But the inside-job theory is gaining steam among outside experts
The U.S. government remains convinced the North Korean government was behind last month’s massive Sony hack, despite outside reports alleging an employee of the company may have been involved.
“The United States government has concluded that the North Korean government is responsible for this attack,” State Department spokesman Jeff Rathke told reporters. “And we stand by that conclusion. “
The Federal Bureau of Investigation, which is leading the investigation in conjunction with other U.S. law enforcement and intelligence agencies, announced on December 19 that the rogue regime was responsible for the hack. But doubts have simmered among outside security experts, in part because the government has acknowledged withholding some of the evidence that led to the conclusion.
The FBI said it would not share its complete analysis of the evidence pointing to North Korea. “The need to protect sensitive sources and methods precludes us from sharing all of this information,” the bureau said. Publicly, the FBI has indicated the attack mimicked previous North Korean intrusions on South Korean systems, adding the “data-deletion malware” used in the attack was similar to other code experts have attributed to North Korean-allied hackers and attempted to “ping” internet protocol addresses linked to the country.
As a result, private cybersecurity experts have expressed continued doubts about the link to North Korea. “We can’t find any indication that North Korea either ordered, masterminded or funded this attack,” Kurt Stammberger, a vice president at Norse security in California, told the Los Angeles Times. Stammberger told the paper that he had briefed law-enforcement officials on the theory that the massive hack was an inside job.
But the inside-job theory has holes of its own. Outside analysts have only been given limited access to the malware and details of the Sony hack, and have failed to offer conclusive evidence that the U.S. government’s conclusions are wrong. “It’s not that it’s not possible. It’s just that it’s ambiguous,” Mark Rasch, a former federal cybercrimes prosecutor, says of the inside-job theory.
A disgruntled IT employee might have both the motive and technical expertise to burrow deep into Sony’s computer networks and extract some 100 terabytes of data, a process that cyberexperts say may have taken weeks or months. The nature of the hack—which spilled personal information about thousands of people and made public the private emails of Sony executives—seemed calibrated to embarrass the company. In their initial email to Sony executives and public statement, the hackers made no mention of “The Interview.” And wiping Sony’s computers, Rasch says, “is a tactic we frequently see in attacks by disgruntled insiders.”
Cybersecurity experts have said from the start that an insider could be involved. “We don’t discount the possibility of an insider,” Jaime Blasco, director of labs at the California-based security firm AlienVault, told TIME earlier this month.
In his end-of-year press conference, President Obama himself placed the blame on North Korea and promised that the U.S. government would respond, but would not discuss the specifics.
“They caused a lot of damage, and we will respond,” Obama said. “We will respond proportionally, and we’ll respond in a place and time and manner that we choose.”