New evidence emerging in the Sony Pictures cyberattack suggests that the hackers may have been far closer to home than North Korea.
News broke Monday that a security firm working with the FBI has come up with a list of six people who may have been closely involved with the hack. One of the individuals investigated by the firm also happens to be a disgruntled former Sony employee.
The security company Norse used HR documents leaked as part of the hack to narrow down a list of people who may have been involved. It seems the company was looking for a list of people who were fired from Sony between April and May 2014.
Security Ledger reports that Norse investigated a Sony employee known only as “Lena,” viewing messages that she posted on social media and group chats. She worked at Sony for over a decade, performing an IT role with a “very technical background.”
The messages posted online by Lena suggest that she was angry with Sony Pictures, as she complained about layoffs and the company, chatting online with hackers and “hacktivist” campaigners with knowledge of hacking.
Even more evidence suggests that an insider may have used a USB stick or hard drive to steal data from Sony’s servers and that the messages posted by the Guardians of Peace hacker group originate from Russia, not North Korea.
A former federal prosecutor has also cast doubt on the FBI’s assertion that North Korea was involved with the Sony hack. Mark Rasch of Rasch Technology and Cyberlaw says the claim that North Korea was behind the hack is “doubtful” and that the attack seemed to be carried out by someone with close knowledge of how Hollywood works, leaking only data that was embarrassing to Sony executives.
Many security researchers have been doubtful over the FBI’s assertion since the agency announced on Dec. 19 that it was blaming North Korea for the Sony hack. The official US government position is that hackers affiliated with North Korea carried out the attack in retaliation for Sony’s releasing the movie “The Interview.”