Slashdot Mirror
Norse Security IDs 6, Including Ex-Employee, As Sony Hack Perpetrators
chicksdaddy writes Alternative theories of who is responsible for the hack of Sony Pictures Entertainment have come fast and furious in recent weeks -- especially since the FBI pointed a finger at the government of North Korea last week. But Norse Security is taking the debate up a notch: saying that they have conclusive evidence pointing to group of disgruntled former employees as the source of the attack and data theft. The Security Ledger quotes Norse Vice President Kurt Stammberger saying that Norse has identified a group of six individuals — in the U.S., Canada, Singapore and Thailand — that it believes carried out the attack, including at least one 10-year employee of SPE who worked in a technical capacity before being laid off in May. Rather than starting from the premise that the Sony hack was a state sponsored attack, Norse researchers worked their investigation like any other criminal matter: starting by looking for individuals with the "means and motive" to do the attack.
HR files leaked in the hack provided the motive part: a massive restructuring in Spring, 2014, in which many longtime SPE employees were laid off. After researching the online footprint of a list of all the individuals who were fired and had the means to be able to access sensitive data on Sony's network, Norse said it identified a handful who expressed anger in social media posts following their firing. They included one former employee — a 10-year SPE veteran who he described as having a "very technical background." Researchers from the company followed that individual online, noting participation in IRC (Internet Relay Chat) forums where they observed communications with other individuals affiliated with underground hacking and hacktivist groups in Europe and Asia. According to Stammberger, the Norse investigation was eventually able to connect an individual directly involved in conversations with the Sony employee with a server on which the earliest known version of the malware used in the attack was compiled, in July, 2014.
HR files leaked in the hack provided the motive part: a massive restructuring in Spring, 2014, in which many longtime SPE employees were laid off. After researching the online footprint of a list of all the individuals who were fired and had the means to be able to access sensitive data on Sony's network, Norse said it identified a handful who expressed anger in social media posts following their firing. They included one former employee — a 10-year SPE veteran who he described as having a "very technical background." Researchers from the company followed that individual online, noting participation in IRC (Internet Relay Chat) forums where they observed communications with other individuals affiliated with underground hacking and hacktivist groups in Europe and Asia. According to Stammberger, the Norse investigation was eventually able to connect an individual directly involved in conversations with the Sony employee with a server on which the earliest known version of the malware used in the attack was compiled, in July, 2014.
Cyber-hack against US subsidiary.
'Obvious' perpetrator targeted by hardliners in government who leverage the blood-lust of the populace, and who pressure the president into immediate action.
Actual perpetrators turn out to be a small group of disgruntled employees.
Nothing anywhere near conclusive from the information provided.
motive, means, opportunity:
MOTIVE: disgruntled ex employees. Check.
MEANS: prearmed with information on the machinations of SPE, not ordinarily known to the public. Check.
OPPORTUNITY: High profile release with the potential to piss off a State leader and shift the blame onto him. Check.
Yes, being a pissed off ex employee with inside information and the chance to make a high profile disruption to those who would risk your mortgage and pension with little to no personal risk is a big fucking bullseye.
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
I was assured by numerous talking heads that this particular network intrusion against a Japanese multinational was not only state-sponsored; but an act of Cyber-terror-war against America and the Homeland, and something that could only be answered in a suitably apocalyptic fashion, lest our nation's honor be soiled!
How could it possibly be something as pedestrian as upset employees?
And yet I was called a North Korean and other things for saying what is obvious.
Love the internet. So fuck you all. I was right and you FBI/President believing dumb fucks are wrong, again.
As I said before, the USA owes the NK a big fucking apology.
Be seeing you...
Yes, but it shouldn't be THAT easy to produce people with those bullseyes.
"Hey, let's fire a few IT guys. Just in case we need to bring up some capeable, disgruntled ex-employees as scapegoats if we ever get hacked."
It's an effing huge diffrence if you are a suspect for something you are or do, or for something that someone else does to you.
bickerdyke
starting by looking for individuals with the "means and motive" to do the attack.
The problem is that Sony is- I wanted to say incredibly lax about security, but that's clearly not right — egregiously careless about security, and also typically, boringly evil so the people with motive are legion. You could find people with motive and opportunity under any rock.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
You act as if disgruntled (ex-)employees have never done such a thing before. You would be wrong.
Seems like they need to gruntle them then..
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
It DOESN'T mean that the swat team will barrel through your door or that the FBI will cart off your desk.
And some times it does. Seems like the best thing is to make certain no one thinks you are disgruntled
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
I just talked with all the rest of the guys here on Slashdot, and we all agree: how could we be so stupid? We're all sorry and it definitely won't happen again; we'll pay really close attention to everything you say from here on out.
You're making this too hard. You can upload terabytes of data using good old SSL or encrypt files with zip tools like 7-zip and there is nothing in the stream of data that will be recognized... that's what encryption is for.
The person wanting to get data out doesn't have to work hard at all to ensure it can't be recognized as it is being transmitted. The difficulty is in making sure that the users of the system don't notice the decrease in disk IO and loss of bandwidth. If they've got a good perimeter defense or the right heuristics for the server, they may notice "hey, that's more activity than usual" and respond, but that's about the only way to catch somebody in the act of transporting data out of a system.
Unless they're stupid. Which, with Sony's security, they could have been.
B) Eliminate all the stupid users. This is frowned upon by society.
Folks,
The evidence here is really, really weak. The connection is tenuous enough and the original pool of possible suspects via their methodology is large enough that I sure as heck wouldn't rule out a connection via random chance. Until we get better evidence, this isn't worth very much.
Norse Security says as much in The Fine Article:
--Paul
... it looks like Norse found what they wanted to find, and not necessarily the reality of what happened.
Oceania has ALWAYS BEEN AT WAR with East Asia.
"Flyin' in just a sweet place,
Never been known to fail..."