In investigating or tracing a security incident, we are sometimes asked to determine from whence—or where—an incident occurred, besides its perpretrator. Usually, we perform IP address tracing to get some sort of evidence. Another possible scenario is when we are faced with a situation where a file is thought to be the evidence and we are required to ascertain that. Sometimes in this case, merely checking its metadata is considered one of the best ways in determining whether it is valid as a piece of evidence. Unfortunately, it is not the case; not even close.
It was two years ago on a crisp autumn day in New York City, two months into my first semester at Columbia, when I read an article in the New York Times titled “Panetta Warns of Dire Threat of Cyberattack on U.S.” I remember that day so vividly, sitting in class perusing the news on my iPad waiting for the lecture to begin. Two years later in the wake of the Sony hacks, I wonder if Panetta (former Secretary of Defense and past CIA Director) had any inkling that a major Hollywood studio would be at the receiving end of the “cyber-Pearl Harbor” attacks he alluded to.