Despite the FBI concluding that the massive cyber attack against Sony was carried out by North Korea, many experts are now calling the Bureau’s findings into question.
Since North Korea denied involvement in the hack, cybersecurity experts have begun to believe that Kim Jong-un may not be lying. In an article for the Daily Beast, Marc Rogers discusses the FBI’s findings, which included the fact that the same malware used in the hack is one that had been developed by North Korean actors. Rogers argues that this fact does not necessarily count as conclusive evidence.
“The fact that the same piece of malware appeared in the Sony hack is far from being convincing evidence that the same hackers were responsible," Rogers wrote in the article. "The source code for the original 'Shamoon' malware is widely known to have leaked. Just because two pieces of malware share a common ancestry, it obviously does not mean they share a common operator. Increasingly, criminals actually lease their malware from a group that guarantees their malware against detection. Banking malware and certain ‘crimeware’ kits have been using this model for years.”
Other cybersecurity experts have echoed Rogers’ suspicions regarding the FBI’s supposedly definitive proof. Kurt Stammberger, vice president of the cybersecurity firm Norse, told CBS News that he believes the hack was an inside job.
“Sony was not just hacked, this is a company that was essentially nuked from the inside,” Stammberger said. “We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history.”
Norse has reportedly done its own private investigation into the hack, and Stammberger said that their evidence is pointing to a woman known as “Lena” being the mastermind behind the attack. The woman reportedly worked for Sony for 10 years before leaving earlier this year. She reportedly has ties to the Guardians of Peace, the hacking group that claimed responsibility for the cyberattack.
“This woman was in precisely the right position and had the deep technical background she would need to locate the specific servers that were compromised,” Stammberger said. “There are certainly North Korean fingerprints on this but when we run all those leads to ground they turn out to be decoys or red herrings.”
Other investigations have found a possible Russian connection to the attack, which comes after a Russian Foreign Ministry spokesman voiced his support for North Korea and condemned President Obama for threatening to retaliate.