Security Firm: Sony Pictures Hack was Inside Job, Not North Korea

Security Firm: Sony Pictures Hack was Inside Job, Not North Korea

Norse Security says its investigation points to six suspects, and no involvement by North Korea.

While the FBI maintains that North Korea is the prime suspect in the recent Sony Pictures computer network hack, a respected security firm monitoring the breach has come to radically different conclusion.

Norse is a security firm with offices in Silicon Valley, and St. Louis, and while the firm has not been retained by Sony in any way, it has nonetheless conducted its own independent investigation of the network breach. So far, Norse says it has connected six people around the world to the hack, including one former Sony Pictures employee that was laid off in May 2014.

Five of these suspects have been tied to specific locations -- one in Canada, one in Singapore, one in Thailand, and two in the United States.

Norse used some of the publicly leaked data to conduct its investigation, including lists of SPE employees laid off in April and May 2014 during a company restructure. Operating under the premise that the hack was assisted by a current or former employee, Norse investigators found one laid off employee with deep technical background. Norse then tailed the suspect online, looking at social media posts, and IRC (Internet Chat Relay) chat communications made by the suspect. Monitoring IRC activity led to conversations between the suspect, and various hackers and hacktivist groups based in Europe and Asia.

As the Norse investigation is independent, the firm has shared its findings with the FBI, who met with the investigation team in Norse's St. Louis offices. "They're the investigators," said Norse senior VP Kurt Stammberger to The Security Ledger. "We're going to show them our data and where it points us. As far as whether it is proof that would stand up in a court of law? That's not our job to determine, it is [the FBI's]."

The theory set forth by Norse is the latest to challenge the FBI's assertion that North Korea was behind the Sony Pictures hack. Others have pointed to evidence that key leaked data was possibly taken off the network via local storage (a flash drive or external hard drive), while linguistics experts say whoever was communicating on behalf of the involved hacker group (identified as Guardians of Peace, or GOP), is a native Russian speaker.

While North Korea is sure to remain in the FBI's crosshairs, mounting evidence for alternate theories is becoming more difficult to ignore by the day.

Sources: Norse | The Security Ledger

Permalink

Their "evidence" is literally the mere fact that an ex-Sony IT employee who was annoyed at his layoff had some online conversations with part of the hacker community. That's...it.

Okay, all jokes aside, let's lay it on the line: How good/bad IS North Korea's internet? What's easier to establish than this mess is whether it's feasable for them or not.

My question is this, the sheer number of items that were transferred, how much time would that take?

FalloutJack:
Okay, all jokes aside, lett's lay it on the line: How good/bad IS North Korea's internet? What's easier to establish than this mess is whether it's feasable for them or not.

North Korea is known to have carried out significant hacking strikes at government levels. It's basically their only true form of power at all until they get their nuclear program long-range capable.

It is also not impossible that they'd simply have the means to hire people who could do the job for them. While they don't have the most money for a country, they certainly have the money to hire former employees as consultants and hackers to do the footwork once the information gained from the consultants pays off. In fact, this would make a fairly reasonable explanation for how North Korea responded to the accusations in saying it wasn't them but was pro-North Korean hackers. As if they knew who it was.

Lightknight:

It is also not impossible that they'd simply have the means to hire people who could do the job for them. While they don't have the most money for a country, they certainly have the money to hire former employees as consultants and hackers to do the footwork once the information gained from the consultants pays off. In fact, this would make a fairly reasonable explanation for how North Korea responded to the accusations in saying it wasn't them but was pro-North Korean hackers. As if they knew who it was.

Ah, so what they have is a suspicion, no real elimination of the actual suspect, which is an important distinction in any criminal case.

Pretty what I thought. Just some hackers having some fun. The former employee giving them an in makes sense but wow what a dumb thing to do.

Sounds like the USA is fabricating causus beli and got detected, +7 aggressive expansion!

You know, when the hack story first broke, I said I wouldn't be surprised if it was all a big publicity stunt because before all this went down, who honestly gave two shits about this movie? It looked about as funny as Youtube videos you can watch for free, so why pay money?

Pyrian:
Their "evidence" is literally the mere fact that an ex-Sony IT employee who was annoyed at his layoff had some online conversations with part of the hacker community. That's...it.

Heck, I'm just trying to figure out why a private company, not employed by anyone involved, would waste any time or resources on this. It seems like they're just jumping into the situation to see if they can grab a headline or two.

Thunderous Cacophony:

Pyrian:
Their "evidence" is literally the mere fact that an ex-Sony IT employee who was annoyed at his layoff had some online conversations with part of the hacker community. That's...it.

