Bruce Schneier, perhaps the most prominent security pundit in the world, is dubious about the FBI’s claim that the DPRK is behind the Sony Hack, while Kurt Stammberger, the senior VP Norse, a cybersecurity firm, insists that all evidence points to an internal hack:
Cybersecurity experts are questioning the FBI’s claim that North Korea is responsible for the hack that crippled Sony Pictures. Kurt Stammberger, a senior vice president with cybersecurity firm Norse, told CBS News his company has data that doubts some of the FBI’s findings.
“Sony was not just hacked, this is a company that was essentially nuked from the inside,” said Stammberger.
While Norse is not involved in the Sony case, it has done its own investigation.
“We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history,” said Stammberger.
He says Norse data is pointing towards a woman who calls herself “Lena” and claims to be connected with the so-called “Guardians of Peace” hacking group. Norse believes it’s identified this woman as someone who worked at Sony in Los Angeles for ten years until leaving the company this past May.
I’m inclined not to believe the official story from the FBI.
The sketchy accounts currently given by the FBI seem to indicate that they worked backward, starting with the guilt of North Korea, and then picking and choosing evidence on that basis.