Was the Sony Hack an Inside Job?

There are growing questions about whether North Korea is responsible for a hack of Sony Pictures that tech experts are describing as one of the worst in the history of corporate America.

Earlier this week, multiple reports indicated that North Korean hackers targeted the studio because of anger over the upcoming movie “The Interview,” which depicts a fictional assassination attempt of Kim Jong Un. However, new details about the attack suggest it could have been an inside job perpetrated by a disgruntled employee.

A North Korean diplomat told Voice of America Wednesday evening that his country had nothing to with the attack. Tech experts now say that the diplomat might be telling the truth.

Writing for a blog called North Korea Tech, Martyn Williams details inconsistencies in the Sony attack and past attacks by North Korea.

“Computers at Sony displayed a message threatening the release of internal documents if undisclosed demands were not met. North Korean hackers have never made such public demands,” Williams writes.

He also notes that little is known about Guardians of Peace, the group that claimed responsibility for the attack. No group has claimed credit in past North Korean hacks.

Williams said that the hackers stole sensitive information about movie stars, staff, and Sony management. In an apparently personal attack, the hackers posted a message on the Twitter accounts of Sony employees. This gives credence to the growing theory that the attack was an inside job.

Tommy Stiansen, the chief technology officer for Norse, a hacker-tracking company, told Bloomberg that he plans to approach the FBI and Mandiant, the private company researching the attack, with information that implicates a disgruntled Sony employee in Japan in the attack.

“The only reason people are talking about North Korea is that North Korea spoke out against Sony,” Stiansen told Bloomberg. “But North Korea is better than that. They wouldn’t steal all the other movies and not grab ‘The Interview.’ I am convinced that this is an inside job. The group, Guardians of Peace, nobody has never heard of them. I cannot find a drop of information on them. I would say if we can’t find anything on them, they don’t exist and they’re certainly not tied to any particular government.”

“It would be very, very surprising if it wasn’t an insider attack,” added Joe Kiniry, a principal at the cybersecurity firm Galois. “To have that much data leak out through your network and not notice it would mean Sony’s security team is just incompetent. I would highly suspect that it was someone on the inside, someone like a [Edward] Snowden, filling up a USB disk and walking out” with it.

 Photo Credit: AFP /  Rahman Roslan