The White House pushed back Tuesday against criticism from some
cybersecurity experts who have challenged the government's
conclusion that North Korea was behind the hacking of Sony Pictures
Entertainment Inc.
Since the Federal Bureau of Investigation said earlier this
month that the North Korean government was responsible for the
hackers" extortion attempt against the studio, some in the field of
computer security have questioned both the bureau's conclusion and
its evidence.
On Monday, engineers from Norse Corp., a cybersecurity firm, met
with FBI officials at the firm's St. Louis office to lay out their
own theory that a small hacking gang including former Sony
employees was involved in the cyberattack on Sony, said Norse Vice
President Kurt Stammberger.
The firm said it had evidence that an unnamed former Sony
technology employee appeared on hacker forums after leaving the
company. The firm has declined to disclose all the evidence it has
to support that conclusion, citing the ongoing investigation.
Thus far, however, none of the alternative theories or evidence
presented to the government has caused federal investigators to
doubt or backtrack on their initial conclusion, said people close
to the case.
"The administration stands by the FBI assessment," said National
Security Council spokesman Mark Stroh. The FBI alsoissued a written
statement saying "there is no credible information to indicate that
any other individual is responsible for this cyber incident."
Sony came under attack this month from hackers who released
reams of embarrassing internal emails and threatened Sept. 11-like
attacks on movie theaters if the studio released "The Interview," a
comedy about the assassination of North Korea's leader Kim Jong Un.
The studio canceled the film's opening, prompting criticism from
President Barack Obama. The Sony Corp. unit ultimately released the
film online and in a limited number of theaters.
At least some of the disagreement over the source of the
cyberattack stems from the particulars of the FBI's initial
announcement. The findings publicly shared by the bureau were based
in large part on comparing the Sony hack to past computer attacks
traced back to the North Korean government.
The announcement wasn't meant to be the last word or a full
accounting of the evidence, but rather a description of the key
points that led the FBI to name North Korea as the lead suspect in
the probe, said people close to the case.
It is unusual for the FBI to say anything about evidence in a
hacking case so soon after an attack, and the investigation is
likely to last months, if not years, more. In its announcement, the
FBI didn't rule out the possibility that North Korea had help in
attacking Sony, according to people familiar with the case.
Officials also have evidence--some of it collected by the National
Security Agency--that they don't want to disclose publicly,
according to people briefed on the case.
Investigators at FireEye Inc., the security firm hired by Sony
to investigate the breach, similarly stand by the conclusion North
Korea was involved, according to people close to the case.
Executives at Crowdstrike Inc., a cybersecurity firm with close
ties to the U.S. government, also sees links between the malware
used against Sony and a North Korean hacking group it has been
tracking since 2006.
"I'm not going to go say 100% it is North Korea, but we have a
high degree of confidence," said Adam Meyers, head of Crowdstrike's
intelligence team.
Jeffrey Carr, chief executive at Taia Global Inc., said his firm
recently employed scientists to study the imperfect English the
Sony hackers used in their notes to the company and journalists.
They found errors made in the texts most closely resembled those
typical of native Russian speakers, though they didn't rule out the
possibility of a native Korean speaker. Mr. Carr said the stakes
were too high for the FBI to be wrong.
By promising to respond to the Sony hack, the government has set
a precedent for cyberwarfare, Mr. Carr said. For that reason, he
added, citizens should have confidence it is a solid case.
Write to Devlin Barrett at devlin.barrett@wsj.com and Danny
Yadron at danny.yadron@wsj.com
Access Investor Kit for Sony Corp.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=JP3435000009
Access Investor Kit for Sony Corp.
Visit
http://www.companyspotlight.com/partner?cp_code=P479&isin=US8356993076
Subscribe to WSJ: http://online.wsj.com?mod=djnwires