Federal authorities insist that the North Korean government is behind the cyberattack on Sony Pictures Entertainment.

Cybersecurity experts? Many are not convinced.

From the time the hack became public November 24, many of these experts have voiced their suspicions that a disgruntled Sony Pictures insider was involved.

Getty Images Some cybersecurity experts believe the connection between the Sony Pictures hack and Sony Pictures' film 'The Interview' is tenuous.

Respected voices in the online security and anti-hacking community say the evidence presented publicly by the FBI is not enough to draw firm conclusions.

They argue that the connections between the Sony hack and the North Korean government amount to circumstantial evidence. Further, they say the level of the breach indicates an intimate knowledge of Sony's computer systems that could have come from someone on the inside.

This week, prominent California cybersecurity firm Norse Corp - whose clients include government agencies, financial institutions and technology companies - briefed law enforcement officials on evidence it collected that pointed toward an inside job.

"We can't find any indication that North Korea either ordered, masterminded or funded this attack," said Kurt Stammberger, a senior vice-president at Norse. Although conceding that his findings were not conclusive, Stammberger added: "Nobody has been able to find a credible connection to the North Korean government."

Stammberger said a team of nine analysts dug through data including Norse's worldwide network of millions of web sensors, internal Sony documents and underground hacker chat rooms. Leads suggesting North Korea as the culprit turned out to be red herrings and dead ends, he said.

Instead, the data pointed to a former employee who may have collaborated with outside hackers. The employee, who left the studio in a May restructuring, had the qualifications and access necessary to carry out the crime, according to Mr Stammberger.

Moreover, names of company servers and passwords were programmed into the malware that infiltrated the studio's network, suggesting hackers had inside knowledge of the studio's systems, Stammberger said.

The FBI, which first accused North Korea on December 19, has stood by its conclusion, saying in a statement there is "no credible information to indicate that any other individual is responsible for this cyber incident".

Sony Pictures declined to comment.

Federal investigators have cited several findings to support their conclusion.

Analysis of the malware used in the attack revealed links to destructive software previously used by those working on behalf of the rogue state, and the FBI found "significant overlap" with the cyberactivity previously linked to North Korea. Additionally, the tools used against Sony bore similarities to those used in an attack carried out by North Korea against South Korean banks and media outlets last year, the agency said.

But analysts said attribution in cyberattacks is difficult, and hackers are skilled in obfuscation and misdirection to avoid getting caught. Also, software-wiping technology used by the so-called Guardians of Peace group against Sony is widely available to hackers and can be easily purchased. Many were surprised that the FBI made its announcement so quickly.

"You don't want to jump to conclusions in a cyberattack," said Rob Sloan, head of cybercontent and data at Dow Jones. "Attributing attacks is really a non-scientific art."

Then there's the question of The Interview. The Sony comedy thought to be at the centre of the attack depicts a fictional assassination attempt on North Korean dictator Kim Jong Un.

Analysts say the connection to the film is tenuous. The hackers didn't begin to mention the Seth Rogen-James Franco farce in their public messages until media outlets had already reported that the movie was the catalyst for the attack, said Ralph Echemendia, chief executive of the Los Angeles-based digital security consulting firm Red-e Digital.

Echemendia said Guardians of Peace may have latched onto the notion of The Interview as their motivation after attempts to use the stolen data for ransom failed.

The FBI said it could not provide additional information on the case, but said its attribution to North Korea is "based on intelligence from the FBI, the US intelligence community, DHS [the Department of Homeland Security], foreign partners and the private sector."

Even sceptics said the FBI may have more convincing evidence that it has chosen to keep secret. "Being in the intelligence community, I trust the FBI has some information that I do not have," said Tom Chapman, a former US naval intelligence officer and director of the cyberoperations group at Edgewave.

Los Angeles Times

