A North Korean spokesman's advice to "wait and see" only intensified accusations that his country's government was behind a series of hacks that shook the ground beneath Sony Pictures Entertainment, but evidence trickling in is supporting a growing suspicion the breaches were perpetrated from within.
A group calling itself Guardians of Peace has claimed responsibility for the Nov. 24 attacks that netted perpetrators 27 GB of highly sensitive files, running the gamut from human resource documents to internal communiques. The information was spread across the Internet, forcing Sony's own PlayStation Network servers to work as peer hosts for the torrent files containing the data.
The massive breach also resulted in the leak of five Sony films that include Annie, Fury, Mr. Turner, Still Alice and To Write Love on Her Arms.
When the attacks first came to light, some suspected Kim Jong Un's North Korean regime of funding the attacks based on speculation the communist ruler may have been seeking vengeance against Sony related to an upcoming movie, The Interview, a comedy with a plot that centers on Kim's attempted assassination.
When asked if Pyongyang had a hand in the attack against Sony, a North Korean spokesman replied "wait and see." That spokesman's ambiguous answer may have merely been posturing, as traces of the malware believed to have been used in the attack are revealing evidence the hackers were intimately familiar with the inner workings of Sony.
"From the samples we obtained, we can say the attackers knew the internal network from Sony since the malware samples contain hard-coded names of servers inside Sony's network and even credentials / usernames and passwords," says Jamie Blasco, a director with AlienVault Labs, a cybersecurity company.
Along with the evidence indicating the intruders were familiar with Sony's server structure, Lucas Zaichkowsky, a cybersecurity expert, says the name the hackers have given themselves is a bit flashy for a state-sponsored group.
"State-sponsored attackers don't create cool names for themselves like 'Guardians of Peace' and promote their activity to the public," says Lucas Zaichkowsky, a cybersecurity expert.
Re/Code published a story asserting Sony was preparing to name North Korea as the party behind the cyberattacks, but a source inside of Sony, who wishes to remain anonymous, says the story wasn't accurate and the investigation is ongoing.