• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

New Clues In Sony Hack Point To Insiders, Away from North Korea

Status
Not open for further replies.
F

Funky Papa

FUNK-Y-PPA-4
Interesting, to say the least.
A strong counter-narrative to the official account of the hacking of Sony Pictures Entertainment has emerged in recent days, with the visage of the petulant North Korean dictator, Kim Jong Un, replaced by another, more familiar face: former Sony Pictures employees angry over their firing during a recent reorganization at the company.

Researchers from the security firm Norse allege that their investigation of the hack of Sony has uncovered evidence that leads, decisively, away from North Korea as the source of the attack. Instead, the company alleges that a group of six individuals is behind the hack, at least one a former Sony Pictures Entertainment employee who worked in a technical role and had extensive knowledge of the company’s network and operations.

If true, the allegations by Norse deal a serious blow to the government’s account of the incident, which placed the blame squarely on hackers affiliated with the government of the Democratic Peoples Republic of Korea, or DPRK. That accusation, first aired last week, has been the source of heated rhetoric from both Washington D.C. and Pyongyang, the North Korean capital.

Speaking to The Security Ledger, Kurt Stammberger, a Senior Vice President at Norse, said that his company identified six individuals with direct involvement in the hack, including two based in the U.S., one in Canada, one in Singapore and one in Thailand. The six include one former Sony employee, a ten-year veteran of the company who was laid off in May as part of a company-wide restructuring.

Stammberger said that Norse’s team of around nine researchers started from the premise that insiders would be the best situated to carry out an attack on the company and steal data. The company analyzed human resources documents leaked in the hack and began researching employees with a likely motive and means to carry out a hack.

That HR data was the “golden nugget” in the investigation, revealing the details of a mass layoff at Sony in the Spring of 2014, including a spreadsheet identifying employees who were fired from Sony Pictures in the April-May time period.

After researching those individuals, Norse said it identified one former employee who he described as having a “very technical background.” Researchers from the company followed that individual online, noting angry posts she mad e on social media about the layoffs and Sony. Through access to IRC (Internet Relay Chat) forums and other sites, they were also able to capture communications with other individuals affiliated with underground hacking and hacktivist groups in Europe and Asia.

According to Stammberger, the Norse investigation was further able to connect an individual directly involved in those online conversations with the Sony employee with a server on which the earliest known version of the malware used in the attack was compiled, in July, 2014.

Stammberger was careful to note that his company’s findings are hardly conclusive, and may just add wrinkles to an already wrinkled picture of what happened at Sony Pictures. He said Norse employees will be briefing the FBI on Monday about their findings.

“They’re the investigators,” Stammberger said. “We’re going to show them our data and where it points us. As far as whether it is proof that would stand up in a court of law? That’s not our job to determine, it is theirs,” he said of the FBI.

...

Rasch noted, as others have, that the attackers initially made no mention of the Sony Pictures film “The Interview” in communications with the company or the outside world. Rasch notes that the hackers also exhibited a somewhat sophisticated knowledge of how Hollywood works – leaking data that was deeply personal and particularly embarrassing to Sony executives.

Stammberger notes the involvement of an insider would explain how the attackers obtained critical information about Sony’s network, including the IP addresses of critical servers and valid credentials to log into them. Even in sophisticated attacks, remote actors might spend days, weeks or months probing a network to which they have gained access to obtain that information: using compromised employee accounts to explore and find sensitive data before stealing it or causing other damage. It is during that “lateral movement,” malicious actors are often spotted, Stammberger said. In the case of the Sony hack, however, the malware was compiled knowing exactly what assets to attack.

Still, there are many questions that have yet to be answered. Norse’s own analysis has plenty of blank spaces. Stammberger said that a “handful” of former employees may have been involved, though only one was linked directly to the hack. That employee, at some point, joined forces with external actors and more experienced hackers with a grudge against Sony, including individuals involved with sites like the Pirate Bay which offer Hollywood movies for download. “We see evidence for those two groups of people getting together,” Stammberger told The Security Ledger.
Click to expand...
 