Heck, I'm just trying to figure out why a private company, not employed by anyone involved, would waste any time or resources on this. It seems like they're just jumping into the situation to see if they can grab a headline or two.

And that's why.
A private security firm getting headlines, and possibly getting the people behind the hack faster than the FBI would bring in a lot of business to Norse. It's a similar idea of hackers finding a hole in a company's security, but reporting it to get a bounty/job offer, just larger scale. Builds a resume, connections, and a public presence.
With an investigation like this, which involved a major company and quickly became a small international incident (because regardless of who's actually at fault, the FBI saying "It's probably North Korea" is a political statement), computer security operations at companies are already following it and looking to shore up their digital presence. If Norse is right, and doing their job better than the FBI, that would be a huge boost for them when it comes to job offers. And if they're wrong, then they have the excuse of them going up against a different nation's online force, and won't lose face.

PerfectDeath:
Sounds like the USA is fabricating causus beli and got detected, +7 aggressive expansion!

Hah. Loved it. Unfortunately for the US we are past the colonial era so they can't use colonialism as a cassus belli either.

the antithesis:
You know, when the hack story first broke, I said I wouldn't be surprised if it was all a big publicity stunt because before all this went down, who honestly gave two shits about this movie? It looked about as funny as Youtube videos you can watch for free, so why pay money?

Sony's getting dozens of black eyes from the information that's been uploaded for the world to see. Sony wouldn't risk the financial interests of the entire company to promote one film that was only expected to do well in a single country. Sony also called in the FBI to investigate before most of the data was released, not something to do when faking a controversy.

FalloutJack:

Lightknight:

It is also not impossible that they'd simply have the means to hire people who could do the job for them. While they don't have the most money for a country, they certainly have the money to hire former employees as consultants and hackers to do the footwork once the information gained from the consultants pays off. In fact, this would make a fairly reasonable explanation for how North Korea responded to the accusations in saying it wasn't them but was pro-North Korean hackers. As if they knew who it was.

Ah, so what they have is a suspicion, no real elimination of the actual suspect, which is an important distinction in any criminal case.

Right, it's possible that the US has records of bank transactions and things like that which lead them to N. Korea as the person who carried out a hit.

What people keep forgetting is that the FBI explicitly stated that they have more information showing N. Korea as the culprits behind this but cannot reveal the information because that would reveal a method of national security (probably just something related to Snowden's reveals that they basically track all correspondence). Unfortunately, this may mean that people find other suspects but may not have all the pieces to understand why the FBI would view the evidence firm enough for the president to make a statement about it.

Or, the FBI made a mistake. I'm not going to rule out that possibility. But I don't think they'd have made such a public statement without more evidence than what they presented. The FBI tackle these kinds of cases all the time and do so with surprising effectiveness.

PerfectDeath:
Sounds like the USA is fabricating causus beli and got detected, +7 aggressive expansion!

But... if someone disproves our kneejerk response, we won't have a flimsy pretext for attack/invasion! Quick - someone start a rumor that they have an advanced nuclear program underway. (Oh crap.)

Lightknight:
Right, it's possible that the US has records of bank transactions and things like that which lead them to N. Korea as the person who carried out a hit.

What people keep forgetting is that the FBI explicitly stated that they have more information showing N. Korea as the culprits behind this but cannot reveal the information because that would reveal a method of national security (probably just something related to Snowden's reveals that they basically track all correspondence). Unfortunately, this may mean that people find other suspects but may not have all the pieces to understand why the FBI would view the evidence firm enough for the president to make a statement about it.

Or, the FBI made a mistake. I'm not going to rule out that possibility. But I don't think they'd have made such a public statement without more evidence than what they presented. The FBI tackle these kinds of cases all the time and do so with surprising effectiveness.

Normally I'm one to take whatever the FBI or US Government publicly states with a 100lb bag of salt (they've far beyond graduated past the grain). However, this seems like an absolutely stupid thing to put out publicly without some form of veracity behind it. I don't mean like public embarrassment stupid, or "Oops, we relied on shit information when invading Iraq" stupid... I may not have a lot of respect for Obama's regime, but I don't think him or his Cabinet are that stupid to repeat the mistakes of the previous administration when they've spent almost the entire two terms blaming them for everything wrong with the country currently.
There has to be something they're not releasing publicly that points towards NK like you said, and the FBI is notorious for keeping their mouths shut on that type of information. There is the possibility of it being a mistake of course.
My theory is there's some people outside NK that had something to do with this but have ties to NK.

