Sony Pictures Entertainment might have been hacked by Russian blackhat hackers and not the Democratic People Republic of Korea. This news emerged this week after renowned Russian blackhat YamaTough revealed that a group of Russian hackers had shown him evidence that they still, as of January 2015, have access to Sony’s network.
When Sony Entertainment was hacked in November 2014, the Sony security committee and US cybercrime investigators were quick to assign blame to the DPRKcyber army claiming that the motivation for the attacks was to stop the release of the movie “The Interview” which makes fun of the DPRK’s leader.
This is now being strongly doubted after reports emerged that Russian blackhats hacked Sony. The attack was carefully planned and perpetrated over some period of time with the precision of a military operation.
The Russian hackers first hacked into the Sony Entertainment computers in their Asian branches. The hackers first accessed SPE’s Culver City, California network in late 2014 through a spear phishing attack on Sony employees in Russia, India and other parts of Asia, U.S. security intelligence firm Taia Global explained a report.
The evidence gathered by Taia Global and presented in this report proves that one or more Russian hackers were in Sony Pictures Entertainment’s network at the time of the Sony breach and continue to have access to that network today. It validates Taia Global’s preliminary linguistic analysis as accurate. It raises questions about the sources and methods used by Sony’s investigators and the U.S. government who failed to identify the Russian hackers involved and to differentiate them from the alleged DPRK hackers. Taia Global relied upon two novel techniques - a method of linguistic analysis for small data sets (see Appendix A) which showed that the attackers were most likely Russian, and the cultivation of trusted human sources in Russia and the Commonwealth of Independent States which Taia Global has been doing since 2011. Intelligence gained strictly from technical sources like the malware that was used, or from the “working hours” of the attackers, can be easily faked. Historically, there is an over-reliance upon signals intelligence (SIGINT) to the detriment of traditional human intelligence (HUMINT). This report could not have been produced without Taia Global’s long-term interest in seeking and building trusted contacts throughout the world. Finally, the victim company Sony Pictures Entertainment, who has been relying upon one or more cyber security companies for its incident response, is still in a state of breach. Sony documents dated as late as January 23, 2015 were provided to Taia Global from Yama Tough’s Russian source who appears to have at-will access to the company.