×
You will be redirected back to your article in seconds

Sony Hackers Risk Exposure with Each Data Leak, According to Security Experts

Each time hackers release private emails, budget details and salary information from Sony Pictures Entertainment, they embarrass the studio — but they also leave behind a trail of digital fingerprints that could have investigators hot on their trail.

“Every time they publicly release documents, the hackers release a little more information about themselves,” said Jason Glassberg, co-founder of cybersecurity firm Casaba Security. “Nothing can be done without leaving evidence.”

For a breach on the scale of the one that brought Sony to its knees, a hacker has to retrieve information from a target, resulting in a file transfer from the hacked entity to a storage facility or server. Each time the information passes from one end to the other it leaves behind a record.

The same is true when it comes to releasing the information. The hackers must upload the data to a public place or file repository such as Pastebin, often leaving behind an Internet Protocol address.

“We talk about anonymity, but even hackers themselves can be traced,” said Glassberg.

The group taking credit for the attacks calls itself the Guardians of Peace, and there has been some evidence that their hits may have been coordinated in conjunction with North Korea. The country is angry about the upcoming release of “The Interview,” a comedy that depicts an assassination attempt on Korean dictator Kim Jong-un.

There are ways for hackers to cover their tracks, such as using a compromised chain of computers to route data through, experts say. Indeed, the hackers who breached Sony’s data security system are very sophisticated, Glassberg said, but they have already left a few clues behind.

Bloomberg reported last weekend that the hackers leaked information online using the network at a five-star hotel in Bangkok, and elements of the malware used to penetrate Sony bear resemblances to hacking attacks launched in South Korea that were believed to have been orchestrated by North Korea.

The leaks of sensitive information bubble up on nearly a daily basis, but cybersecurity experts say that the clock is ticking for the hackers.

“They may go a week or two more, but beyond that, they’re pushing their luck and will feel pressure to release everything they’ve got,” said Rob Sloan, head of cyber data and content for Dow Jones Risk & Compliance.

Beyond the digital paper trail, the human desire for recognition could expose the people behind the attack.

“Hackers spend a lot of time jumping from point to point to point, so you can’t locate where they are,” said Hemanshu Nigam, CEO of online safety and security firm SSP Blue. “You can’t ID them, but at the same time they need to drop hints about their identity because that’s how they take credit. They’re sharing their exploits and they’re showing what they’ve accomplished.”

There are steps Sony can take to combat these attackers. Re/code reported that Sony is using Amazon Web Services to disrupt downloads of information. Experts also tell Variety that Sony is likely disseminating files that look like the leaked files and sharing them on peer-to-peer networks so it pushes the genuine article farther down on search engines. Studios routinely release fake versions of films as a way to combat piracy.

They could also follow the example of companies such as Microsoft by embracing antivirus rewards, which essentially offer money in return for information that leads to the arrest and conviction of hackers.

More Digital

  • JUMP camera

    Google Is Shutting Down Its Jump VR Video Program

    Google will shut down Jump, its cloud-based video stitching service, this summer. The company emailed creators Friday afternoon to tell them that Jump would be shuttered on June 28, and detailed plans for the shut-down on its website as well. In its email, Google justified the closure of Jump with the emergence of new video [...]

  • Relix Live Music Conference

    Relix Live Music Conference Puts Spotlight on Gender Parity, Privacy

    The third annual Relix Live Music Conference took place at New York’s Brooklyn Bowl earlier this week. The two-day confab, which featured panels and Q&As by executives from such companies as Live Nation, Q Prime, SiriusXM, Bowery Presents, Glassnote Music, Shorefire Media and Splice, among many others, offered a fascinating and honest look at the [...]

  • Spotify Tests 'Car Thing' Audio Adapter

    Spotify Starts Testing In-Car Hardware

    Spotify is carefully taking a first step into the consumer hardware space: The company has begun to test a new in-car device that lets users access music and podcasts with voice commands, it revealed in a blog post Friday morning. “Car Thing,” as the device is being called for now, is only being tested in [...]

  • Hannah-Hart-BuzzFeed-Tasty-Edible-History

    BuzzFeed's Tasty Taps Hannah Hart for Food-History Show on Facebook Watch

    YouTube star and food fanatic Hannah Hart is combining her passions for cuisine and history in a new series for BuzzFeed’s Tasty on Facebook Watch. The eight-episode show, “Edible History,” premieres Sunday, May 19, at 8 a.m PT, on BuzzFeed’s Tasty Presents show page on Facebook Watch, with episodes released weekly. In each episode (7-12 [...]

  • YouTube Music

    Songza Co-Founders Have Left YouTube Music Ahead of Google Play Music Shut-Down

    The three co-founders of Songza, a music curation startup acquired by Google in  2014, have left YouTube Music, Variety has learned. Former Songza CEO Elias Roman, former chief product officer Elliott Breece and former chief operating officer Peter Asbill all quietly transitioned to new positions at Google’s startup incubator Area 120 in March. A YouTube [...]

More From Our Brands

Access exclusive content