Of course it's not North Korea. This was known for a while but people just gobble up idiotic official version coming from FBI of all places. Why? These are the same people that are upset about the fact that they can't hack into encrypted phones. What the fuck do they know? You need to watch less Hollywood movies and TV shows about super competent law enforcement agencies. More often then not they're anything but competent. They're huge bureaucracies and every day they are more politically oriented and integrated into this massive inefficient fascist police state that the US has become. You can't fuckin' trust these people.

And the biggest sin you could commit against the US government is expose their incompetence. Do you honestly expect them to admit that NK had nothing to do with this when the freakin' President of the US said that they did? It's never gonna happen. They will never admit that they made a mistake. But they have: http://www.thedailybeast.com/articles/2014/12/20/sony-hackers-guardians-of-peace-troll-fbi-fbi-is-the-best-in-the-world.html

The fact that the hack happened prior to the release of The Interview is just a coincidence.

hawkeye52:

Hah. Loved it. Unfortunately for the US we are past the colonial era so they can't use colonialism as a cassus belli either.

Imperialism CB is OP, but that's in the 1600-1900s, after that it gets hit by some pretty serious nerfs.

PerfectDeath:

hawkeye52:

Hah. Loved it. Unfortunately for the US we are past the colonial era so they can't use colonialism as a cassus belli either.

Imperialism CB is OP, but that's in the 1600-1900s, after that it gets hit by some pretty serious nerfs.

So that's why USA is using fabricate terrorist activities recently?

At this point, since either side of this is fair game, without their cards on the table, I would like to propose a different theory...

image

so baiscally they are talking out of their ass without any proof. publicity stunt?

Thunderous Cacophony:

Pyrian:
Their "evidence" is literally the mere fact that an ex-Sony IT employee who was annoyed at his layoff had some online conversations with part of the hacker community. That's...it.

Heck, I'm just trying to figure out why a private company, not employed by anyone involved, would waste any time or resources on this. It seems like they're just jumping into the situation to see if they can grab a headline or two.

I have never heard of Norse security before. now i did. its a successful ad campaign is all.

PerfectDeath:
Sounds like the USA is fabricating causus beli and got detected, +7 aggressive expansion!

except if you actually bothered to read what this security firm is claiming, they are the ones fabricating a casus beli.

hawkeye52:

PerfectDeath:
Sounds like the USA is fabricating causus beli and got detected, +7 aggressive expansion!

Hah. Loved it. Unfortunately for the US we are past the colonial era so they can't use colonialism as a cassus belli either.

They seem to have Unam Sancti national idea though and have automatic casus beli for all heratics.

Adam Jensen:
Of course it's not North Korea. This was known for a while but people just gobble up idiotic official version coming from FBI of all places.

the problem with not believing the official version here is that everyone making claims that is contrary seems to base them on an exactly 0 amount of evidence.

Strazdas:
the problem with not believing the official version here is that everyone making claims that is contrary seems to base them on an exactly 0 amount of evidence.

There is no evidence that it was North Korea. None whatsoever other than the word of FBI. People like you who say that there's no evidence to the contrary didn't bother doing any research. Even FBI said that North Korea hired someone else to do it. Again, zero fuckin' credible evidence for that as well. Even North Korea denies it (which isn't really an evidence but why would they lie?). So, ZERO FUCKIN' EVIDENCE! On the other hand, there is evidence that it wasn't North Korea. Read the article I posted.

image
It's always America. I honestly cannot blame NK for being more paranoid than a nutcase conspiracy theorist, there is no other nation in this world which acts like one big witch hunt.

i would like to point out that timing is interesting. since the media compledly shut down about CIA torture reports after the attack happened despite the fact it was one of the most important spotlights news that required public focus.

Adam Jensen:
On the other hand, there is evidence that it wasn't North Korea. Read the article I posted.

The one with no evidence that is wasn't North Korea, except an anonymous post from an anonymous source that doesn't even include a reason?

Adam Jensen:

Strazdas:
the problem with not believing the official version here is that everyone making claims that is contrary seems to base them on an exactly 0 amount of evidence.

There is no evidence that it was North Korea. None whatsoever other than the word of FBI. People like you who say that there's no evidence to the contrary didn't bother doing any research. Even FBI said that North Korea hired someone else to do it. Again, zero fuckin' credible evidence for that as well. Even North Korea denies it (which isn't really an evidence but why would they lie?). So, ZERO FUCKIN' EVIDENCE! On the other hand, there is evidence that it wasn't North Korea. Read the article I posted.

You have no evidence that it was north korea*

FBI has explicitly stated that it is not disclosing all it knows because there is a criminal investigation going on. Security firm claims that because FBI is doing their jobs they are wrong. Some troll on the internet trolls.

