A growing number of security researchers are questioning whether North Korea was really behind the devastating hack of Sony Pictures which compromised sensitive employee information and temporarily put the release of The Interview on hold.
The suspicion of several security pros, who have looked at the available details about how the attack was pulled off, is that a Sony insider was involved.
"Sony was not just hacked, this is a company that was essentially nuked from the inside," an executive at computer security firm Norse told CBS News on Tuesday.
The FBI announced last week that its investigators concluded that "the North Korean government is responsible" for the late-November cyber attack on Sony Pictures Entertainment. A pretty authoritative statement, seemingly ending several weeks of speculation that Pyongyang targeted Sony in retaliation for The Interview, a comedy in which bumbling reporters are tasked by the CIA to assassinate North Korean leader Kim Jong-un.
A group calling itself the Guardians of Peace, or GOP, claimed credit for the Sony hack. Last week, the GOP issued a threat to pull of 9/11-style attacks on U.S. movie theaters screening The Interview. It was the first time the purported hackers had tied their actions to anger over the film and it was enough to convince several theater chains to nix planned Dec. 25 premieres.
North Korea has denied its involvement. Sony on Wednesday released the movie for $5.99 online through several distributors.
This week, Norse executive Kurt Stammberger claimed that his firm had identified a woman called "Lena" associated with the GOP who worked for Sony in Los Angeles for a decade before leaving the company last year.
"This woman was in precisely the right position and had the deep technical background she would need to locate the specific servers that were compromised," Stammberger told CBS News.
He added that "[t]here are certainly North Korean fingerprints on this but when we run all those leads to ground they turn out to be decoys or red herrings."
Others have weighed in as well.
Early on, Bruce Schneier listed several reasons why he was skeptical about the North Korean angle.
CloudFlare security researcher and Defcon head of security Marc Rogers argued the case for a Sony insider's involvement.
"Hard-coded paths and passwords in the malware make it clear that whoever wrote the code had extensive knowledge of Sony's internal architecture and access to key passwords," Rogers wrote in a Daily Beast piece. "While it's (just) plausible that a North Korean elite cyber unit could have built up this knowledge over time and then used it to make the malware, Occam's razor suggests the simpler explanation of a pissed-off insider."
Even former Lulzsec leader and FBI informant Hector Xavier Monsegur, aka Sabu, cast doubt on the involvement of North Korea in the Sony hack.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
