes place, so hiding the previous BT entries (and the monitoring & blocking). It’s definitely tied to my home/office network source IP address, because when I connect from elsewhere, as I did this morning, it connects no problem. Oh such tangled webs we weave….
When I couple this with some of the stats, IP addresses and routing that I have gathered before and after these attacks some very interesting patterns begin to emerge.
To be continued…..