Yep, North Korea was behind Sony Pictures hack – FireEye

22 Apr 2015

In the most emphatic explanation yet, FireEye’s president Kevin Mandia has fairly conclusively attributed the infamous Sony Pictures hack to North Korea, echoing statements from US President Barack Obama.

Speaking at the Code/Enterprise event in San Francisco, Mandia – whose company was called in to deal with the fallout of the hack, and work out the whys and the hows – claimed it was absolutely impossible for this to have been an inside job.

Last November, Sony employees woke to find the entire system taken offline, credited to the #GOP. A leaking of personal details ensued, including the social security numbers of employees and major Hollywood stars.

Things only got worse from there, with threats made to staff, blockbuster movies leaked online and then the slow drip-feed of executive emails that led to many a head rolling in the big seats.

It was grim, emphatic and seemingly never-ending, before FireEye and indeed the US Government took the challenge head on and came out swinging, with US President Barack Obama laying the blame firmly at the feet of North Korea in a state address.

Still, conspiracy theories remained, with many wary of such a clean-cut case, myself included. However, now Mandia has completely ruled out it being an embittered insider, seeking to wreak havoc on his employer.

“Definitely not an insider,” he said. “Nope, for lots of reasons.

“Number one, the amount of infrastructure used to create the compromise. Number two…if you break in… it happens 99pc of the time, the victim goes ‘wait, it had to be an insider. They knew the structure of our database and found all our social security numbers’.

“The actual answer is the bad guys got the credentials to your database. They did a ‘show’ schema command and your social security numbers were in a field called ‘social security numbers’, or ‘SSN’. Your primary account numbers are in ‘primary account numbers’.

“If you write a letter to someone in your family you name it ‘lettertograndma.doc’, version one, two, three…

“The offence can read about this and do a bit of recon. There’s always the voice that says it must be an insider. Not when there’s a lot of IP addresses accessing your network, not when there’s data going out of your network. There’s zero shred of evidence that it was an inside job.”

When asked why he believed it was the North Koreans, and why indeed they came to target Sony, Mandia was as emphatic. He claimed that from what FireEye saw as the responding team, and some of the things the US government knows that it hasn’t shared with him.

Early reports related to a Sony Pictures movie called The Interview, which got North Korea’s back up when the storyline depitced two journalists enlisted to hunt down and kill the country’s leader.

“The evidence that we have found would support what our government has said. And that was very intentional that the [US] President himself has attributed it to North Korea.

“In 20 years of responding to incidents, never once have I walked out of responding to that incident and heard the President of [the US] on TV saying, ‘and that was done by Russians’. It has never happened.”

US and North Korean flag image, via Shutterstock

Gordon Hunt was a journalist with Silicon Republic