Fraud attempt from an IP address in USA - How to deal
According to my investigation, I figured out that an attacker has committed fraud from an IP address in USA. He/She used to use proxy earlier but, as we blocked all them he started using from a legitimate IP address without a proxy. Now that, we figured out the real IP address of the fraudster, how should we proceed legally ?
I tried to look up online but, the forensics stops when they found the real IP. Any ideas or suggestions would be helpful.
Now that, we figured out the real IP address of the fraudster, how should we proceed legally ?
Assuming that you, your company and the suspected attacker are all located in the US, it is a case for law enforcement. Make sure all evidence is checked twice, well documented and acquired in a forensically sound way. Burn all evidence to a DVD and add your report with a timeline to it. Then hand it over to the local police or perhaps the FBI. Consult the lawyer of your company if you have one. Anyway, you should be very sure that you target the right IP address before giving it to the police.
Having this IP address identified does not necessarily mean that this is the source of the attack. By leveraging shodan.io you can see that the Internet is full with orphaned hosts that are hacked and abused for attacks.