The mystery over who’s responsible for the hack of Sony Pictures isn’t quite solved. A California company called Norse has done its own investigation and says that a former Sony employee and a group of “hacktivists” are the likely culprits — not North Korea. The cyber-security firm has briefed the FBI, but the federal agency is standing by its theory of North Korean involvement.
Martyn Williams has been following this story on his website NorthKoreaTech.org. He spoke with The Frame's Oscar Garza about why Norse decided to hold its own investigation of the Sony hack and what the company has concluded:
GARZA: Why would Norse embark on its own investigation of the Sony hack?
Usually whenever there's a large hack like this, a lot of cyber-security companies want to try to figure out what happened — partly because they're curious, but also they want to try to find out more about the way that hackers work, especially when it's a very major hack. I suspect that's what Norse did in this case. They started looking at this and there were some initial pointers to previous employees and it looks like they just went down that route.
GARZA: Is the U.S. government's theory that North Korea was behind the hack plausible, based on what you know about North Korea?
It's difficult to comment on the FBI's findings because I don't think we know all of the evidence they have. But we can quite easily say that based on what the FBI has made public, the evidence is quite circumstantial towards North Korean involvement. Now, of course, it might be that the government has a lot more information that they haven't made public. Right when this hack started, the first message that came from the hackers did talk about things like restructuring at Sony. There were many pointers towards this being someone that either worked at the company or used to work at the company. The subject of "The Interview" and of North Korea didn't really come up until about two or three weeks into this, at least from a hacker's side of things. So that's always been something that's been a little bit of a doubt towards North Korean involvement.
GARZA: There has also been speculation that North Korea hired outside agents to carry out this work for them. Is their operation that sophisticated?
There's a lot we don't know about the North Korean hacking program. The little pieces of information we are told, it appears to be there are several thousand of them. They have been implicated in different hacks on South Korea, but, so far, a lot the analysis of the hacks they have been implicated in points to them being relatively unsophisticated on a technical level. There were some things about this hack that were very different from previous actions that North Korea has been blamed for. For example: the messages to the media, the messages put online that taunt the FBI — North Korea has never done anything like that before. That is much more like some of these activist-hacker groups that we've heard of in the last year, groups like Anonymous that have been in the headlines. So, it could quite well be that there is a separate group involved in this as well, perhaps in collaboration with North Korea.