Was Sony facing multiple hacking groups?


Sony Pictures Entertainment CEO Michael Lynton's leaked emails reveal the possibility that multiple hacking groups were trying to infiltrate the movie studio’s system, The Daily Beast reported.

The FBI has tied the Sony cyberattack — which shut down the studio’s computer network, exposed its internal documents and caused it to pause the release of a big-budget comedy — to the North Koreans.


But Lynton’s emails — which the Sony hackers released in full — include spear-phishing emails that can be traced back to Turkey and the United Kingdom. Neither country is suspected as the location of any of the proxy servers linked to the cyber criminals that hit Sony.

A spear-phishing email masques as a legitimate email in an attempt to lure recipients into clicking on nefarious links or revealing sensitive information. Reportedly, the phishing attempts Lynton received were relatively common, and not necessarily individually tailored for the movie executive.

The discovery doesn’t exonerate Pyongyang. It does, however, further cloud an already labyrinthine story and illustrates the ubiquity of attempted cyber intrusions on valuable targets.

A heated debate over who’s to blame for the Sony hit has emerged since the FBI publicly accused North Korea.

While the government has vigorously defended its stance, many in the cybersecurity community have lambasted the bureau’s evidence.

In an effort to quell skeptics, FBI Director James Comey disclosed more information Wednesday, explaining the Sony hackers accidentally connected directly through North Korean IP addresses to send emails.

“What are those addresses?” asked Marc Rogers, the principal security researcher at cyber firm CloudFlare, in a blog post. “Why don’t they share them? If they are North Korean servers, then say so! What about the possibility that this attacker who has shown ability and willingness to bounce their connections all over the world is simply bouncing their messages off of North Korean infrastructure?

But the security community is fracturing over the issue. James Lewis, an international cybersecurity expert at the Center for Strategic and International Studies, isn’t buying the alternate theories.

The recent economic sanctions imposed on North Korea “suggest a high degree of confidence within the Obama administration as to the North’s culpability,” he wrote in a Wednesday blog post. “The real issue is lack of trust in the government.”