Cyber Security Experts Question Whether North Korea Acted Alone in Sony Hack

A Steed Symposium panel on cyber security raised questions about other possible players while advising that companies must be prepared for such attacks.

North Korea many not have been the only player involved in the hack on Sony Pictures, a panel of cyber security experts argued on Monday evening.

While North Korean involvement in the cyber attack that hit Sony late last year shouldn't be discounted, the story might be more complex, cyber psychologist Mary Aiken said during a panel about cyber security hosted by Loyola Marymount School of Film and Television as part of its annual Steed Symposium. A large portion of the panel — which took place at the Grammy Museum as part of the Los Angeles Film Festival and was moderated by The Hollywood Reporter’s Kim Masters — addressed the cyber attack waged against Sony last year that attributed to North Korea as a response to the satirical film The Interview.

“We’re not ruling out North Korea; what we’re saying is that it’s not as simple as it seems,” Aiken said. “It can be a convergence of interests. That’s what differentiates cyber from the real world. It’s so easy to syndicate.”

Ralph Echemendia, a hacking expert who calls himself “the ethical hacker,” echoed Aiken’s argument. “I think it definitely was a revenge hack,” he said. “Was it state-sponsored or by some other parties? It could be five guys sitting in Russia for all we know.”

That counters the prevailing narrative that North Korea was behind the attack. The FBI has been resolute in declaring the isolated country responsible, pointing to signs such as an IP address used exclusively in North Korea. "It was North Korea or it was someone who knew North Korean attack patterns," argued John Brown of Kernel, the digital media company that helped distribute The Interview online.

In the weeks that followed the hack, which crippled Sony and embarrassed executives with the public release of email correspondence, Sony first canceled plans to theatrically release The Interview after pushback from theater owners but ultimately released the film online and in a limited number of theaters. “If the motive was to stop the movie being released, why wasn’t it taken down at that stage?” asked Aiken, the inspiration for and a producer on CSI: Cyber.

Brown said that the film went up in multiple places — including Google Play and Microsoft’s Xbox Live — which made it more resilient against being pulled down. “Our system was attacked, but not with a lot of gusto,” he added.

Kernel, he added, got involved in The Interview’s release because the company was already working with Sony on a digital marketing campaign for another film, The 5th Wave. After a number of other potential partners turned Sony down, Kernel created a streaming capability in about five days to get the film up online by Christmas Day.

So how can a company protect against such an attack?

Daniel Schecter, a partner at Latham & Watkins, said that most companies will be hacked, so protection should be about resilience. “Is what you’re doing reasonable?” he asked. “Do you have reasonable countermeasures and plans?”

The panel conversation was preceded by a presentation from Echemendia about hackers and then a screening of the short film Implant from Film Independent fellow Casey Cooper Johnson. Set in the future, Implant tells the story of a woman who believes a chip in her brain has been hacked and the hackers have forced her to kill someone.

Johnson says he set out to make the film after meeting a woman who claimed that a chip in her brain had been hacked. He explains: “I wanted to find out, is this remotely possible? How far into the future is it possible?”