Sony Hacked By North Korea, Hacktivists, Ex-Employee, Or Maybe All Of Them? FBI Says It Stands By Conclusion That North Korea Was Responsible
Kelly Jackson Higgins, writing on the December 30, 2014 website, Dark Reading, notes that researchers at the Norse Corporation who say an ex-Sony employee may have had a hand in the epic breach of the entertainment company shared their intelligence with the finding with the FBI in St. Louis yesterday. But, Tal Kopan, writing on the December 31, 2014 website, Polirico.com, that, “after being briefed on the company’s findings, the FBI concluded that Norse investigators did not have an accurate understanding of all the facts — and, the bureau stands by its conclusion that North Korea was responsible for the Sony hack. “The three-hour meeting between FBI investigators, and Norse cyber security experts — “did not improve the knowledge of the investigation,” according to a U.S. official quoted by Politico. “Investigators are open to new information brought forth by researchers,” the official added; but, “it became clear in the meeting yesterday that Norse’s evidence was “narrow” and not an accurate analysis of the information,” the official added.
Though the FBI stood by its original conclusion that North Korea was responsible for “theft and destruction” of data”, “missing from its statement, Ms. Jackson-Higgins writes, is any reference of how hackers initially breached Sony’s network. Norse, among a number of other cyber sleuths, believe that North Korea may have had assistance from an ex-Sony employee, and/or, a disgruntled current staffer.
Kurt Stammberger, Senior Vice President at Norse, says the common interest between “Lena” the former Sony employee identified and traced by his firm, and The Guardians of Peace, — is likely their mutual anger toward Sony: Lena for getting laid off, and The Guardians for Sony’s legal moves in the anti-piracy space. Norse believes Lena, based on her communications and movements — may have teamed up with hacktivists to help carry out the attacks,” Ms. Jackson-Higgins noted.
“At the center of Norse’s findings, is Lena, a woman who had worked for Sony for 10 years in a senior technical mode — until she was laid off in May, during a corporate restructuring,” Ms. Jackson-Higgins wrote. “Lena had the technical knowledge to facilitate the type of attack Sony had, which is why….she remains a person of interest.” Norse’s Stammberger says, “There are other individuals as well. There’s a pretty short list of specific individuals; and, we know their names, addresses, and nationalities. They seem to have some connection to this incident.”
“Norse researchers examined the malware in the attack; and found it was pre-compiled with the addresses for Exchange and Active Directory servers; and, other specific machines inside Sony’s network where “specific” files resided,” Stammberger noted. “Usernames, passwords, and digital certificates also were found. So, this malware was precompiled with some of the keys to the kingdom,” adding that “the malware was first compiled in July — long before the breach was executed. This was more of a cruise missile, rather than a carpet bombing, which is the typical way malware works This was much more targeted.”
“Perhaps her credentials were not properly retired. Or, a very technical person could have easily placed backdoors in the servers, if they had enough notice before they had to leave….if they were sufficiently pissed off — that would be a straightforward thing to do.” V/R, RCP