The FBI remained insistent Tuesday that the Sony Pictures hack — which leaked embarrassing personal emails and confidential employee information such as salary — was to be blamed on North Korea, despite mounting evidence suggesting otherwise.
“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the U.S. intelligence community, DHS [Department of Homeland Security], foreign partners and the private sector,” the FBI said Tuesday in a statement.
The FBI was forced to reiterate their claim after Politico reported Tuesday that a cybersecurity firm, Norse Corp., briefed the FBI on its own intelligence, which depicted six people were responsible for the hack — not North Korea — and at least one of those was said to be an ex-Sony employee.
Norse told Politico it has been investigating the Sony hack since before Thanksgiving and that it presented its evidence to the FBI on Monday. The cyberattacks on Sony started Nov. 24.
In a similar report, Reuters said it spoke to a person close to the FBI’s investigation, who said it was “likely” that North Korea worked with others to help commit the hack opening the door for other parties to be involved. It was unclear if the Reuters’ source meant another country or third-party contractors.
Taia Global, another cybersecurity firm, analyzed about 1,600 words in emails internal to the group that took responsibility for the Sony attack — the so-called “Guardians of Peace” — and determined the primary language used was Russian.
SEE ALSO: Sony to stream ‘The Interview’ on YouTube, Google Play, Xbox
“Our preliminary results show that Sony’s attackers were most likely Russian, possibly but not likely Korean, and definitely not Mandarin Chinese or German,” the Seattle-based company wrote in a Christmas Eve blog post.
The FBI said Dec. 19 that North Korea was responsible for the cyberhack on Sony Pictures based on technical similarities to previous attacks.
In a statement released that day, the FBI said: “North Korea’s actions were intended to inflict signifiant harm on a U.S. business and suppress the right of American citizens to express themselves,” despite having concluded the investigation.
A few days later, in his year-end press conference, President Obama stopped short of calling North Korea’s alleged action an act-of-war and said he thought Sony made a mistake by canceling the release of “The Interview,” a movie that has been denounced by Pyongyang because the farcical plot centers around a plan to assassinate North Korean dictator Kim Jong-un.
The incident would not mark the first time the FBI got their preliminary analysis wrong — especially when dealing with cybersecurity incidents.
In early 1998, the FBI blamed Iraq for a series of network intrusions on government computer networks including the Air Force. Tracing the online data, the FBI gathered the “proxies,” or intermediary servers that assisted the hack, which led to a connection in the United Arab Emirates. From that lead, the FBI assumed Iraq was responsible for the crime.
SEE ALSO: Obama: North Korea’s attack ‘cybervandalism,’ not an ‘act of war’
However, further investigation uncovered the hack was actually made by Israeli and Californian teenagers. To help itself learn from the lesson, the FBI made a training video dubbed “Solar Sunrise,” which the magazine Wired uploaded to YouTube.