A week later FBI stated that North Korea was indeed behind the hack attack only to be discredited by a host of security professionals over the last week, including former federal prosecutor Mark Rasch. So who really is behind the massive hack of Sony Pictures? Norse Corporation researchers believe it to be a inside job or carried out with active insider participation. The Norse Corp researchers are focussing their investigations on six individuals according to a blog report posted by them. They say these individual are connected to Sony and may have worked to compromise Sony’s corporate network. The band of six includes at least one ex-employee of Sony Pictures who had technical know how and knew the Sony networks inside out. Norse Corp says that it has deduced this from the fact that “it would take an insider with detailed knowledge of the Sony systems in order to gain access and navigate the breadth of the network to selectively exfiltrate the most sensitive of data, researchers from Norse Corporation are focusing on this group based in part on leaked human resources documents that included data on a series of layoffs at Sony that took place in the Spring of 2014.” Norse Corp researchers have tracked the activities of this ex-employee on underground forums of the Dark Web where there was lot of chatter on the IRC channels about the hack, prior to the attack. Norse Corp researchers believe that this ex-employee or employees may have joined hands with the pro-piracy hacktivist groups because of Sony’s anti-piracy related actions over the years. The researchers believe that the hacktivists then infiltrated the Sony Pictures corporate network with the insider knowledge of the complete Sony network. Norse plans to fully brief the FBI on the current status of their investigation early this week, and says it is up to law enforcement to decide if there is enough evidence to pursue the individuals identified. Norse Corporation may have hit on the inside job angle now but a redditor, 3DGrunge had already pointed that out on 4th December, on the thread that sprung up on Reddit, after almost 100TB of data from Sony hack attack was leaked.
While a post on Hollywood Reporter added further credence to the inside job theory by stating that, In the same post, Cybersecurity expert Hemanshu Nigam also theorized that “an employee or ex-employee with administrative access privileges is a more likely suspect.” He went on add the reason for his theory, “For the studio — which has laid off hundreds of employees over the past year in an effort to contain costs — the possibility of a disgruntled employee wreaking havoc is very real.” From the outside it seems impossible to carry out such massive hack attack without insider knowledge of various network components in detail. Also the download time for a 10G channel is 22 hours at a steady download rate, working on this premise, the hackers needed somebody on inside to funnel such kind of data without disturbing Sony’s firewalls, CDNs and other security systems.