Hit & Run

Does Anybody Actually Believe North Korea Was Behind Sony Hack?


"What do you mean it wasn't me? It was! I demand the execution of all lizards!"
The Interview

The FBI may still be sure North Korea is responsible for the hacking that released all sorts of private information about the goings on at Sony Pictures, threats against the studio, and people who probably wouldn't have seen The Interview otherwise watching The Interview, but the skepticism out there is pretty thick.

Politico is reporting, and other media outlets are picking up, that cyber intelligence company Norse is saying the call is coming from inside the house, so to speak. They think a disgruntled former staff member may be involved. The intelligence firm met with the FBI to explain, but the FBI is sticking with its explanation:

"The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the U.S. intelligence community, DHS, foreign partners and the private sector," a spokeswoman said in a statement. "There is no credible information to indicate that any other individual is responsible for this cyber incident."

The spokeswoman had no comment on further inquiries about the briefing and whether the FBI found Norse's case convincing.

A source who had been briefed on the FBI's investigation said the agency had considered an insider as a possible explanation for the attack, but it wasn't supported by the evidence.

The FBI won't comment further on an open investigation, referring questions to the initial update on the investigation the agency released 10 days ago. That unusual release cited similarities between the malware and infrastructure behind the Sony attack and previous attacks attributed to North Korea as well as technical links to known North Korean-developed malware.

Politico lists several independent security experts finding the arguments for the FBI's position to be pretty thin.

Over the Christmas holiday, a hacker group called Lizard Squad claimed to be responsible for cyberattacks that shut down Playstation's and Xbox's online services, affecting many, many gamers. Playstation is a Sony game console, and in an interview with The Washington Post, an alleged representative of the Lizard Squad claimed to have provided Sony employee logins to the Guardians of Peace, the group claiming responsibility for hacking the company, so that the infiltration could commence. But, of course, we don't know if any of that is true either.