Norse Investigation Focusing on a Small Group, Including Sony Ex-Employees
An investigation into the massive breach at Sony has focused on a group of at least six individuals that may have worked to compromise the company’s networks, including at least one ex-employee who had the technical background and system knowledge to carry out the attack.
Working on the premise that it would take an insider with detailed knowledge of the Sony systems in order to gain access and navigate the breadth of the network to selectively exfiltrate the most sensitive of data, researchers from Norse Corporation are focusing on this group based in part on leaked human resources documents that included data on a series of layoffs at Sony that took place in the Spring of 2014.
The researchers tracked the activities of the ex-employee on underground forums where individuals in the U.S., Europe and Asia may have communicated prior to the attack.
The investigators believe the disgruntled former employee or employees may have joined forces with pro-piracy hacktivists, who have long resented the Sony’s anti-piracy stance, to infiltrate the company’s networks.
“We think we see indicators of those two groups of people getting together,”said Kurt Stammberger, SVP at Norse.
Norse plans to fully brief the FBI on the current status of their investigation early this week, and says it is up to law enforcement to decide if there is enough evidence to pursue the individuals identified.
The disclosure casts further doubt on the FBI’s assertion that the attack was carried out by state-sponsored actors under the control of North Korea, a theory that has been all but discredited by a host of security professionals over the last week, including former federal prosecutor Mark Rasch.
“It has always been suspicious that it was North Korea,” Rasch said. “Not impossible – but doubtful…It made a lot more sense that it was insiders pretending to be North Korea.”
Rasch noted that the earliest messages released by the attackers did not mention the controversial film The Interview, but instead aired complaints about Sony policies as being unfair and made attempts to extort money from the company while threatening to release embarrassing information.
Both Stammberger and Norse CEO made appearances on national news programs over the holiday weekend to disclose the investigation’s conclusions.