Investigators will likely be looking for matching sequences of computer code as they try and trace a Sony Pictures hack attack that exposed embarrassing emails among high-powered execs — and experts warn attacks like it can start with an innocuous-looking email.
Mark Rasch, a computer security expert, told NBC News that investigators could find clues by comparing code used in an attack to other security breaches. "Typically a hacker will cobble together malware from a bunch of other code that they can find. And you use it to dissect where it came from,” he said.
Hackers who breached Sony’s computer network released sensitive emails, including those written by Sony Pictures Entertainment Co-Chair Amy Pascal that reportedly made insensitive jokes about President Barack Obama. She has apologized. Unreleased movies were also put on the internet. The FBI is investigating.
Many attacks start with an email that, once opened, downloads a program that hackers can use to access databases. But tracing cyberattacks to their origin is increasingly difficult. Hackers route attacks through servers all over the world in an attempt to disguise their location, another expert said.
"Groups know that their work will be tracked and that investigators are looking at it," Laura Galante of the cybersecurity firm Mandiant. "So any way that they are able to make that investigation harder, they will employ."