Are Eye-Popping Emails in Facebook Ownership Lawsuit Legit?

What sort of smell does $78 billion give off?

Paul Ceglia claims a string of emails prove he loaned $1,000 to Facebook founder Mark Zuckerberg -- and therefore should by rights own half of the world's biggest social network, recently valued in the neighborhood of $78 billion.

Ceglia's case may hang on proving the validity of the 7-year-old emails between himself and the genius founder of Facebook, and experts told that doing so technologically presents a near impossible challenge. Instead, it all may come down to how legit they appear.

"Ultimately, it all boils down to passing the sniff test," said Jason Glassberg, co-founder of security analysis firm Casaba.

"Like handwriting, there are many attributes that can suggest, if not prove, that someone authored something. Specific references to events only that person would know and unusual turns of a phrase or use of language are examined," Glassberg said.

More On This...

It may boil down to an analysis of the contents of the emails to determine whether Zuckerberg and Ceglia were in fact corresponding, experts agreed.

Read more: Read the lawsuit and the emails and judge for yourself

Former NSA hacker Dave Aitel -- now president of security firm Immunity Inc. in Miami -- knows all about such an analysis. Aitel invented a forensic technology tool, called "," that is used by courts to do exactly that on emails: It analyzes the text and word choice in emails to ascertain their veracity.

"It's extremely unlikely they would get away with it. Even faking someone's voice is somewhat difficult," he told told But even his tool isn't 100 percent, of course, and Ceglia has billions of reasons to lie -- each with a picture of a former president on it.

"All evidence can be faked, and a few billion dollars is a lot of incentive," Aitel told

Robert Brownlie, a partner with giant law firm DLA and Ceglia's chief legal advisor, explained his firm believes the evidence is legitimate, and already did the forensic work required to prove it.

"Before agreeing to come on the case, we did a lot of due diligence or research on our part to determine to our level of comfort that the evidence is genuine," he said. But Facebook lawyers angrily note they have yet to see the emails, making a response from Zuckerberg and his lawyers a challenge.

Josh Daymont, CEO of information security firm Securisea, explained that verifying the path an email takes over a variety of servers and through the Internet -- seemingly a traceable route that would leave some form of evidence -- isn't an easy matter either.

"Each time the email is moved from one server to another, a log entry is created on the source and destination server, and a record is also added to the email header of that email itself," Daymont explained. So that information is proof of authenticity, right?

"The problem is that anyone can tamper with those email headers after an email arrives," Daymont explained, to make it appear that the email came from somewhere else. "Now if the person tampering with those headers does a very poor job, it might be apparent right away."

"It's extremely easy to forge an email, since they are only plain text," Glassberg agreed. And those servers don't retain their logs for long, he pointed out.

"Mail logs are generally not kept too long, outside of industries that require mail retention," he told

Sure, but it's complicated, isn't it? Is tampering with email headers and server files something an ordinary person could do? You bet, Daymont said.

"The headers themselves are pretty simple and it doesn't take a very sophisticated person to alter them such that they still look legitimate."

"Most of the time it won't be possible to really say with any level of confidence whether a printed email is authentic," he said.