By James Rogers, ,
Published October 22, 2015
With the investigation into last week’s cyberattack on Sony Pictures still ongoing, speculation is mounting that someone with knowledge of the company may have been involved in the hack.
Earlier this week the finger of suspicion was pointed at North Korea over the mysterious hacking incident which crippled Sony Pictures' network.
Now experts think that an insider may have been involved in the attack. The hackers knew their way around Sony Pictures’ IT infrastructure, according to Jaime Blasco, labs director of security management specialist AlienVault, who has reviewed samples of the malware used in the attack.
“From the samples we obtained, we can say the attackers knew the internal network,” he wrote, in a statement emailed to FoxNews.com.
Blasco explained that the malware samples contain hardcoded names of servers inside Sony’s network and even credentials/usernames and passwords that the malware uses to connect to systems inside the network.
On Nov. 24 a hacking group called Guardians of Peace, or GOP, took over Sony Pictures’ corporate network and vowed to release sensitive corporate data if certain demands were not met. Variety reports that screener copies of at least five Sony movies were downloaded freely online following the hack. In a further twist, a spreadsheet appeared on a text sharing site Monday purportedly showing the salaries of top Sony Pictures executives.
Nir Polak, CEO of big data security company Exabeam, told FoxNews.com that a disgruntled Sony insider could have been involved in the hack.
"Given that employee salary information and stolen digital films were likely contained in completely different parts of the IT architecture, it is also likely that an insider with a grudge could have provided administer-level credentials and access to Sony’s network diagrams to the attackers," he wrote, in an e-mail. "With this information, co-conspirators from a foreign entity would have an IT blueprint and a ‘set of keys,’ allowing access to all private data and intellectual property."
AlienVault’s Blasco discovered that the malware samples “talk” to IP addresses in Italy, Singapore, Poland, US Thailand, Bolivia and Cyprus. These are probably hacked systems or Virtual Private Network (VPN) proxies that attackers used to hide the hack’s origin, according to the security expert. “We also found the attackers were using the Korean language in the systems they used to compile some of the pieces of malware we have found,” he added.
Earlier this week a source familiar with an FBI alert sent out to entertainment companies told Fox News that the highly destructive malware was written in Korean, further fueling talk that Pyongyang launched the cyber attack.
However, the Korean-written malware also may have been an attempt to confuse investigators about its origin, according to the source.
Sony Pictures’ forthcoming film “The Interview,” starring Seth Rogen and James Franco as journalists enlisted to assassinate dictator Kim Jong-un, has outraged North Korea.
In June North Korea submitted a letter of complaint to the U.N., urging the U.S. to prevent the film’s release.
However, Sony Pictures denied a report on Wednesday that it was poised to name North Korea as the source of the hacking incident.
The Culver City, Calif.-based firm has not yet responded to a request for comment on this story, although the company’s top brass has already voiced their anger over the cyberattack.
The FBI has launched a probe into the hack.
“The FBI is working with our interagency partners to investigate the recently reported cyber intrusion at Sony Pictures Entertainment,” explained the agency, in a statement emailed to FoxNews.com Monday. “The targeting of public and private sector computer networks remains a significant threat, and the FBI will continue to identify, pursue, and defeat individuals and groups who pose a threat in cyberspace.”
On Thursday an FBI spokesman told FoxNews.com that the investigation is continuing, but was unable to provide any updates on the probe.
Sean Doherty, president of security consultancy TSC Advantage, told FoxNews.com that the Sony hack underlines the potential threats posed by malicious insiders.
"It is absolutely essential for organizations to go back to basics and elevate the role of human behavior in defense of their sensitive data, whether trade secrets, intellectual property, or other proprietary information," he wrote, in an email.
Follow James Rogers on Twitter @jamesjrogers