Home / / Sony hack could have been work of disgruntled ex-employee: report

Sony hack could have been work of disgruntled ex-employee: report

US cyber-sec firm floats alternate theory as experts question FBI’s N Korea findings

Sony hack could have been work of disgruntled ex-employee: report
Last month’s attack disabled Sony Pictures’ network for more than a week and saw the theft of as much as 100 terabytes of data.

A US-based cyber-security research company claims that last month's cyber-attack on Sony Pictures Entertainment could have been the work of a disgruntled ex-employee and five co-conspirators, despite the FBI's insistence that the crippling raid was organised by the North Korean government.

According to tech site Security Ledger, digital protection specialist, Norse, has conducted its own investigation into the 22 November attack on Sony's US film studio. Norse says it has uncovered evidence that six individuals took part in the cyber-heist that disabled Sony Pictures' network for more than a week and included the theft of as much as 100 terabytes of data. At least one of the attackers is thought to be an ex-employee of Sony Pictures, fired during a restructuring in May after 10 years of service. The employee had worked in a technical role, according to Norse, and had inside knowledge of the company's network architecture.

The Security Ledger said Kurt Stammberger, a senior vice president at Norse, claimed his company identified the team responsible for the attack. While two are based in the US, another lives in Canada, one in Singapore and one in Thailand. 

Norse's investigation was conducted by concentrating on individuals that might have had a grudge against Sony. After discovering the technically inclined ex-employee, Norse said it was able to access IRC (Internet Relay Chat, a secure form of Web-based communication favoured by the hacking community) forums and other sites where the individual communicated with hacktivist groups in Europe and Asia. It is not clear if one of these groups was Guardians of Peace.

Continues on next page>>

While Stammberger admits Norse's conclusions are far from airtight, his firm is not the lone voice of dissent. Several cyber security firms have expressed confusion over the FBI's theory that North Korea is the perpetrator. Consulting firm Taia Global, for example, claimed linguistic analysis suggested perpetrators were more likely from Russia than from North Korea.

Norse said it briefed the FBI on its findings yesterday, but investigators declined to share evidence in return, and a spokesperson for the federal law enforcement service said it was sticking to its original conclusion.

"There is no credible information to indicate that any other individual [other than North Korea] is responsible for this cyber incident," the spokesperson said in a statement.

North Korea's likely motive for any attack is a Sony Pictures movie called "The Interview", a comedy in which the CIA enlists two journalists to assassinate North Korean leader, Kim Jong Un. Guardians of Peace, the group that took responsibility for the cyber-attack, has publicly denounced the movie.

North Korea's government has issued strong statements denying involvement in the attack and suggesting "righteous" supporters were involved. The North suffered an Internet blackout days after US officials pledged retaliation for the Sony attack, but given the country's meagre infrastructure, analysts believe the outage could have been caused by anyone with a reasonably sized botnet.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.