As also mentioned here, it’s absolutely naïve to believe only N. Korea or Iran are possibly involved. Russia and China have more sophisticated and highly trained personnel than both nations, yet could’ve been trained or given Russian/Chinese personnel to carry out the dirty work on their soil as to have the trail lead only back to Iran and N. Korea in order to mask the true origins.
WASHINGTON – The U.S. investigation into the recent hacking attack at Sony Pictures Entertainment has turned up evidence that does not point to North Korea as the “sole entity” in the case, but rather, raises the possibility that Iran, China or Russia may have been involved, an intelligence source told Fox News on Thursday.
The source pointed to the sophistication of malware “modules or packets” that destroyed the Sony systems — on a level that has not been seen from North Korea in the past — but has been seen from Iran, China and Russia.
There is no evidence of a forced entry into the Sony systems, pointing to an insider threat or stolen credentials. And the first emails sent to Sony, described as blackmail or extortion, included demands unrelated to the movie.
The malware had two destructive threads, the source said: it overwrites data and it interrupts execution processes, such as a computer’s start-up functions. After the initial attack, the FBI warned the industry that the malware can be so destructive that the data is not recoverable or it is too costly a process to retrieve. The intelligence source added that the forensic evidence suggests that the final stage of the attack was launched outside North Korea’s borders — creating some plausible deniability.
“Given the destructive efforts or effects of this attack, we’re treating this as a national security matter, and as such, members of the president’s national security team have been in regular meetings regarding this attack,” State Department Spokeswoman Jen Psaki said.
Also, Fox News has learned that U.S. security firms were first notified Monday by the U.S. government that they planned to publicly blame North Korea, which is inconsistent with past practice, as the U.S. government often has chosen to work behind the scenes in similar instances.
The White House declined earlier Thursday to directly blame North Korea for the attack, though Press Secretary Josh Earnest referred to the incident as a “serious national security matter.”
Fox News is told that the malware used in the Sony hack attack has two destructive threads: it overwrites data and it interrupts execution processes, such as a computer’s start-up functions. The FBI warns that the malware can be so destructive that the data is not recoverable or it is too costly a process to retrieve.
It is not clear how long the malware needs to be in the system before it brings on an almost complete paralysis. In the case of Sony, support functions — including emails –were knocked off-line, seen as a distraction while the more destructive attack was launching.
This week North Korea’s state-run media KCNA endorsed the Sony hacking, saying it was done by “sympathizers.” Andrei Lankov, an expert on North Korea who writes a column for The Korea Times, says this is as close to an endorsement as possible.
Another expert noted “ambiguity of attribution and guerilla-warfare approach” are the tactics of North Korea. The expert concluded it will be seen that America is vulnerable to blackmail and North Korea will try it again.