U.S. investigators believe that North Korea likely hired hackers from outside the country to help with last month’s massive cyberattack against Sony Pictures, an official close to the investigation said on Monday.
As North Korea lacks the capability to conduct some elements of the sophisticated campaign by itself, U.S. investigators who believe Pyongyang was behind the attack are looking at the possibility that North Korea “contracted out” some of the cyber work, according to the official, who was not authorized to speak on the record.
The attack on Sony Pictures is regarded as one of the most destructive ever against an American company because the hackers not only stole huge quantities of data, but also wiped hard drives and brought down much of the studio’s network for more than a week.
While U.S. officials investigate the attack, the FBI stood by its previous statement that Pyongyang was the prime author of the attack against the Sony Corp unit.
But Kevin Mandia, the chief operating officer of FireEye Inc , whose Mandiant forensics division helped Sony investigate the attack, said he did not know who was behind it.
“At the end of the day, you can always throw darts at any theory unless you’re one hop away from the bad guy. That’s just a fact. If you’re a law enforcement officer and you want to put a guy in jail for hacking, what do you have to do? Usually you’re actually peering through the glass watching the guy hit the keyboard when he’s doing the intrusion. And for a lot of people out there, that’s the only thing that’s good enough for attribution,” said Mandia.
Mandia, who has supervised investigations into some of the world’s biggest cyberattacks, said that attribution, or determining who is behind an attack, is an extremely difficult process because hackers can leave false evidence to trick investigators.
North Korea has denied that it was behind the Sony attack and has vowed to hit back against any U.S. retaliation.
The people who claimed responsibility for the hack have said on Internet postings that they were incensed by the film “The Interview,” a Sony Pictures comedy about a fictional assassination of North Korean leader Kim Jong Un.
But security experts have begun to question the FBI’s assertion that Pyongyang was behind the cyberattack. Consulting firm Taia Global said the results of a linguistic analysis of communications from the suspected hackers suggest they were more likely from Russia than North Korea, and cybersecurity firm Norse said it suspects a Sony insider might be the culprit.