It’s been almost a month since the ‘Guardians of Peace’ shut down Sony Pictures, leaving a trail of terror threats, cancelled premieres and irreparable damage to Sony Pictures and its executives in its wake. And while suspicion has mostly fallen on North Korea, there’s more than enough reason to think that it might have been someone else.

The hack started on November 24, when a message appeared across Sony Pictures computers threatening to release data unless an unnamed ‘request bet met’. That aim still hasn’t been identified — speculation is rife that it referred to stopping the release of The Interview, but the group hasn’t said so.

It’s entirely possible that the Guardians of Peace name has been used by a number of different groups by now. Though most of the important messages have been released alongside new batches of data — leading some people to speculate that they are coming from the same original person, who has access to the larger haul — the information has probably made its way around file-sharing communities already, and could easily be packaged up and distributed by anyone wanting to take on the name.

The suspects

North Korea

The country began as idle speculation, and has quickly become the main suspect. There are technical reasons to think that the country was involved, and it definitely has the capabilities. But the main reason North Korea is being blamed is because links were made with the upcoming film The Interview, which depicts among other things the violent of death of Kim Jong-Un.

But the messages have only made oblique reference to the film, and those references have intensified as the North Korea connection has become stronger. That could mean the country is getting angrier — or it could mean that it is hijacking the story, or that other people are deliberately framing North Korea.

Angry (ex-)employee

The hack is of such a huge size, and runs so deep, that it’s likely whoever did it had some sort of physical access to the company and its servers. That was, at the beginning of the hack, one of the main theories — but seems to have been largely left behind in the wake of the excitement over North Korea’s involvement.

Anti-security/hacking groups

They are often driven by the same anarchic philosophy that has characterised Anonymous, where many of the hackers came from. Sometimes known as the ‘lulz’, groups can seek to cause as much damage as possible for little reason other than personal enjoyment.

But there could also be something more political at work — Sony, along with other major distributors, has been active in fighting internet file sharing and has even had its systems taken down by Anonymous in 2011.

Cyber-criminals

The often under-estimated part of hacking and internet security is cyber-criminals — they account for most malicious activity on the internet, but are often talked about and worried about a lot less.

But that’s in part because it’s in their interests to stay quiet.

The information leaked from the Sony hack would be far more valuable if cyber-criminals kept it secret, and used it to extort money or other data from the company. Whoever found the information probably doesn’t want to make money from it — they just want to take money off Sony.

So who was it?

Possibly all four, to some degree.

North Korea’s refusal to deny the hack could be just a PR move, which makes people fear the might of the often-mocked country again and associate the attack with the film it has said has upset it so much. Whoever it was likely did have access to the company, and even if that wasn’t an employee could well have been enabled by them. Anti-sec groups are probably responsible for some of the more anarchic use of the data. And cyber-criminals could be secretly poring through the leaks, too.

So whoever did it probably wasn't just one person — and if North Korea did play a part, they probably weren't alone.