Basically your article amounts to "the police didnt tell everyone whos fingerprints they found therefore they didnt find any". its a non-argument.

We do not have ANY evidence that it wasnt north korea, meanwhile we got people whos job is to investigate this is claim that they have evidence but dont show it for obviuos reasons.

meanwhile we got publicity stunts like this article where somone makes claims out of their ass basic it on absolutely nothing and plenty of people here seems to have believed it.

Also did you seriuosly ask why would NK deny it? yeah, why deny international crime and attack against another country. there could be no reprecutions from it right?

Strazdas:
Snip

I do not feel the overall impression of response to this is really belief. I see sarcasm and many grains of salt taken.

FalloutJack:
Okay, all jokes aside, let's lay it on the line: How good/bad IS North Korea's internet? What's easier to establish than this mess is whether it's feasable for them or not.

In theory it's an attack that could have been launched from damn near anywhere, the limiter is on receiving the presumably large amount of data quickly enough that you get it before someone notices and pulls the plug on the datacentre.

As a general rule you also don't launch attacks from your own connection because it's trivially easy to figure out where it came from if you do, kind of like assassinating someone by shooting them from your living room. Basically someone probably paid some guys to do it or some guys just decided to do it. It may have been North Korea but it could just as easily have been nearly anyone else.

Thunderous Cacophony:

Pyrian:
Their "evidence" is literally the mere fact that an ex-Sony IT employee who was annoyed at his layoff had some online conversations with part of the hacker community. That's...it.

Heck, I'm just trying to figure out why a private company, not employed by anyone involved, would waste any time or resources on this. It seems like they're just jumping into the situation to see if they can grab a headline or two.

I'm wondering how it's in any way legal for a private company, not employed by anyone involved, not in any position of official authority whatsoever, to conduct apparently invasive surveillance on private citizens on the basis of "he looked like a wrong 'un to me guv". Why do we even have data protection/privacy laws ffs?

All this either or shit is stupid. Do people not realize it could be both? Like, North Korea hires an out of country hacker to do a thing, asking this person to damage Sony in some general terms and promise a bounty on success. This person then begins the process of figuring out how to hack Sony - and finds that a former Sony employee is hanging out online with hacker groups and recruits this person to help with the hack.

Even if these Norse guys are correct that this involved former employees it does not in anyway suggest North Korea was not involved at some basic level. If North Korea did this they did not send out a uniformed army of hackers and do it from their capital building. This is espionage, you morons! Things are not going to be clear cut!

I mean, I have been in charge of network security for a company before. If I was looking to hack a company the very first thing I would do is look for people they fired who I might be able to get information from. Literally the very first thing.

Frankly, any security firm that can't grasp that most basic of concepts is hardly a company I want in charge of my security.

And it gets worse than that.

How does Norse Security know that the FBI wasn't already onto this point? Seems pretty damned obvious to me, I have a very hard time believing that the FBI wouldn't even consider the possibility. And the FBI didn't reveal all their info to the public because the investigation was ongoing and revealing that information could compromise the investigation. If Norse Security is correct, they just tipped off the culprit that the authorities are onto them.

Let me restate that: If these idiots are correct in their assessment they just compromised one of the highest profile cyber terrorism investigations ever.

And if Norse Security is not right, they are just being idiots and splintering the view of the public (not to mention pointing the finger at an innocent person whose identity can easily be gleaned from information freely available on the internet, which is very close to slander in my book.)

Either way Norse Security has behaved in a completely unacceptable manner trying to get a moment in the spotlight. What absolute colossal idiotic assholes. I hope the government fines them into oblivion for interfering with an ongoing investigation involving National Security.

The title is kind of misleading. Saying the Sony hack is coming from inside kind of implies that it's from someone who currently works there. Makes it sound like it was all an elaborate scheme. This just sounds like a pissed off ex-employee.

RedDeadFred:
This just sounds like a pissed off ex-employee.

Still quasi-inside. Someone intimately familiar with their networking and how the offices run things in any scenario.

I really feel justified in my earlier doubts about North Korea being the ones ultimately responsible.

Redlin5:

RedDeadFred:
This just sounds like a pissed off ex-employee.

Still quasi-inside. Someone intimately familiar with their networking and how the offices run things in any scenario.

I really feel justified in my earlier doubts about North Korea being the ones ultimately responsible.

Ya, I guess, my immediate reaction to the title was that Sony had pulled this themselves as a publicity stunt. I guess that was just my interpretation though.

To be honest, I kind of believed that it was from North Korea just because of how ridiculous the threat sounded. It really sounds like the rantings of someone who has been completely brainwashed by their country. I guess that's relatively easy to fake though.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here