How to Trap a Tracker
As a hacker or an aspiring one, You need to be careful and anonymous if your doing anything illegal. But you slipped up. Now someone is tracking you! Well luckily you read this post ahead of time and have a backup plan!
The first step in remaining safe is to remain anonymous. Setup a series of proxies and/or VPNs. There are already many tutorials on this site. But we don't want to just hide we want to find out who is tracking us.
So we bait the tracker a bit. First we need a fake identity Not a real fake one though. The easiest way to do this is a fake Facebook page. The first thing to take into account is Age. Depending on what you got caught for will help determine the age. If you hacked a PC of a man's wife for instance. Your not going to be 14 years old so think about it logically and say maybe around late twenties to early forties. The next step is friends. This will depend on the age too. A fifty year old probably wont have 200+ friends on facebook. 20 should suffice. You should make these yourself if time permits it. I recommend doing it at a library Then you need to setup a fake routine to lure the tracker in. You can decided this on your own depending on how you want to go about it. And know you need to find some pictures. Just find some random pictures of peoples faces and Photoshop them up a it to help throw off facial recognition. Do not post where anybody lives It WILL ruin the work
This is probably the Hardest part Now you need to make him follow the trail. Their are many ways to accomplish this. The easiest is use the same email that you used for the fake account for the hack. Put out that you have a new temp email that they can use. they can then Dox and find the fake facebook account. But that only works if they are following you on a site or something. You may need to place a easily detectable payload in the Vitim's computer, (the one who hired the tracker) that links to lets say a library. Set up something like a raspberry pi with the facebook account saved into the cookies. Now he's on the trail.
Next is to recon a spot to execute the trap. I recommend a large public library, But anyplace that has many cameras since this will be used during the trapping. If possible it should have a publicly accessible 2nd floor that looks down on the first floor. Now that you've found a suitable place You need to find the computer the camera's are linked to. First setup a packet sniffer like wireshark. since most computers are wireless it won't be hard to find one that connects to a wireless laptop. Now hack that and get the feeds (Easy right?) Im sure there's some tutorials here somewhere. If you cant do that just make sure that you can have a good line of sight to the entrance. Now we are ready.
Now the fun part The Trapping. This is by far the scariest part. Post that your in the library and you'll be there for a few hours. Since you can see the camera feeds watch until someone suspicious comes. Talk to them (They don't know it's you because of the fake pic) and If it is them convince them to give them your number or email address Preferably number, It might not and likely will not be them. Ask them what their looking for Be persistent but not too much you may need to learn some good old social engineering to convince them to tell you. If it's a number there are many tutorials on where they are from. (If it's a magic jack then you may need to try to get their email. (If you can't get the info you may have to follow them for awhile. Get comfortable because this can take a few days.) Say you have evidence but you want to encrypt it) Then once you have their email you can go about this a few ways.
The most reliable and effective but dangerous. A) Put a virus in the email That I) looks for residential info II) sends out the WAN IP to your computer (Or a remote server for extra anonymity). (Note if the virus is found then you will give away and all the work will be for naught and they WILL know you.) The method I normally try first, B) Get the IP address from the email (There are tutorials on the internet and even on null-byte I believe) Then use good old fashioned social engineering or hacking to get the residential location of the IP address. (Chances are you will have to find it through proxies and even then the chances of it working or not that high). Maybe though he tells you to meet him at a secret location and exchange documents. Then you will have to do stalking.
But now you know where the tracker lives. (Hopefully) There are many more methods but this method seems to work the best for me. If you have anything you wish to correct or add I will gladly listen. What you do with the information is up to you. You can add illegal files, Threaten his family etc. Or maybe you playing a big game of catch me if you can. (Really fun by the way)
EDIT: Cameron Glass has a great tutorial on creating fake identities with much more detail and How-To