C

ComputerMKII

Banned
I've never been convinced by the North Korea hypothesis. While I'm no conspiracy theorist, it seemed too easy to be true and didn't look like the DPRC's style.
 
P

Pai Pai Master

Banned
what the fuck if this happens to be true

if true how the hell did the government get the slightest clue that it could have been NK, let alone actually say that to the public?
 
F

Funky Papa

FUNK-Y-PPA-4
A Human Becoming said:
I remember people giving me shit for saying it was a possibility.
Click to expand...

I've always been very wary of endorsing either hypothesis. While North Korea is known for having a sizeable and competent cyberwar unit, the attack on Sony was unlike anything else before. It's a weird action even by wacky North Korean standards.

I'm personally enjoying watching the situation from the sidelines.
 
J

JoeyJungle

Banned
4168395-5165895946-Why_n.jpg
Click to expand...

Apparently the methods were incredibly similar to a previous NK hack.
 
M

MUnited83

For you.
I mean, that was pretty much something certain. A huge hole like this wouldnt happen without someone on the inside helping. Doesnt necessarily mean it wasnt orchestrated by NK.
 
Y

You Are Viewtiful

Member
Lol the person deserves to be fired for his bad English

(unless it was fake)

His overexaggerated threats were very reminiscent of North Korea though, it was well done.
 
S

Simply Sarah

Member
Everything else is interesting and all, but what kind of cyber-security focused website talks about IRC forums? WTF would this even mean? Forums for an IRC channel or network? It doesn't give me much confidence in, well, anything they're reporting. This all seems like a lot of baseless speculation formed from seeing correlations and assuming those mean something.
 
davepoobond

davepoobond

you can't put a price on sparks
I think it's a possibility that both are true. NK funded, they found an ex-Sony employee to infiltrate.

Currygan said:
LOL, as expected. Sony, and the US government have been embarassingly idiotic
Click to expand...


Yeah, cause "clues" = guilty.

Idk how Sony looks any MORE idiotic in your opinion because of this
 
F

Fenderputty

Banned
The only thing that doesn't make sense here is why the US would use NK as a scapegoat for the hacking?

The western world doesn't need more negative NK propaganda to shape their opinions and this isn't some false flag shit to start a conflict.

Maybe I'm just not seeing it.
 
N

nature boy

Member
Well it certainly gave Norse some free publicity.

One would assume the FBI had assistance from other agencies in the investigation so until further evidence I'll take this report with a grain of salt.
 
C

crooked spin

Member
You Are Viewtiful said:
Lol the person deserves to be fired for his bad English

(unless it was fake)

His overexaggerated threats were very reminiscent of North Korea though, it was well done.
Click to expand...

The "engrish" in the threatening emails seemed exactly like the type that an english speaker would create to approximate actual "engrish".

I'm no fan of conspiracy theories either but I've never been too convinced NK was behind this.
 
Z

Zhengi

Member
I bet a disgruntled ex-North Korean who was fired from the country after the succession of Kim Jong-un got together with people from around the world to hack their internet.
 
C

Currygan

at last, for christ's sake
davepoobond said:
I think it's a possibility that both are true. NK funded, they found an ex-Sony employee to infiltrate.




Yeah, cause "clues" = guilty.

Idk how Sony looks any MORE idiotic in your opinion because of this
Click to expand...


oh, i was just making a succinct comment to the whole situation
 
B

Bebpo

Banned
Bam Bam Baklava said:
Did anyone even read the article? Seems like they're basically just making up theories with very little evidence.
Click to expand...

Yeah, it seems a lot of people want to find a reason to make a big conspiracy come true rather than just accept the facts that are out there on their face.
 
B

Burt

Member
Was this a firm hired by Sony?

This whole thing reeks of confirmation bias and circumstantial evidence. And of course they throw Pirate Bay on top of it all, because why not? The article even starts off with a "decisively" and ends talking about all the wholes in the theory.

