"We became aware they were using machines in the IT department to hack into machines in the US," Lynch said. "They were setting up back doors in the computers they hacked so they could get back in again later."
Lynch can't recall what alerted the university's IT department to the suspicious goings on within the university network. Nonetheless when asked by the police to keep an eye on the character's movements, he first had to figure out how to monitor their progress without giving the game away.
Accustomed to tailoring computing devices to the requirements of different faculties within the university, Lynch now modified a computer within the faculty and used it to track their progress.
"We would find out where they were going and contacted all the places they were hacking into," Lynch said. "Whenever they got close to doing any real damage the modem would mysteriously drop out."
At the same time as he was disconnecting the hackers, Lynch would hold their line into the system open, so police could trace it.
"Eventually they were tracked down and charged," Lynch said. "It was just about the first ever cybercrime conviction in Australia, and given the sheer weight of evidence we had collected they didn't have a leg to stand on."
Despite the mystique, and the challenge of tracking down the hackers these days Lynch remembers the whole process as simply exhausting.
"It was not so much of a buzz really," he said. "It was a lot of work for very little outcome."
And while surveillance has become more sophisticated in the twelve years since Lynch first hunted down a hacker, the nature and extent of hacks has also changed dramatically.
In fact, many in the industry believe the Cyber-stakeout is a dying art. Given the sheer weight and extent of potential threats to the integrity of a system most companies and institutions are content to lock out unwanted intruders and board up their entry points.
According to Lynch, who is now a senior security consultant for managed security provider eSec, the cost associated with tracking hackers these days puts it out of the reach of most organisations. What's more, given the level of secrecy which surrounds most Web based break-ins, companies rarely want to follow through and prosecute cyber criminals.
"Large corporates like banks often have more to loose by admitting there has been a breach than they would gain by finding the culprits and pressing charges," he said.
