Kurt Stammberger, senior vice president at Norse, which provides cyber intelligence to customers in financial services, technology and government, told The Huffington Post that the company remains "pretty confident" that "at least one ex-employee was involved, probably more" in the Sony hack.
As evidence, Stammberger said that Norse has samples of malware used in the Sony hack that existed as early as July, "completely in English with no Korean whatsoever." Sony credentials, server addresses and digital certificates were already built into the malware, he added.
The information doesn't discount the fact that North Korea "definitely benefitted from this hack," Stammberger said. However, he added, "There's no credible evidence that [North Korea] initiated, directed, masterminded or funded this attack."
Norse's research underscores the mysteriousness surrounding the hack -- an event that rattled that studio, almost derailed a movie's release and sharpened U.S. policy against one of its main adversaries.
Last month, the FBI announced that North Korea was solely responsible for the cyberattack. President Barack Obama was confident enough in the attribution last week to slap North Korean officials and companies with economic sanctions. Senior administration officials said on a recent conference call with reporters that cybersecurity firms "don't have the same access" to intelligence that the government does, and quelled concerns by noting that it is "extremely rare for the U.S. government to take this step" of implementing sanctions in response to a cyberattack.
Debate over the identity of the attack's perpetrators has split the cybersecurity community, with some experts remaining doubtful about the scant information the FBI has released. The skepticism reached a fever pitch when the FBI briefly met with Norse late last month to discuss the firm's findings. Following that meeting, a U.S. official familiar with the matter told Politico that the company’s analysis “did not improve the knowledge of the investigation.” A source who had been briefed on the FBI’s investigation also told Politico that the agency had considered the inside job theory, but there wasn't sufficient evidence.
Other cybersecurity researchers have questioned Norse as well. Andrew Komarov, the CEO of IntelCrawler, a cyber threat intelligence company, said,
Marc Rogers, head of security at Defcon, a hacker conference, took a slightly different view.
Like Norse claims, some former employees of the company think that there may have been inside help -- potentially, as Norse has speculated, a disgruntled employee who was hit by mass Sony layoffs last spring.
A former Sony executive, who wished to remain anonymous to protect his relationship with the company, told HuffPost that about 100 former employees in a private Facebook group participated in an informal survey about the hack in December. "By a vast majority, former employees believe it was an inside job," he said.
The Sony executive, who does not have internal knowledge of the company or FBI's investigations into the hack, said that it's "possible that a former employee was involved," but said he believed "this wasn't a one-person job." He added, "Whether it was North Korea, or a hacker group, or an individual from Sony Pictures, these are not mutually exclusive."
Another former Sony employee, who wished to stay anonymous because he doesn't want to compromise his planned participation in a class-action lawsuit over the leaked information, said,
The former employee, who also does not have any direct knowledge of investigations into the hack, added that in his division,
Both Sony and the FBI declined to comment about the status of any investigation into the hack. The FBI referred HuffPost to previous statements it has made on the hack.
Stammberger, the Norse executive, could not comment on whether the company plans to have any further meetings with the FBI regarding Sony. The firm has turned all of its data over to the FBI, and the investigation is now with them.