Sony Hack: New Evidence Points to Inside Job, Security Experts Say
Security firm Norse has found evidence that six individuals were behind the hack, including at least one former Sony Pictures employee
Despite the FBI declaring that North Korea was behind the devastating cyberattack on Sony Pictures Entertainment, security experts continue to believe that the hack was an inside job, reports The Security Ledger.
Security firm Norse claims it has evidence that shows the Sony hack was perpetrated by six individuals, including two based in the U.S., one in Canada, one in Singapore and one in Thailand. Norse senior vp Kurt Stammberger told the Ledger, a security industry news website, that among the six was one former Sony Pictures employee, a 10-year veteran of the company with a very technical background who was laid off in May following restructuring.
Norse used human resources documents that were leaked as part of the hack to first identify and then track the former Sony employee's online activity at least since May, when the person left the company.
The Ledger writes: “Researchers from the company followed that individual online, noting angry posts she made on social media about the layoffs and Sony. Through access to IRC (Internet Relay Chat) forums and other sites, they were also able to capture communications with other individuals affiliated with underground hacking and hacktivist groups in Europe and Asia.”
Norse’s findings are not conclusive, said Stammberger, but the company briefed the FBI about its findings on Monday.
“When the FBI made the announcement so soon after the initial hack was unveiled, everyone in the [cyber]intelligence community kind of raised their eyebrows at it, because it’s really hard to pin this on anyone within days of the attack,” Stammberger told Politico after the briefing.
Despite repeated denials from Pyongyang, the FBI maintains that North Korea was behind the Sony hack. In a statement published on Monday, the FBI said: "The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment."
"There is no credible information to indicate that any other individual is responsible for this cyber incident," the agency added.