What’s scarier than North Korea hacking Sony Entertainment’s computer system in Los Angeles? A no-name, non-descript pack of punk disgruntled hackers breaking into the movie company’s system — from the inside.
While President Obama and unnamed FBI officials are all pushing the story that North Korea hacked Sony’s computers, a slew of others say otherwise.
Evan Goldberg, co-director of The Interview, doesn’t think the NoKos are responsible. “My gut instinct was, ‘’Oh no, is it the North Koreans?’ ” Goldberg told straight.com, a website that calls itself “Vancouver’s Online Source.”
“For two seconds it was the North Koreans, and then the younger guys in our office who know way more about computers were, like, ‘No way. You’d have to know Sony’s network, it has to be somebody on the inside.’ “
The hack was committed by some group called the Guardians of Peace (hmmm, the GOP?), which reportedly dumped 10 terabytes of company info — Social Security numbers, payroll info, and what has turned out to be a whole bunch of snarky inter-office e-mails in which celebrities and those who manage them acted like high school kids.
The Guardians supposedly declared that The Interview, a movie about two rubes taking out North Korean dictator Kim Jong Un, prompted the hack. Since then, movie theaters thinking of showing the flick canceled, leading Sony to pull the film altogether. Humanity, of course, has been shattered by the loss of this latest Seth Rogan/James Franco masterpiece, no doubt an Oscar winner on par with Schindler’s List and Saving Private Ryan.
Top news organizations, including the New York Times, assert that NoKo is behind the hack — or, as the Times cryptically said, “centrally involved.” But the Times tossed this in, too: “It is not clear how the United States came to its determination that the North Korean regime played a central role in the Sony attacks.”
But there’s this: It doesn’t take much to hide digital fingerprints on a hack. Knowledgeable hackers often plant fake pathways to point to others, but at the very least they use proxy servers and made-up IP addresses that go nowhere. U.S. officials are apparently saying that NKorea, which runs the most sophisticated counterfeiting operation in the world, simply screwed up and got caught.
My sources say that isn’t likely. One source, whose job is so secretive he jokes that even he doesn’t know what it is, told me that it would be far more frightening to think that a small group of hackers simply smashed through security in a huge U.S. company (Sony Entertainment is separate from Sony) and stole billions of bits of information. Better, the source said, to have Americans think it was perpetrated by North Korea.
Wired.com did a comprehensive piece on the story this week. Among their fascinating findings:
Nation-state attacks aren’t generally as noisy, or announce themselves with an image of a blazing skeleton posted to infected computers, as occurred in the Sony hack. Nor do they use a catchy nom-de-hack like Guardians of Peace to identify themselves. Nation-state attackers also generally don’t chastise their victims for having poor security, as purported members of GOP have done in media interviews. Nor do such attacks involve posts of stolen data to Pastebin—the unofficial cloud repository of hackers—where sensitive company files belonging to Sony have been leaked. These are all hallmarks of hacktivists — groups like Anonymous and LulzSec, who thrive on targeting large corporations for ideological reasons or just the lulz, or by hackers sympathetic to a political cause. …
… In their initial public statement, whoever hacked Sony made no mention of North Korea or the film. And in an email sent to Sony by the hackers, found in documents they leaked, there is also no mention of North Korea or the film. The email was sent to Sony executives on Nov. 21, a few days before the hack went public. Addressed to Sony Pictures CEO Michael Lynton, Chairwoman Amy Pascal and other executives, it appears to be an attempt at extortion, not an expression of political outrage or a threat of war. …
…A person purporting to be a Guardians of Peace spokesperson then emphasized again, in an interview with CSO Online published Dec. 1, that they are ‘an international organization … not under direction of any state.’
The media, however, immediately sought a connection between a infantile movie and a major computer crime. They started reported a connection — or at least musing about the possible connection, as the media now does — and then the GOP jumped on board saying, “Yeah, that movie!” Now, everyone believes the North Koreans were behind the attack. But the question remains: If North Korea is really that sophisticated, why hack and American movie company instead of, say, the Pentagon or the National Security Agency? Wouldn’t they rather hurt the U.S. government instead of Seth Rogan and James Franco?