Experts doubt North Korea was behind the big Sony hack
(CNN) — Sure, North Korea’s government despises the movie “The Interview.”
But when its propagandists say it did not hack Sony Pictures before the original release date of the flick that satirizes dictator Kim Jong-un, they might just be telling the truth.
Some U.S. cyber experts say the evidence the FBI has presented to attempt to incriminate hackers working for the communist regime is not enough to pin the blame on Pyongyang.
“It’s clear to us, based on both forensic and other evidence we’ve collected, that unequivocally they are not responsible for orchestrating or initiating the attack on Sony,” said Sam Glines, who runs the cybersecurity company Norse.
The FBI has said that code in the malware used by a group called “Guardians of Peace” (GoP) in the attack on Sony is similar to code used by North Korea in other attacks.
But that code was leaked a long time ago, experts say. Any hacker anywhere in the world could have used it.
There is a group in the Kim regime that is responsible for cyber warfare, but independent IT security researcher Scott Borg doesn’t believe North Korea was capable of the Sony hack.
“It’s beyond the skill level that we have been able to observe,” he said.
CNN has reached out to the FBI for comment on the doubts about North Korea’s involvement in the Sony hack, but has not heard back.
Earlier this month, U.S. officials told CNN on condition of anonymity that the National Security Agency and FBI were able to trace the attack back to North Korea.
So, North Korea might not have done it. But if not, who did?
Sony may be a bur in Pyongyang’s fur for the movie, in which an actor playing Kim is confronted by the protagonist with North Korea’s human rights record. In the end, they do bloody battle.
But Sony has other enemies — both internal and external.
One example could be the group that says it launched a cyberattack on Christmas Day against Sony’s PlayStation Network.
The Lizard Squad has claimed responsibility for knocking PSN gamers offline and said it had also done the same with Microsoft’s Xbox. In the summer, it also smacked game networks Battle.net, Eve Online and League of Legends.
But after Sony Online Entertainment acknowledged large-scale attacks on Twitter this summer, the Lizards appear to have gotten particularly nasty with them.
A Tweet sent from an account in the hackers’ name alleged there was a bomb on board a plane carrying Sony Online Entertainment president, John Smedley. The plane diverted.
The Lizards also claimed responsibility for a PlayStation Network outage early this month, just days after the big Sony Pictures hack that plundered a record-worthy 100 terabytes of data. It included movies, company secrets, employee data, embarrassing internal emails and Social Security numbers of celebrities.
Then there are Sony’s internal rubs: Security employees have been hit by layoffs.
A disgruntled former longtime employee code-named “Lena” has ties to GoP, Glines said. And she had high access to company secrets and user data. There’s a possibility these weren’t hacked away from Sony but given away instead.
“Lena” was probably mad about layoffs, Glines said, but she may have also commiserated with people who pirated Sony movies and other content “and how they had been prosecuted in the U.S. and other countries.”
CNN asked Sony about Glines’ account on “Lena” but has received no reply.
There are myriad other possibilities.
There are hackers for hire. Or — like that leaked North Korean code — lots of malware is available through the Internet. Cyberattackers can augment off-the-shelf viruses with customized components.
Also, Sony is a broad target that plenty of hackers have taken shots at in the past.
In October 2012, the hacker group “The Three Musketeers” released a security key that allowed PS3 users to run pirated games.
And in April 2011, Sony’s PlayStation Network was shut down for nearly a month when hackers stole the personal information of an estimated 77 million people.
A 19-year-old Briton, allegedly a member of a hacking group called LulzSec, was arrested over that one.
That same year, in June, hackers released 150,000 Sony Pictures records, including user names and passwords, and claimed to have compromised the private information of more than 1 million people. This month’s hack was a reprise of that one for critics and for some employees planning to sue the company for failing to protect their privacy.