Sony hack was a insider job, A group of Researchers from Norse corp investigating the hack say former employees may be involved
After the Sony hack attack and the leaks related to Sony, its employees, Hollywood celebs and caste and crew details and certainly, Sony’s unreleased films, now is the time to find out who exactly hacked Sony. The Federal Bureau of Investigations (FBI) and other security researchers investigating the Sony hack attack, first claimed the hackers to be from North Korea, then the FBI cyber division’s Assistant Director, Joe Demarest remarked that the hacks were ‘not attributed‘ to North Korea.
A week later FBI stated that North Korea was indeed behind the hack attack only to be discredited by a host of security professionals over the last week, including former federal prosecutor Mark Rasch. So who really is behind the massive hack of Sony Pictures? Norse Corporation researchers believe it to be a inside job or carried out with active insider participation.
The Norse Corp researchers are focussing their investigations on six individuals according to a blog report posted by them. They say these individual are connected to Sony and may have worked to compromise Sony’s corporate network. The band of six includes at least one ex-employee of Sony Pictures who had technical know how and knew the Sony networks inside out.
Norse Corp says that it has deduced this from the fact that “it would take an insider with detailed knowledge of the Sony systems in order to gain access and navigate the breadth of the network to selectively exfiltrate the most sensitive of data, researchers from Norse Corporation are focusing on this group based in part on leaked human resources documents that included data on a series of layoffs at Sony that took place in the Spring of 2014.”
Norse Corp researchers have tracked the activities of this ex-employee on underground forums of the Dark Web where there was lot of chatter on the IRC channels about the hack, prior to the attack.
Norse Corp researchers believe that this ex-employee or employees may have joined hands with the pro-piracy hacktivist groups because of Sony’s anti-piracy related actions over the years. The researchers believe that the hacktivists then infiltrated the Sony Pictures corporate network with the insider knowledge of the complete Sony network.
“We think we see indicators of those two groups of people getting together,” said Kurt Stammberger, SVP at Norse.
Norse plans to fully brief the FBI on the current status of their investigation early this week, and says it is up to law enforcement to decide if there is enough evidence to pursue the individuals identified.
Norse Corporation may have hit on the inside job angle now but a redditor, 3DGrunge had already pointed that out on 4th December, on the thread that sprung up on Reddit, after almost 100TB of data from Sony hack attack was leaked.
While a post on Hollywood Reporter added further credence to the inside job theory by stating that,
“While the hackers have identified themselves only as Guardians of Peace, emails pointing journalists to allegedly stolen files posted on a site called Pastebin came from a sender named “Nicole Basile.” A woman by that name is credited on IMDb as an accountant on the studio’s 2012 hit film The Amazing Spider-Man, and her LinkedIn page says she worked at Sony for one year in 2011. Basile couldn’t be reached for comment and the studio declined to confirm if she works or has worked there.”
In the same post, Cybersecurity expert Hemanshu Nigam also theorized that “an employee or ex-employee with administrative access privileges is a more likely suspect.” He went on add the reason for his theory, “For the studio — which has laid off hundreds of employees over the past year in an effort to contain costs — the possibility of a disgruntled employee wreaking havoc is very real.”
From the outside it seems impossible to carry out such massive hack attack without insider knowledge of various network components in detail. Also the download time for a 10G channel is 22 hours at a steady download rate, working on this premise, the hackers needed somebody on inside to funnel such kind of data without disturbing Sony’s firewalls, CDNs and other security systems.