Didn't the Feds say something about the techniques being identical to ones used previously against South Korean institutions? I would think that it'd be a lot harder to copy the MO of a North Korean hacker than it would be to get onto a Sony server.
 
S

Stet

Banned
One of the comments on that site is hilarious, though.

It basically reads like a new version of "these hackers just shot themselves in the foot."

jizh8Yzdt2OEu.png
 
G

gdt

Member
Um...if you read through it it's complete and total guess work. This person chats on irc and talks about hacker stuff. Never says anything at all about actually hacking something.
 
Z

ZedIndyLil

Member
Not an incredibly convincing counter-narrative.

Stammberger said that Norse’s team of around nine researchers started from the premise that insiders would be the best situated to carry out an attack on the company and steal data. The company analyzed human resources documents leaked in the hack and began researching employees with a likely motive and means to carry out a hack.
Click to expand...

Then (at least in the article) comes some very circumstantial evidence, which is only convincing if you buy into the insider premise to begin with.

Regardless, I hope all evidence can be used constructively to nail those who truly did this.
 
S

Sho_Nuff82

Member
Burt said:
Was this a firm hired by Sony?

This whole thing reeks of confirmation bias and circumstantial evidence. And of course they throw Pirate Bay on top of it all, because why not? The article even starts off with a "decisively" and ends talking about all the wholes in the theory.

Didn't the Feds say something about the techniques being identical to ones used previously against South Korean institutions? I would think that it'd be a lot harder to copy the MO of a North Korean hacker than it would be to get onto a Sony server.
Click to expand...

No matter who did it, they designed it with the intent of making it look like North Korea did it.

Have to agree with the previous post that says that the two conclusions are not mutually exclusive. It's very possible that NK could have hired the ex-employees to gain insight and access that would have been more difficult otherwise. Anyone who gets linked to this is fucked, I doubt it's that easy to book a flight to NK to escape international terrorism charges.
 
S

Simply Sarah

Member
Sho_Nuff82 said:
No matter who did it, they designed it with the intent of making it look like North Korea did it.

Have to agree with the previous post that says that the two conclusions are not mutually exclusive. It's very possible that NK could have hired the ex-employees to gain insight and access that would have been more difficult otherwise. Anyone who gets linked to this is fucked, I doubt it's that easy to book a flight to NK to escape international terrorism charges.
Click to expand...

Sure, this is reasonable and even quite likely. But that's far different than what some people seem to be assuming, which is NK was just being used as a cover.
 
F

Fixed2BeBroken

Member
StoopKid said:
So you rather believe some stuff from the internet than the fbi ?

LOL
Click to expand...

no, I'd rather wait and see until more evidence is shown....cause honestly, both seem to be going on Hunches instead of sound evidence.

but just blindly believing in an organization is just dumb to me.
 
I

injurai

Banned
kmax said:
Yeah, I think I'm just gonna go ahead and trust the FBI over this than a random security company.
Click to expand...

The FBI making an international claim against North Korea is not something light. So I'm more inclined to think it's true. To get inside Sony they would certainly be leaving markers behind that could be construed as internal attacks.
 
Status
Not open for further replies.

Similar threads

Epic Games (Allegedly) Hacked in Ransomware Attack
2
60
4K
ssringo replied
The Quarry started out as an Until Dawn sequel
0
654
BennyBlanco replied
Vince McMahon / Brock Lesner Accused of Sex Trafficking and other weird shit
2 3
149
15K
Grildon Tundy replied
Bungie Devs Say Atmosphere Is ‘Soul-Crushing’ Amid Layoffs, Cuts, and Fear of Total Sony Takeover - IGN
4 5 6 7 8
384
27K
Pfroebbel replied
GTA 6 Leaker Hacked Rockstar With Just An Amazon Fire Stick In A Hotel Room
News
15
2K
OmegaSupreme replied
Top Bottom