"Unequivocally, they are not responsible," a cybersecurity expert says about North Korea
Malware in the Sony hack may have originated in North Korea but leaked a long time ago
Hackers have often taken shots at Sony
In 2011, hackers stole the data of an estimated 77 million people
Sure, North Korea’s government despises the movie “The Interview.”
But when its propagandists say it did not hack Sony Pictures before the original release date of the flick that satirizes dictator Kim Jong-un, they might just be telling the truth.
Some U.S. cyber experts say the evidence the FBI has presented to attempt to incriminate hackers working for the communist regime is not enough to pin the blame on Pyongyang.
“It’s clear to us, based on both forensic and other evidence we’ve collected, that unequivocally they are not responsible for orchestrating or initiating the attack on Sony,” said Sam Glines, who runs the cybersecurity company Norse.
The FBI has said that code in the malware used by a group called “Guardians of Peace” (GoP) in the attack on Sony is similar to code used by North Korea in other attacks.
But that code was leaked a long time ago, experts say. Any hacker anywhere in the world could have used it.
There is a group in the Kim regime that is responsible for cyber warfare, but independent IT security researcher Scott Borg doesn’t believe North Korea was capable of the Sony hack.
“It’s beyond the skill level that we have been able to observe,” he said.
CNN has reached out to the FBI for comment on the doubts about North Korea’s involvement in the Sony hack, but has not heard back.
Earlier this month, U.S. officials told CNN on condition of anonymity that the National Security Agency and FBI were able to trace the attack back to North Korea.
So, North Korea might not have done it. But if not, who did?
Sony may be a bur in Pyongyang’s fur for the movie, in which an actor playing Kim is confronted by the protagonist with North Korea’s human rights record. In the end, they do bloody battle.
But Sony has other enemies – both internal and external.
One example could be the group that says it launched a cyberattack on Christmas Day against Sony’s PlayStation Network.
The Lizard Squad has claimed responsibility for knocking PSN gamers offline and said it had also done the same with Microsoft’s Xbox. In the summer, it also smacked game networks Battle.net, Eve Online and League of Legends.
But after Sony Online Entertainment acknowledged large-scale attacks on Twitter this summer, the Lizards appear to have gotten particularly nasty with them.