Cyber security firm claims North Korea isn’t to blame for Sony hacks, FBI disagrees
So you know how last week the White House was claiming that North Korea was responsible for the hacks against Sony, and the cyber attacks an affront to freedom, justice, puppies, etc., etc.? Well, one of the top cyber security firms in the world thinks that the actual cause may just be a disgruntled Sony employee that was fired or laid off.
Last week President Obama publicly claimed that North Korea was responsible for the attacks on Sony, and that the White House was considering a measured response. Soon after, the isolated nation’s Internet was completely knocked out. It wasn’t clear if the outage was due to an officially sponsored American counter attack, a group that was sympathetic to the US (or antagonistic to North Korea), or just one of the many power outages that plague the nation.
The actual accusation against North Korea came from the FBI itself, but almost as soon as the President announced the findings, critics came forward and claimed that North Korea probably wasn’t responsible. It’s not that anyone would put it past them, but the online methodology didn’t fit with North Korea’s cyber footprint.
Fast forward a week, and that initial announcement may turn out to have been a bit rash. A security firm helping to investigate the Sony hacks has recently briefed the FBI on an alternate theory, according to Politico. The new, prevailing theory is that the hack was the result of a disgruntled employee and a group of independent hackers.
The FBI stands by its original statement, but the new theory comes from the cyber intelligence company Norse, one of the top cyber security firms in the world. The group has been looking into the hacks since they were revealed before Thanksgiving.
“When the FBI made the announcement so soon after the initial hack was unveiled, everyone in the [cyber] intelligence community kind of raised their eyebrows at it, because it’s really hard to pin this on anyone within days of the attack,” Kurt Stammberger, Norse’s senior vice president of marketing said.
The FBI claims it is willing to listen to private firms, and Norse reached out to the agency to present its findings. Stammberger went on to say that the FBI was “very open and grateful for our data and assistance,” but the FBI claims the evidence supports the accusation against North Korea. The agency isn’t ready to reveal that evidence yet, but that isn’t unusual.
“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the U.S. intelligence community, DHS, foreign partners and the private sector,” a spokeswoman for the FBI said in a statement. “There is no credible information to indicate that any other individual is responsible for this cyber incident.”
Norse claims that the breach began with a former Sony employee that was likely laid off or outright fired, while the FBI claims that the hack began with a series of malware attacks similar to previous attacks attributed to North Korea. Norse cites forum communications that may point to the origin of the malware, and it went on to point out the results of another firm’s investigation, which claim that a linguistic analysis show the perpetrators are more likely Russian speakers than Korean.
“Whenever we see some indicators or leads that North Korea may be involved, when we follow those leads, they turn out to be dead ends,” Stammberger said. “Do I think it’s likely that [officials] have a smoking gun? … We think that we would have seen key indicators by now in our investigation that would point to the North Koreans: We don’t see those data points. So if they’ve got them, they should share some of them at least with the community and make a more convincing case.”
The FBI’s investigation is still ongoing, and there is a very real possibility that the government is withholding major evidence that categorically links North Korea to the attacks. It could be that Norse is missing something that the government has access to, or Norse may be technically right, but North Korea may have used a third party to perpetrate the hacks.
Accusing a foreign power of a cyber crime probably isn’t something the FBI would do lightly, but it has been wrong before. We should hear more evidence soon.