The FBI has reportedly mulled the possibility that disgruntled ex-employees or hacktivists, rather than North Korea, could have been behind the devastating hack of Sony Pictures.
Infosec bods remain deeply sceptical of the official line that Norks breached the film studio's systems as a reprisal for Sony’s production of a satirical film depicting the assassination of its leader, Kim Jong-un.
Security firm Norse has gone one step further by fingering a group of disgruntled former employees as the source of the attack on Sony’s network, and the subsequent leak of all manner of sensitive information.
Norse has identified a group of six individuals – from the US, Canada, Singapore and Thailand – as potential suspects. One of the alleged perps is a 10-year veteran of Sony Pictures’ backroom technical staff who lost his job in May.
Norse reached its conclusions after investigating the online footprint of individuals laid off by Sony Pictures earlier this year. They apparently had the technical ability and perhaps unrevoked access credentials that might have facilitated the breach, Security Ledger reported.
Norse focused on ex-staffers whose expressed anger about losing their jobs was a result of the studio's restructuring operation. This narrowed down the hunt to a handful of individuals, including - at least according to the security firm - a purportedly recently unseated technical Sony veteran known only as "Lena". Stammberger told CBS Norse's data backed up claims she had subsequently participated in IRC (Internet Relay Chat) sessions with hacktivist types in Europe and Asia.
The security firm was then able to connect an individual who participated in this online chat with a server upon which malware used in the attack was compiled back in July 2014, months before the main assault on Sony Pictures was launched by the self-styled “Guardians of Peace” hacking crew.
Kurt Stammberger, SVP for Norse Corp, told CBS Evening News why he had come to the conclusion that a disgruntled worker and hacktivists, rather than North Korea, was behind the attack.
“There are North Korean fingerprints on this but when we ran all of these leads to ground they turned out to be decoys or red herrings,” Stammberger told CBS.
The wiper malware used in the attack has been used by North Korea but it’s also been used by crackers and online vandals since the malicious code was leaked some months ago. Norse said it has shared its findings with the FBI, CNN added.
This alternative theory – supported by circumstantial evidence about the malware compilation – challenges the FBI’s official (though perhaps preliminary) findings that the Sony Pictures pwnage was a state-sponsored attack orchestrated by Norks.
Unconfirmed and sketchy reports even suggested that the Feds has begun probing the claim that an insider worked together with hackers – possibly including a former member of hacker group LulzSec based in Canada – to pull off the attack.
The FBI is saying nothing beyond its previously released statement, blaming North Korea for the Sony hack.
It's an accusation Pyonyang continues to angrily deny. ®