FBI still believes North Korea is responsible for Sony hack
In the face of skepticism from some cyber experts, the FBI continues to stand by its original assertion of Dec. 19 that the North Korean government is responsible for the cyber attack against Sony Pictures, CBS News' Andy Triay and Pat Milton report, according to federal sources.
And one of the top private cyber experts in the U.S. told CBS News Washington Bureau Chief Chris Isham there is so far no evidence of insider involvement in the attack on Sony.
This cyber expert also maintains that the U.S. government is the only entity with the means to determine the source of the Sony attack. The U.S. alone has the ability to access both domestic and foreign ISPs. This source views the agency's analysis as credible, given its knowledge and access.
The Sony hack is definitely not the handiwork of the Russians or the Chinese, the cyber expert told CBS News. This source has worked on numerous cases involving both and says that this particular attack violates all the rules of engagement--such as they exist--because it destroyed so many files. Evidence showed that the hackers used aggressive "data-wiping" malware to steal Sony's corporate secrets and then erase the company's computer files. The malware used against Sony is the same as that was used in a cyber attack South Korean banks last year.
An FBI official conceded to Triay, however, that the agency's statement holding North Korea responsible is a big-picture assessment, and it does not assign individual blame. This leaves open the possibility that the North Koreans may have "outsourced" the hack to a third party operating in another country or countries.
As CBS News reported last week, some cybersecurity experts believe the FBI may be wrong to blame North Korea for the Sony hack. Triay reports that multiple cybersecurity firms have met with the FBI with alternate theories. One of those, Norse, briefed the FBI Monday. The briefing was first reported by Politico and then confirmed by CBS News Monday night.
Norse's researchers told the FBI that there were signs that instead implicate a former Sony employee who had been laid off, working with an online piracy group, a theory that the company had shared with CBS News' Ben Tracy in a story reported Dec. 23.
North Korea has denied having anything to do with the hack, which crippled the movie company, and caused a partial cancellation of the release of the film "The Interview," a comedy about two reporters sent to assassinate North Korean leader Kim Jong-Un.
Kurt Stammberger, a senior vice president with Norse, which is conducting its own probe of the Sony hack, told CBS News in a story last Tuesday that data his company had found disputed earlier findings of the FBI that the cyberattacks originated in North Korea.
"We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history," said Stammberger.
His company's information seems to lead to a woman calling herself "Lena," claiming to be a member of the hacking group "Guardians of Peace." Norse believes the woman worked for Sony for 10 years before leaving the company in May.