The PJ Tatler

Did 'Lena" Hack Sony?

No, not that Lena; another “Lena.” Some experts are coming around to the notion that the Sony hack was an inside job:

Cybersecurity experts have given a detailed outline to the FBI about the hack attack against Sony Pictures, insisting it was not the work of North Korea but a group of current and former employees who shared a ‘mutual hatred’ for the company. While the FBI and Sony have announced they believe Pyongyang carried out the hack – claims that were denied by leader Kim Jong-un – independent security officials have been coming forward for the past week saying most of the evidence points to an inside job.

Silicon Valley security firm Norse, which provides intelligence to companies to prevent their software from being hacked, has been investigating the compromise at Sony and shared their findings with the FBI on Tuesday, according to Gawker. Norse senior vice president Kurt Stammberger said the hack hinges on a woman he called ‘Lena’, who he says worked in a ‘key technical’ position for 10 years but was sent packing in May during a large sweep of lay-offs.

Media gossip website Gawker has the story here:

Kurt Stammberger is a senior vice president at Norse, a firm that provides intelligence and protection strategies for clients with vulnerable computer networks. He and his team spend their time both watching internet attacks as they happen, and sifting through stores of data collected in the wake of a breach. Stammberger knows what a digital intrusion looks like, and doesn’t buy the feds’ North Korean angle: “Are there NK fingerprints? Sure,” he told me over the phone earlier this week. “But when we run any of those leads to ground, they end up being dead ends.”

Instead, Stammberger’s team has been going through the many gigabytes of leaked Sony data in search of another possibility: that Sony wasn’t attack from the other side of the world, but was raided by someone on the inside. Or, formerly on the inside: Stammberger says his team thinks they’ve identified the as-of-yet-unidentified Guardians of Peace: “a relatively ad-hoc, small group of individuals that is probably comprised of some ex-employees of Sony and some other people that did not work at Sony.”

Charles C. Johnson has more here and here. Gawker concludes:

But if the Norse report isn’t as far-fetched as the FBI’s version, it’s not a whole lot more substantiated, either. By the company’s own admission, their counter-theory isn’t a slam dunk: “We have indicators that connect [these suspects] to this attack,” Stammberger told me, but “It’s a long way from proof,” and “a long way from something I think you could prosecute someone with.”

The FBI, for its part, still publicly insists that North Korea was involved in the attack in some capacity. A New York Times report today cites Sony executives who say the agency believes hackers “used digital techniques to steal the credentials and passwords from a systems administrator who had maximum access to Sony’s computer systems.”

You can find the New York Times story here.

So who dunnit?