What Are IP Addresses?

Before we delve into the practicalities, let’s define what an IP address really is. In short, it’s a number that identifies a computer on a network. There are two types of addressing systems currently in use: IPv4 and IPv6.

Furthermore, there are two categories of IP addresses. Private IP addresses are used to identify machines on a closed network. Your home Wi-Fi network, for example, is a private IP address. To allow your PC to talk to your game console, your router assigns each device a unique identifier.

Then, you take a step back. IP addresses are used on the entire internet for exactly the same purpose. Your internet service provider (ISP) assigns you an address, and it’ll take one of two forms: static or dynamic.

Static IP addresses are fixed. Think of them as your phone number. Unless you deliberately choose to get a new one, it remains the same. That’s because they’re typically used by things like servers, on which you’ll want to have an address that never changes.

Dynamic IP addresses are most commonly used on residential or business premises. Unlike static addresses, these change. The ISP reassigns the network a new IP address every day or so. These are more cost-effective as they allow for easier maintenance and provisioning by ISPs.

RELATED: How Do IP Addresses Work?

Websites Keep Logs

Most websites retain detailed logs about their visitors, and for good reason. If you know how to read these, you can learn how your website is being used by external third parties.

Now, let’s suppose a website like Facebook or Dropbox is used to commit a crime. Someone has created a false account to post content that breaks local laws.

Law enforcement can find out who this person is by subpoenaing the service provider for the IP address associated with that activity. A subpoena is a legal instrument used to compel individuals or companies to provide evidence, usually under the threat of a penalty for failing to comply.

Once they have the IP address, they still need more information to discover the person’s identity. Again, IP addresses identify computers, not people. To overcome this hurdle, investigators must first determine which ISP owns that IP address.

However, this is much easier than you might think. ISPs typically own “blocks” or “pools” of IP addresses. They’re also recorded in public databases operated by RIRs (Regional Internet Registry). There are five registries, and each is responsible for administering IP addresses in their own region. So, finding an ISP is merely a matter of typing the IP address in the right database.

If you search “IP lookup” on Google, you’ll find dozens of websites that will gladly do the job for you. You can also use the command-line whois tool and get the same results.

ISPs Keep Logs, Too

Once you’ve got the ISP, it’s merely a matter of sending another subpoena. As we mentioned previously, these compel individuals or businesses to provide evidence. Failing to do so could result in a fine or prison sentence.

Law enforcement then has access to the name and address of the subscriber, allowing their investigation to proceed.

But what if your ISP uses dynamic addresses? It doesn’t matter, because ISPs, like websites, retain logs. From looking at their records, they’ll easily be able to pinpoint which subscriber was associated with that IP address at that specific time.

This still doesn’t necessarily mean you’ve found the criminal, though. For example, if he used public Wi-Fi to commit the crime, authorities can only trace the activity to that public access point. However, they can then do things like examine security camera footage to see who visited that establishment or used that machine at a specific time.

It’s worth noting that law enforcement agencies aren’t the only organizations interested in pinning names to IP addresses. Often, lawyers or agencies that work for entertainment companies harvest IP addresses used to download pirated content. They then issue subpoenas to ISPs for the contact details of those customers.

Of course, anyone can anonymize her internet traffic by using Tor or a VPN. Many VPNs even claim they don’t retain usage logs, although it’s often hard to independently verify if this is true.

VPN chaining (the real version of “bouncing” your signal around the world) makes this even more difficult. The authorities can only track an IP address to a VPN company, which they’d then have to force to reveal the real IP address from logs, which might not even exist. If the criminal connected to that VPN from another, law enforcement would have to work their way through multiple companies to find the details.

RELATED: Can Hackers Really “Bounce” Their Signal All Over the World?

Tracking IP addresses isn’t the only way online criminals are caught. For example, Ross Ulbricht, who ran the Silk Road dark web marketplace, was caught after revealing his real name on an online message board.