FBI agents on Monday met with researchers at a private security firm that said the cyber attack on Sony Pictures was likely the work of a handful of individuals and not the North Korean government, according to Politico.
Norse, an IT security firm, contacted the FBI to discuss its findings that indicated the hackers were a combination of a disgruntled Sony employee working with a piracy group, Politico reported Monday.
“When the FBI made the announcement so soon after the initial hack was unveiled, everyone in the [cyber] intelligence community kind of raised their eyebrows at it, because it’s really hard to pin this on anyone within days of the attack,” Norse executive Kurt Stammberger told Politico on Monday.
“Whenever we see some indicators or leads that North Korea may be involved, when we follow those leads, they turn out to be dead ends,” he also said, adding that if the U.S. has incriminating evidence, it should share it with security firms looking to help.
The FBI released a statement on Dec. 19 accusing the North Korean government of the Nov. 24 attack, but several cybersecurity experts have expressed skepticism since the announcement.
On Monday, the FBI told Politico it was standing by its statement.
FBI agents initially questioned Sony employees in early Decemeber before the Bureau began pointing the finger at North Korea.
As Politico noted, multiple firms and experts have questioned the FBI’s account: Robert Graham of Errata Security has persistently rejected the idea; DefCon official and security researcher Marc Rogers fact-checked the evidence in the Bureau’s statement.
Blogger and security expert Bruce Schneier likewise wrote that he was “deeply skeptical,” and linguists at Taia Global, Inc. wrote that their analysis pointed to Russian, not Korean, perpetrators.
