When Sony Pictures was hit by a huge hack in 2014 that exposed reams of sensitive data, it was described by intelligence officials as ‘the most serious cyberattack ever made against U.S. interests.’
The FBI quickly pinned the attack on North Korea, saying state-sponsored cyber criminals had plundered Sony’s servers to avenge Kim Jong-un’s honor over upcoming Seth Rogen film ‘The Interview’, which mocked him and his regime.
But a new investigation has brought together former Sony execs, cyber experts and other figures including Rogen himself who question that narrative.
The FBI officially blamed North Korea for the 2014 Sony Pictures hack, saying the Hermit Kingdom wanted revenge over The Interview (pictured) which mocked Kim Jong-un
North Korea, which regularly boasts about missile tests in an attempt to provoke the US, has repeatedly denied being involved in the attack
And it posits an alternative theory – that the hack didn’t come from North Korea at all, but actually originated from Russia.
Central to the theory, put forward by The Hollywood Reporter, is a Ukrainian called Max Popov, a one-time Russian hacker turned FBI informant.
According to Popov, a Russian contact of his began passing him Sony data in early 2015, including emails between executives that had not been released as part of the original online dumps.
Popov added that these emails were dated from after Sony had claimed to regain full control of its servers, implying that the company was not as secure as first thought.
Seth Rogen, who wrote, starred in an produced The Interview, said he also doubts the film provoked the attack – since hackers never targeted him
He passed this information along to researcher Jeffrey Carr, who had previously provided briefings to the CIA, and he in turn handed the data to the FBI.
That was the last he heard about it.
E.J. Hilbert, a former FBI agent who was instrumental in bringing Popov into the bureau as an informant, says it’s ‘very likely’ that the former hacker could have got his hands on genuine information from ‘the bad guys’.
While Hilbert stopped short of speculating who those ‘bad guys’ might be, he added that Popov has no known connections with North Korea and instead relies on ‘Iranians and Russians’ for his information.
Suspicions over the North Korean narrative are also shared by Steve Mosko, former head of Sony Pictures Television, who told THR: ‘I never believed it had anything to do with The Interview.’
Rogen, who directed, starred in and produced the film, added that he also finds it hard to believe North Korea directed the attack.
In the wake of the leaks he said he hired a cyber risk team and private investigator to check his own network for a breach. Not only was there no breach, hackers had never even tried to break into his systems.
Maxim Popov, a former Russian hacker turned FBI informant, claims a contact of his in Russia began passing him Sony data that was not released in public information dumps after the hack was over – suggesting they could be the origin of the breach
They are hardly the first people to express skepticism.
Marc Rogers director of security operations for hacker conference DEF CON and the principal security researcher for mobile security firm Cloudflare, put forward his doubts in an article for The Daily Beast in 2014.
While he did not say where the attack did come from, he raised doubts about evidence presented by the FBI as proof of North Korea’s involvement.
At the time, agents said Malware used by the hackers bore similarities to code used by North Korea in the past, and the attack came from IP addresses with known links to the Hermit Kingdom.
The FBI has officially blamed Park Jin Hyok, who they say was a hacker with state-sponsored Lazarus Group. North Korea denies his existence
In his piece, Rogers pointed out that the first bit of evidence is circumstantial at best – anyone could have decided to pirate the North Korean Malware and use it for their own aims – and the second could be easily faked.
For its part, the FBI maintains that North Korea was responsible and have even gone so far as to charge a man – Park Jin Hyok – who they believe was responsible.
The bureau says Park was a member of Lazarus Group, a state-sponsored cyber-crime collective, and was also involved in the WannaCry ransomware attack.
North Korea has always denied it was behind the Sony hack, and has denied Hyok’s existence.
For its part, Sony said in a statement to THR that it has no reason to believe anything other than the conclusion of the FBI’s investigation.
Other theories are that the hack was perpetrated by a Hollywood insider with a score to settle, given how the information was leaked with an intimate knowledge of what would prove most damaging to the people involved.
Some even suggest that it was carried out by white-collar criminals looking to crash Sony’s stock price and profit off the debacle.
The Sony hack was described as ‘the most serious cyberattack ever made against U.S. interests’ at the time, and saw embarrassing emails, actor salaries and four full films leaked
THR points out that several large stock sales took place between the time the attack was carried out and the time it was made public, and that there was an increase in short-selling – where investors effectively bet on a share’s price collapsing – before the attack was made public.
It is unclear whether any of this activity was ever investigated.
The Sony hack led to the release of a trove of sensitive personal information about Sony employees, including Social Security numbers, financial records, salary information, as well as embarrassing emails among top executives.
The data dumps included full copies of four yet-to-be released Sony films, among them ‘Annie,’ and one that was in theaters, the Brad Pitt film ‘Fury’.
Among the emails released in the hack was an exchange between Amy Pascal, then co-chairman of the studio, and ‘The Social Network’ producer Scott Rudin where they joked about what might be then-President Barack Obama’s favorite movies, listing ’12 Years a Slave’ and films by black comedian Kevin Hart.
The pair apologized. Pascal left her job months later.