Who Really Hacked Sony Is Like A High-Tech Movie Plot
December 26, 2014 at 11:24 AM (PT)
Everyone has a theory about who really hacked SONY PICTURES ENTERTAINMENT website, according to ASSOCIATED PRESS.
Was it the so-called GUARDIANS OF PEACE? Many in the U.S. government and the FBI seem to think so. Other top theories include disgruntled SONY insiders, hired hackers, other foreign governments or Internet hooligans. Even some experts are undecided who would want to steal and leak gigabytes of data, e-mail threats to SONY employees, or threaten moviegoers who attempted to see "The Interview" on CHRISTMAS.
"Somebody's done it. And right now this knowledge is known to GOD and whoever did it," said MARTIN LIBICKI, a cyber-security expert at RAND in ARLINGTON, VA, who thinks it probably was NORTH KOREA. "So we gather up a lot of evidence, and the evidence that the FBI has shown so far doesn't allow one to distinguish between somebody who is NORTH KOREA and somebody who wants to make it look like it was NORTH KOREA."
What it also proves is that cyber-crimes can be really, really hard to solve. Corporate investigators seldom focus on who committed the crime in their haste to assess damage and prevent it from happening again.
"Attribution is a very hard game to play," said MIKE FEY, president of security company BLUE COAT SYSTEMS and former chief technology officer at McAFEE. "Like any criminal activity, how they get away with it is a very early step in the planning process, and framing another organization or individual is a great way to get away with something.
"If they're smart enough and capable enough to commit a high profile attack, they're very often smart enough and capable enough to masquerade as someone else. It can be very difficult to find that true smoking gun."
Unlike crimes in the physical world, forensic investigators in the cyber world can't dust for fingerprints or corroborate evidence by interviewing suspects.
"The NSA has penetrated a lot of computers, but until ED SNOWDEN came around, nobody was certain because the NSA has the world's best operational security. They know how to cover their tracks and fingerprints very well," LIBICKI said.
Without the theatrics of the GUARDIANS OF PEACE, the SONY breach could have easily continued for months without anyone knowing.
NORTH KOREA has vehemently denied that it was responsible for the attack. But the FBI-- working with other U.S. agencies, including the NSA on the SONY investigation -- cited similarities to other tools developed by NORTH KOREA in specific lines of computer code, encryption algorithms and data deletion methods, insisting some of the evidence was so sensitive it couldn't be revealed.
"Attribution to any high degree of certainty will always be impossible," said CHRIS RINAN, a former WHITE HOUSE cyber-security adviser. "At some point these are always judgment calls. You can do things like corroborate using intelligence sources and methods. But ultimately you're still looking at a pool of evidence and you're drawing a conclusion."
"It's very difficult to understand the chain of command in something like this," FEY added. "Is this a hacking-for-hire scenario? Is it truly delivered by an organization? Or, is it possible there's some alternate nefarious plot under way none of us understand yet."
He later added: "One last idea: What if all this is just a movie-goer (who) can't stand the idea of another SETH ROGEN movie?"