Slashdot Mirror

← Back to Stories (view on slashdot.org)

Norse Security IDs 6, Including Ex-Employee, As Sony Hack Perpetrators

Posted by timothy on from the enough-blame-to-go-around dept.

chicksdaddy writes Alternative theories of who is responsible for the hack of Sony Pictures Entertainment have come fast and furious in recent weeks -- especially since the FBI pointed a finger at the government of North Korea last week. But Norse Security is taking the debate up a notch: saying that they have conclusive evidence pointing to group of disgruntled former employees as the source of the attack and data theft. The Security Ledger quotes Norse Vice President Kurt Stammberger saying that Norse has identified a group of six individuals — in the U.S., Canada, Singapore and Thailand — that it believes carried out the attack, including at least one 10-year employee of SPE who worked in a technical capacity before being laid off in May. Rather than starting from the premise that the Sony hack was a state sponsored attack, Norse researchers worked their investigation like any other criminal matter: starting by looking for individuals with the "means and motive" to do the attack.

HR files leaked in the hack provided the motive part: a massive restructuring in Spring, 2014, in which many longtime SPE employees were laid off. After researching the online footprint of a list of all the individuals who were fired and had the means to be able to access sensitive data on Sony's network, Norse said it identified a handful who expressed anger in social media posts following their firing. They included one former employee — a 10-year SPE veteran who he described as having a "very technical background." Researchers from the company followed that individual online, noting participation in IRC (Internet Relay Chat) forums where they observed communications with other individuals affiliated with underground hacking and hacktivist groups in Europe and Asia. According to Stammberger, the Norse investigation was eventually able to connect an individual directly involved in conversations with the Sony employee with a server on which the earliest known version of the malware used in the attack was compiled, in July, 2014.

15 of 158 comments (clear)

  1. Like an episode of 24... by Anonymous Coward · · Score: 4, Insightful

    Cyber-hack against US subsidiary.
    'Obvious' perpetrator targeted by hardliners in government who leverage the blood-lust of the populace, and who pressure the president into immediate action.
    Actual perpetrators turn out to be a small group of disgruntled employees.

    1. Re:Like an episode of 24... by ihtoit · · Score: 3, Insightful

      this was my first thought as well, nothing so well executed could be done without inside information.

      Now for those who didn't realise before, this is why safecrackers find out what their target safe is and buy a duplicate to practice on first.

      --
      Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
    2. Re:Like an episode of 24... by Anonymous Coward · · Score: 2, Insightful

      Group 2 Combination Locks are what are being discussed here. La Gard, S&G, Diebold, and Mosler are some of the common brands. S&G 6730 is the generic one I'm used to. Nice locks...

      "Autodialer" or "Soft Drill" if I was a bad guy. Drill and scope, or "through the spindle" tools would be my preferred tactics(if I knew the safe didn't have additional relockers). "Drilling the fence" or "drilling the bolt" are both pretty crude. You can also drill the back/bottom/sides/top of the container and then scope the "change key hole" just as effectively(unless there is a cover in the way).

      Let's be real: if I was a bad guy: I would have a motion activated hidden camera take video of the dialing process or bouncing an infrared laser.

      Hall effect, gyroscope,(or RF retroflector) based rotary encoder etc. hidden in a modified dial? None of that gamma-radiography bollocks. Could probably fit a small hearing aid battery, AVR and a MEMs gyroscope in a "Masterlock" dial. Big ass safe dial would be a piece of cake. Trick is getting alone with the thing long enough to do all this without it being tamper-evident.

      This is why I'm not a bad guy: James Bond gadget fetish, embedded programming skills, and locksmithing background pays a lot better in the private sector than jail. Gonna put down the "Lockmasters" catalog and write some "C" code now.

  2. Circumstantial at best ... by Anonymous Coward · · Score: 5, Insightful

    Nothing anywhere near conclusive from the information provided.

    1. Re:Circumstantial at best ... by d1on1x · · Score: 4, Insightful

      Nothing anywhere near conclusive from the information provided.

      While that is true, the same is true for the information released that suggested North-Korea is/was/would-be behind the hack.

  3. from TFA by jbmartin6 · · Score: 3, Insightful

    Stammberger was careful to note that his company’s findings are hardly conclusive

    Draw your own conclusion. At least he didn't throw in the old 'we have other information we won't reveal' claim the government always uses to mask its own speculation.

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  4. This is impossible! by fuzzyfuzzyfungus · · Score: 5, Insightful

    I was assured by numerous talking heads that this particular network intrusion against a Japanese multinational was not only state-sponsored; but an act of Cyber-terror-war against America and the Homeland, and something that could only be answered in a suitably apocalyptic fashion, lest our nation's honor be soiled!

    How could it possibly be something as pedestrian as upset employees?

  5. Re:Oh how great is this! by bickerdyke · · Score: 4, Insightful

    Yes, but it shouldn't be THAT easy to produce people with those bullseyes.

    "Hey, let's fire a few IT guys. Just in case we need to bring up some capeable, disgruntled ex-employees as scapegoats if we ever get hacked."

    It's an effing huge diffrence if you are a suspect for something you are or do, or for something that someone else does to you.

    --
    bickerdyke
  6. Re:Oh how great is this! by Nidi62 · · Score: 3, Insightful

    It DOESN'T mean that the swat team will barrel through your door or that the FBI will cart off your desk.

    Unless the local Sheriff's Department just took delivery of that surplus MRAP and M4s and wants to try them out.

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  7. Sigh by drinkypoo · · Score: 4, Insightful

    starting by looking for individuals with the "means and motive" to do the attack.

    The problem is that Sony is- I wanted to say incredibly lax about security, but that's clearly not right — egregiously careless about security, and also typically, boringly evil so the people with motive are legion. You could find people with motive and opportunity under any rock.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  8. Re:Oh how great is this! by Ol+Olsoc · · Score: 4, Insightful

    It DOESN'T mean that the swat team will barrel through your door or that the FBI will cart off your desk.

    And some times it does. Seems like the best thing is to make certain no one thinks you are disgruntled

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  9. Re:Told you it wasn't North Korea by CrimsonAvenger · · Score: 5, Insightful
    Umm, you think that the inconclusive opinions of a subsidiary of Monoc Security are positive proof?

    Seems to me you're doing exactly what the guys you're poo-pooing were doing - using your own opinions to turn next to no data into proof positive that you were right.

    --

    "I do not agree with what you say, but I will defend to the death your right to say it"
  10. After reading TFA... by QuietLagoon · · Score: 4, Insightful

    ... it looks like Norse found what they wanted to find, and not necessarily the reality of what happened.

  11. Re:Told you it wasn't North Korea by Deadstick · · Score: 4, Insightful

    OK, let's see. A government agency issues an opinion on who did it: Obviously a lie.

    A commercial security company issues an opinion on who did it: Case closed.

    Love the Internet.

  12. MINISTRY OF TRUTH SAYS by Jeremiah+Cornelius · · Score: 4, Insightful

    Oceania has ALWAYS BEEN AT WAR with East Asia.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."