Hackers aren’t just getting more aggressive — take a look at what happened last winter to Sony — they’re also getting harder to track down.
Kevin Mandia, president of security firm FireEye and a cyber security expert, says that tech used to track hackers is getting better, and his company is making it harder for hackers to get after the information they want. But actually identifying the hackers? That’s getting tougher, too.
“In 2010, when responding to breaches, almost every time we’d look at the evidence and we kinda knew who [the hackers] were,” Mandia said at Code/Enterprise in San Francisco on Tuesday. “Right now we’re starting to get more groups that we’re labeling unknown. We have like 400 of them.”
Hacker groups are holding onto their anonymity through tactics like changing their malware or switching up the location of where they’re hacking from. It’s the kind of thing that can keep experts like Mandia from gathering too much about who any one hacking group is.
Mandia is a former U.S. Air Force officer who investigated cyber crimes and in 2004 started his own firm called Mandiant, which specializes in “incident response,” a computer security industry term that refers to answering the call to help clean up the mess when a big company has been hacked. He sold Mandiant to FireEye for $1 billion last year and stayed on as the combined companies’ president.
Within FireEye, Mandiant is still a prominent brand, and some companies have taken to invoking its name as a way of reassuring markets that the situation after a hacking attack is well in hand, Sony Pictures Entertainment included.
In that case, identifying the hacker wasn’t as much of a challenge. The U.S. Government pointed the finger at North Korea, and Mandia implied the same on Tuesday. “I liken it to my aunt being attacked by an Ultimate Fighting Champion,” he said of the Sony hack. “It was an unfair fight.”
Mandia still can’t talk much about what happened with Sony — there’s still ongoing litigation — but he has some advice for big companies and their execs for the future: Keep email responses short, and move important exec conversations to their own email servers on the iPad.
“The target surface on the iPad is pretty darn small,” he said. “We’re not seeing people try to exploit that right now.”
This article originally appeared on Recode.net.