LOS ANGELES — Everyone has a theory about who really hacked Sony Pictures Entertainment.
Despite President Barack Obama’s conclusion that North Korea was the culprit, the Internet’s newest game of whodunit continues. Top theories include disgruntled Sony insiders, hired hackers, other foreign governments or Internet hooligans. Even some experts are undecided, with questions about why the communist state would steal and leak gigabytes of data, e-mail threats to some Sony employees and their families and then threaten moviegoers who planned to watch “The Interview.”
“Somebody’s done it. And right now this knowledge is known to God and whoever did it,” said Martin Libicki, a cyber security expert at RAND in Arlington, Virginia, who thinks it probably was North Korea. “So we gather up a lot of evidence, and the evidence that the FBI has shown so far doesn’t allow one to distinguish between somebody who is North Korea and somebody who wants to look like North Korea.”
Perhaps the only point of agreement is that even the most dramatic cybercrimes can be really, really hard to solve convincingly.
Unlike crimes in the physical world, forensic investigators in the cyber world can’t dust for fingerprints or corroborate evidence by interviewing suspects. In prior closed-book cases, cyber criminals caught bragging online were only charged after evidence was found on hard drives.
Because North Korea is so isolated and its Internet infrastructure is not directly connected to the outside world, it’s more difficult to trace attacks originating there. North Korea has vehemently denied that it was responsible for the attack.
The FBI worked with other U.S. agencies, including the National Security Agency, on the Sony investigation to trace the attacks.
