Sony has a tumultuous month with its hacking scandal involving the embarrassing leaked emails, ncluding: Angela Jolie, Barack Obama, and Leaked Salaries.
Sony being sued because of the leaked data is not the worst part, but the potential loss of its business because Hollywood can no longer trust Sony is probably even worse. So at Sony’s darkest hour, Sony decides to deflect from its hacking scandal to North Korea. Western Propaganda ate this whole thing up: From FBI blames North Korea, Obama vows response, to North Korea Internet down.
Besides deflecting the criticism towards the North Korea, Sony seem to kill 2 birds with one stone and will get free publicity towards “The Interview” movie anyways as the movie is released in digital media and movie theaters in its Christmas Day release. It makes Americans as a ‘patriotic’ thing to do as a thumbs down against ‘censorship’ and North Korea to watch this otherwise mediocre movie.
The only problem is that alot of Security experts doubt that North Korea actually did the hack. There are plenty of articles that like this, this, and that. I would like to add in my 2 cents.
First it is the type of data being stolen. Most of the “normal” hacking incidents is usually logins, passwords, addresses, credit card #’s which can be obtained from a compromised e-tailer’s web server like Home Depot and Target. However, the type of data being stolen in this hacking incidents are emails, computer inventory spreadsheets, and data that could not get stolen in an web server. The only incidents where this type of data was in the Bradley Manning and Edward Snowden, where a former insider was able to retrieve this kind of data.
Second it is amount of data data being stolen. yet how can 100 TB of data be stolen under the noses of the security engineers of Sony? Let’s face it, North Korea’s internet infrastructure won’t handle this much data and the speculation of some North Korea’s elite unit operating in Shenyang is just ludicrous.
Third it is the intent. the original intent from hackers was to extort money from Sony for not releasing the embarrassing emails, and not to stop the release “The Interview.” An article from Wired best summarize this:
Nation-state attacks aren’t generally as noisy, or announce themselves with an image of a blazing skeleton posted to infected computers, as occurred in the Sony hack. Nor do they use a catchy nom-de-hack like Guardians of Peace to identify themselves. Nation-state attackers also generally don’t chastise their victims for having poor security, as purported members of GOP have done in media interviews. Nor do such attacks involve posts of stolen data to Pastebin—the unofficial cloud repository of hackers—where sensitive company files belonging to Sony have been leaked. These are all hallmarks of hacktivists—groups like Anonymous and LulzSec, who thrive on targeting large corporations for ideological reasons or just the lulz, or by hackers sympathetic to a political cause.
The only plausible explanation of this hack is from a current or former disgruntled employee with backdoor access was able to steal more than 100 TB worth of data under Sony’s nose. Instead Sony being in turmoil, it seems to be able to save its own skin by blaming North Korea.