There’s a new twist in the story of the devastating hack on Sony Pictures late last year: A security firm is claiming that Russian hackers also secretly played a part in the attack. And, it claims, the hackers still have access to the movie studio’s computer systems.
Taia Global released a report on Wednesday which alleges that Russian hackers managed to gain access to Sony Pictures Entertainment’s computer systems at the same time as the anonymous hacking group known as Guardians Of Peace launched a massive attack on the studio, as reported by PC World.
Vast quantities of confidential company information were published online in the hack in December, including movie screeners and executive emails. The prevailing consensus is that North Korea was responsible, as retribution for the James Franco comedy “The Interview.” The American government has publicly blamed the reclusive authoritarian state for the hack. (Some security researchers dispute this, however.) Taia is now challenging this narrative.
CEO Jeffrey Carr says he has received multiple files from a source, Russian hacker “Yama Tough,” that appear to be internal Sony Pictures Entertainment documents that were not included in any of the Guardians Of Peace data dumps. At least one document has been verified as legitimate by its author, Taia says.
Tough allegedly received the documents from a member of the “assault team” behind the hack, referred to as “Unnamed Russian Hacker,” or URH. URH is a Russian “long-time black hat hacker who does occasional contract work for Russia’s Federal Security Service.”
Perhaps most significantly, Taia claims that Sony Pictures Entertainment is “still in a state of breach.” Taia’s report says that it has recieved documents from Sony from late January 2015, long after the hack supposedly ended. URH “appears to have at-will access to the company,” the security firm says. (Sony Pictures Entertainment would not comment on Taia’s findings.)
Why would the Russians hack Sony? One potential theory is that before people began linking the hackers to North Korea, the hackers had originally demanded money from Sony. (Sony execs didn’t read that email … until it was too late.)
From this, the Taia Global suggests two possibilities:
- Russian hackers attacked Sony Pictures Entertainment, either at the same time or shortly after the attack from (the presumably North Korean) Guardians Of Peace.
- North Korea was not involved with the Sony attack after all, and that it was Russian hackers after all.
There is a third option, however, that Taia does not consider. It’s that North Korea (or North Korean-affiliated hackers) was solely responsible for the attack, but at some later date the previously unseen documents left their possession, eventually reaching Taia. An unknown intermediary may have fooled Yama Tough by falsely claiming to be URH. Or Tough could be lying to Taia himself, and recieved them from another source (or even stole them himself). Either possibility would mean there’s not necessarily any Russian involvement — but if the documents are legitimate, it would nonetheless provide a new avenue of investigation.
CEO Jeffrey Carr told Forbes that he has “full trust in his source,” although he concedes the material could come from “Yama Tough himself, but he’s denying that.”
Taia has pushed alternative theories on the origins of the Sony hack before. A “linguistic analysis” they carried out on the known statements of Guardians Of Peace shows, the company says, that the hackers are likely to be Russian speakers.