Kurt Stammberger, a senior vice president with Norse, told CBS News that, “Sony was not just hacked, this is a company that was essentially nuked from the inside.”
“We are very confident that this was not an attack masterminded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history.”
Stammberger says that their chief suspect is a woman they’re identifying as “Lena.” The woman claimed to be connected with the Guardians of Peace – the hacking group who took responsibility for the infiltration of Sony – and she worked at Sony Pictures until last May.
While the FBI’s case rests mainly on the fact that the attacks against Sony were done through servers previously associated with North Korea, security experts are quick to point out that these servers can be easily hacked and manipulated.
Robert Graham, a researcher with Errata Security, says that anyone – countries and ex-employees alike – can hire hackers through the black market.
He’s also skeptical that the FBI could know what it says it knows with such certainty so quickly. It took the FBI months to take down the Deep Web drug hold Silk Road, and the perpetrators of hacks into Target, Home Depot, and JPMorgan earlier this year, are still unknown.
“Even if it’s true that it was North Korea, I don’t think the FBI would do it in three weeks,” Graham said. “Maybe six months.”
Robert M. Lee, co-founder of software firm Dragos Security, also agrees that the FBI’s evidence against North Korea isn’t strong enough.
Experts say that while the malware used against Sony has certainly been used by North Korea in the past, it is also a common tool of hackers.
Also worth noting are the original demands from the Guardians of Peace, which wasn’t concerned with pulling “The Interview,” but was instead blackmailing Sony executives in exchange for money.
Whether North Korea was responsible or not, sources told the AP on Wednesday that Sony will stream “The Interview” through several services, including Youtube, Google Play, and Xbox Video, in addition to allowing over 300 movie theaters to screen the film on Christmas day.
For anyone looking to play cybersleuth at home, Norse has released a real-time, global cyber attack map, which we highly recommend.