Each time hackers release private emails, budget details and salary information from Sony Pictures Entertainment, they embarrass the studio — but they also leave behind a trail of digital fingerprints that could have investigators hot on their trail.
“Every time they publicly release documents, the hackers release a little more information about themselves,” said Jason Glassberg, co-founder of cybersecurity firm Casaba Security. “Nothing can be done without leaving evidence.”
For a breach on the scale of the one that brought Sony to its knees, a hacker has to retrieve information from a target, resulting in a file transfer from the hacked entity to a storage facility or server. Each time the information passes from one end to the other it leaves behind a record.
The same is true when it comes to releasing the information. The hackers must upload the data to a public place or file repository such as Pastebin, often leaving behind an Internet Protocol address.
“We talk about anonymity, but even hackers themselves can be traced,” said Glassberg.
The group taking credit for the attacks calls itself the Guardians of Peace, and there has been some evidence that their hits may have been coordinated in conjunction with North Korea. The country is angry about the upcoming release of “The Interview,” a comedy that depicts an assassination attempt on Korean dictator Kim Jong-un.
There are ways for hackers to cover their tracks, such as using a compromised chain of computers to route data through, experts say. Indeed, the hackers who breached Sony’s data security system are very sophisticated, Glassberg said, but they have already left a few clues behind.
Bloomberg reported last weekend that the hackers leaked information online using the network at a five-star hotel in Bangkok, and elements of the malware used to penetrate Sony bear resemblances to hacking attacks launched in South Korea that were believed to have been orchestrated by North Korea.
The leaks of sensitive information bubble up on nearly a daily basis, but cybersecurity experts say that the clock is ticking for the hackers.
“They may go a week or two more, but beyond that, they’re pushing their luck and will feel pressure to release everything they’ve got,” said Rob Sloan, head of cyber data and content for Dow Jones Risk & Compliance.
Beyond the digital paper trail, the human desire for recognition could expose the people behind the attack.
“Hackers spend a lot of time jumping from point to point to point, so you can’t locate where they are,” said Hemanshu Nigam, CEO of online safety and security firm SSP Blue. “You can’t ID them, but at the same time they need to drop hints about their identity because that’s how they take credit. They’re sharing their exploits and they’re showing what they’ve accomplished.”
There are steps Sony can take to combat these attackers. Re/code reported that Sony is using Amazon Web Services to disrupt downloads of information. Experts also tell Variety that Sony is likely disseminating files that look like the leaked files and sharing them on peer-to-peer networks so it pushes the genuine article farther down on search engines. Studios routinely release fake versions of films as a way to combat piracy.
They could also follow the example of companies such as Microsoft by embracing antivirus rewards, which essentially offer money in return for information that leads to the arrest and conviction of hackers.