North Korea not behind the Sony attacks?
Oh, this could be embarrassing. It seems Norse Security, discussed in a previous post, has found evidence that the extensive cyber attacks on Sony Pictures Entertainment were instigated by one or more disgruntled former Sony employees.
From The Security Ledger:
Kurt Stammberger, a Senior Vice President at Norse, said that his company identified six individuals with direct involvement in the hack, including two based in the U.S., one in Canada, one in Singapore and one in Thailand. The six include one former Sony employee, a ten-year veteran of the company who was laid off in May as part of a company-wide restructuring.
Stammberger said that Norse’s team of around nine researchers started from the premise that insiders would be the best situated to carry out an attack on the company and steal data. The company analyzed human resources documents leaked in the hack and began researching employees with a likely motive and means to carry out a hack.
One would hope the US government did not accuse the North Korean government of conducting the Sony attacks without irrefutable evidence. Yet, time and again, the private sector has proven more adept than the government at understanding, using, and exploiting computers and the Internet.
The Norse story certainly sounds plausible, doesn’t it?
CNN and other outlets were reporting similar possibilities two days ago.