The Sony hack was probably carried out by a disgruntled ex-employee who may have joined with hackers to break into the company’s networks, according to a new investigation by a cyber-security firm.
An investigation has focused on a group of six people including the employee, said researchers from Norse Corporation.
Because of the scale of the attack, it was likely carried out with the help of someone with detailed knowledge of the Sony systems, they said — a theory that has been advanced before. Investigators are probing whether an employee could have become disgruntled after redundancies in May and helped carry out the attack in revenge.
Any employee was likely helped out by pro-privacy hacktivists, investigators said. Such groups have long focused their hacking efforts on Sony.
Norse isn't working on the official investigation of the hack, but has brief the FBI, it said.
The theory at least reduces the FBI’s assertion that North Korea was involved in the attack, and Norse does not believe that the country had a role.
“It has always been suspicious that it was North Korea,” said former federal prosecutor Mark Rasch. “Not impossible – but doubtful… It made a lot more sense that it was insiders pretending to be North Korea.”
A number of security professionals have spoken out against the claim that North Korea was behind the attack, instead focusing on groups such as those described by Norse.