Security Firm Says Sony Hack Might Have Been an Inside Job
Despite claims by the FBI that North Korea was behind the massive hack against Sony, several cybersecurity experts have come forward to raise questions about the allegation, with some suggesting that insiders at the company could be to blame.
One such expert, Kurt Stammberger from the Norse cybersecuirty firm, told CBS News that his team believes a woman identified only as “Lena” was heavily involved in the hack – not North Korea.
“We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history,” he told the news outlet.
“Sony was not just hacked, this is a company that was essentially nuked from the inside,” Stammberger added.
Little is known about Lena, but Norse believes the woman is somehow linked with the hacking group behind the attack, known as the ‘Guardians of Peace.’ The firm also suspects the woman was a former employee of Sony who worked there for 10 years before leaving in May 2014.
According to Stammberger, Lena’s position in the company would have given her the access and knowledge needed to identify the servers that hackers ultimately stole troves of data from.
Stammberger didn’t completely rule out North Korea’s role in the cyber attack, but he told CBS that evidence pointing to the country could actually be a case of misdirection.
“There are certainly North Korean fingerprints on this but when we run all those leads to ground they turn out to be decoys or red herrings,” he said.
Last week, the FBI officially pinned the hack on North Korea, saying the breach involved lines of code, methods, and encryption algorithms previously developed by the country.
“Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korea actors previously developed,” the FBI said in its statement. “The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the US government has previously linked directly to North Korea.”
“Separately, the tools used in the SPE attack have similarities to a cyberattack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.”
Still, some remain unconvinced. Cybersecurity expert Bruce Schneier wrote that the code used by the hackers seems “to point in all directions at once.” Looking at the evidence cited by the FBI, Schneier said it’s the kind that is “easy to fake, and it’s even easier to interpret it incorrectly.” He also cast doubt on the “insider threat” theory, arguing that such an individual wouldn’t need the hacking tools used to breach Sony’s servers.
— Seth Rogen (@Sethrogen) June 11, 2014
— The Hollywood Reporter (@THR) December 25, 2014