Sony hack: sacked employees could be to blame, researchers claim - The Guardian

Network Front | The Guardian
Sony hack: sacked employees could be to blame, researchers claim
Shared by 1 person
Security experts investigating the devastating hack against Sony Pictures appear to be moving away from the theory that the attack was carried out by North Korea, focusing instead on disgruntled former employees of the firm.
Researchers at Norse cybersecurity claim that six former employees could have compromised the company’s networks, arguing that accessing and navigating selective information would take a detailed knowledge of Sony’s systems.
Norse is not part of the official FBI investigation, but did brief the government on Monday, the company said. Though noting that the findings are “hardly conclusive”, Norse senior vice president Kurt Stammberger told theSecurity Ledger that nine researchers had begun to explore the theory that an insider with motive against Sony would be best placed to execute a hack.
The team had started by examining a leaked database of employees made redundant during a a restructuring in May.
Of six people Norse claim had involvement with the hack, one was a former staffer made redundant in May after 10 years at the firm. She had a very technical background and had used social media to berate the company after losing her job, it is claimed.
Working with pro-piracy activists in the US, Asia and Europe, she may have used secretive discussion forums and IRC (chat) to coordinate the attack, researchers claim.
“We see evidence for those two groups of people getting together,” Stammberger said.
Meanwhile, FBI investigators are exploring whether hackers outside North Korea were hired for the attack, a source told Reuters on Monday. North Korea lacks some of the capability required to carry out the attack, the agency believes, so may have contracted out some of the work.
The development indicates that the FBI may be shifting from its previous official position, which stated that “the FBI now has enough information to conclude that the North Korean government is responsible for these actions”, while US president Barack Obama described it as “an act of cybervandalism”. North Korea has denied any involvement.
However, the FBI’s statement has been met with scepticism by the security community who have pointed to inconsistencies and conflicting evidence in the case against North Korea.
Marc Rogers, head of security for Defcon, said that the malware used in the hack would have required extensive knowledge of Sony’s systems. “While it’s plausible that an attacker could have built up this knowledge over time and then used it to make the malware, Occam’s razor suggests the simpler explanation of an insider, “ he wrote. “It also fits with the pure revenge tact that this started out as.”
Former Anonymous hacker Hector Monsegur, known as Sabu, also said he doubted North Korea was responsible. “They don’t have the infrastructure [ to download that volume of data]. They do have state sponsored hackers, but so does China, so does the USA,” He told CBS News that it is more likely a former employee downloaded and then sold the data from Sony.
“The FBI points to reused code from previous attacks associated with North Korea, as well as similarities in the networks used to launch the attacks,” said writer Bruce Schneier. “This sort of evidence is circumstantial at best. It’s easy to fake, and it’s even easier to interpret it wrong. In general, it’s a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the ‘evidence’ to suit the narrative they already have worked out in their heads.”
Schneier also said that diplomatically, it may suit the US government to be “overconfident in assigning blame for the attack” to try and discourage future attacks by nation states.
He also pointed to comments by Harvard law professor Jonathan Zittrain, who said Sony might be encouraged to present the hack as an act or terrorism to help fend of likely lawsuits from current and former employees damaged by leaked material.
“If Sony can characterize this as direct interference by or at the behest of a nation-state, might that somehow earn them the kind of immunity from liability that you might see other companies getting when there’s physical terrorism involved, sponsored by a state?” Zittrain told AP.

Comments

Popular posts from this blog

New questions arise about House Democratic caucus’s loyalty to Obama | » Democrats Stymie Obama on Trade 12/06/15 22:13 from WSJ.com: World News - World News Review

Немецкий историк: Запад был наивен, надеясь, что Россия станет партнёром - Военное обозрение

8:45 AM 11/9/2017 - Putin Is Hoping He And Trump Can Patch Things Up At Meeting In Vietnam

Review: ‘The Great War of Our Time’ by Michael Morell with Bill Harlow | FBI File Shows Whitney Houston Blackmailed Over Lesbian Affair | Schiff, King call on Obama to be aggressive in cyberwar, after purported China hacking | The Iraqi Army No Longer Exists | Hacking Linked to China Exposes Millions of U.S. Workers | Was China Behind the Latest Hack Attack? I Don’t Think So - U.S. National Security and Military News Review - Cyberwarfare, Cybercrimes and Cybersecurity - News Review

10:37 AM 11/2/2017 - RECENT POSTS: Russian propagandists sought to influence LGBT voters with a "Buff Bernie" ad

3:49 AM 11/7/2017 - Recent Posts

» Suddenly, Russia Is Confident No Longer - NPR 20/12/14 11:55 from Mike Nova's Shared Newslinks | Russia invites North Korean leader to Moscow for May visit - Reuters | Belarus Refuses to Trade With Russia in Roubles - Newsweek | F.B.I. Evidence Is Often Mishandled, an Internal Inquiry Finds - NYT | Ukraine crisis: Russia defies fresh Western sanctions - BBC News | Website Critical Of Uzbek Government Ceases Operation | North Korea calls for joint inquiry into Sony Pictures hacking case | Turkey's Erdogan 'closely following' legal case against rival cleric | Dozens arrested in Milwaukee police violence protest