The Sony hack: how it happened, who is responsible, and what we’ve learned by Timothy B. Lee.
From the post:
However, North Korea has denied involvement in the attack, and on Wednesday the FBI said that it didn’t have evidence linking the attacks to the North Korean regime. And there are other reasons to doubt the North Koreans are responsible. As Kim Zetter has argued, “nation-state attacks don’t usually announce themselves with a showy image of a blazing skeleton posted to infected machines or use a catchy nom-de-hack like Guardians of Peace to identify themselves.”
There’s some evidence that the hackers may have been aggrieved about last year’s big layoffs at Sony, which doesn’t seem like something the North Korean regime would care about. And the hackers demonstrated detailed knowledge of Sony’s network that could indicate they had help from inside the company.
In the past, these kinds of attacks have often been carried out by young men with too much time on their hands. The 2011 LulzSec attacks, for example, were carried out by a loose-knit group from the United States, the United Kingdom, and Ireland with no obvious motive beyond wanting to make trouble for powerful institutions and generate publicity for themselves.
I assume you have heard the bed wetters in the United States government decrying North Korea as the bogeyman responsible for hacking Sony Pictures (November 2014, just to distinguish it from other hacks of Sony.).
If you have ever seen a picture of North Korea at night (below), you will understand why I doubt North Korea is the technology badass imaged by US security “experts.”
Not that you have to waste a lot of energy on outside lighting to have a competent computer hacker community but it is one indicator.
A more likely explanation is that Sony forgot to reset a sysadmin password and it is a “hack” only because a non-current employee carried it out.
Until some breach other than a valid login by a non-employee is confirmed by independent security experts, I would discard any talk of this being North Korea attacking Sony.
The only reason to blame North Korea is to create a smokescreen to avoid accepting blame for internally lack security. Watch for Sony to make a film about its fight for freedom of speech against the axis of evil (includes North Korea, wait a couple of weeks to know who else).
When Sony wants to say something, it is freedom of speech. When you want to repeat it, it is a criminal copyright violation. Funny how that works. Tell Sony to clean up its internal security and only then to worry about outsiders.