Who Hacked Sony Pictures?
On November 24, 2014, Sony Pictures Entertainment became the latest in a string of major companies to be the victim of a cyber-attack. Target and Home Depot, had both also fallen prey to hackers in the previous twelve months.
The reason for the Target and Home Depot hacks has been widely accepted as one of financial gain — hackers stealing customer information (credit card numbers, email addresses, etc.) for resale on the underground market. But who hacked Sony and why? The reasons for the attack on Sony, and who was behind it, are not so clear.
So Who Was It?
A group called the Guardians of Peace (GOP) did claim responsibility for the attack, and over the following weeks the GOP released links to large amounts data stolen from Sony’s servers. One unusual aspect of the data released by GOP was that, in addition to information with an underground market resale value, it also released information that was bound to cause Sony embarrassment. This included emails between executives related to employee salaries, and executives personal remarks about leading actors and actresses, such as Angelina Jolie. So, this makes it seem that the Sony hack had a different motive than a straightforward commercial one.
The North Korea Theory
One theory that soon came to the fore was that the Peoples Democratic Republic of Korea, North Korea, was behind the attack. Sony Pictures was due to release “The Interview” a comedy action film about an assignation attempt on the North Korean leader Kim Jong Un on December 25, 2014, and the North Korean government had previously shared its anger over the subject of the film. Andrea Peterson’s article in the Washington Post on December 18, 2014 stated
“the leading theory is that the attack is tied in some way to the North Korean government. On Wednesday The Washington Post, the New York Times and others reported that anonymous U.S. officials were pointing the finger at the secretive nation. One official briefed on the investigation told The Post that intelligence officials believe with “99 percent certainty” that hackers working for the North Korean government were behind the attack. But the administration is reportedly unsure what to do with that information — fearing no good outcome could come from pointing figures at the secretive state” (Peterson, 2014)
The Argument Against North Korea
However, Marc Rogers gave several reasons why North Korea may not be behind in his blog post on December 18, 2014. Rogers provided several technical and modus operandi reasons why this attack did not have the hallmark of a North Korean organized one, and additionally he points out that “The attackers only latched onto “The Interview” after the media did — the film was never mentioned by GOP right at the start of their campaign. It was only after a few people started speculating in the media that this and the communication from DPRK “might be linked” that suddenly it became linked.” (Rogers, 2014)
Who Else Might Be Behind The Attack?
So, if it was not North Korea, then who else might have been behind the attack? Marc Rogers suggests a few other possible culprits in his blog, including Chinese hackers, and a disgruntled employee, or former employee, out for revenge. Jane Wakefield, writing for the BBC, reported on the possibility that the hacking group Anonymous may be responsible. In her December 2014 article she covers how Sony has a longstanding battle with hackers dating back to 2005 when “its music division installed software which modified computer operating systems to prevent CDs being copied. It continued in 2010 when Sony took on teenaged hacker George Hotz who jailbroke his PlayStation 3 and released the code.” Wakefield adds that the connection with the Anonymous group is strengthened through their April 2011 actions when the the group “launched a campaign to bring down the PlayStation Network. The attackers gaining access to the personal information of more than 77 million users.” (Wakefield, 2014)
Will we ever know who was responsible, and will they be brought to justice?
It is easy to come up possible culprits, but a quite another thing to obtain real evidence linking anyone with the crime. The hackers could have used numerous techniques to cover their tracks, including IP Address spoofing (hiding their true IP Address), connecting via intermediate servers, and routing through networks in different countries where the US may not be able to trace the traffic. All of this will make it very difficult to track down those responsible. So, the Sony Pictures hack, while seemingly done for very different reasons to the Target and Home Depot cyber-attacks, does share a common trait with them — while it may be possible to tell how the hackers got into the network, tracking them down and bringing them to justice is no easy task given the way that the attackers can cover their tracks. And, if the culprits do turn out to be an overseas state or group, as Wakefield noted in her article, “The US government has said that, if the hackers do turn out to be North Korean, it will be very difficult to prosecute them.”
Works Cited
Peterson, A. (2014, December 18). The Sony Pictures hack, explained. Retrieved January 17, 2015, from http://www.washingtonpost.com/blogs/the-switch/wp/2014/12/18/the-sony-pictures-hack-explained/
Rogers, M. (2014, December 18). Why the Sony hack is unlikely to be the work of North Korea. Retrieved January 17, 2015, from http://marcrogers.org/2014/12/18/why-the-sony-hack-is-unlikely-to-be-the-work-of-north-korea/
Wakefield, J. (2014, December 18). Whodunnit? The Mystery of the Sony Pictures Hack. Retrieved January 17, 2015, from http://www.bbc.com/news/technology-30530361
