FBI considers cybersecurity firms' theories in Sony hack
The Obama administration continues to blame North Korea for the hack of Sony Pictures - but State Department spokesman Jeff Rathke acknowledged Tuesday that the DPRK, as North Korea is known, may not have acted alone.
"It's possible that some assets outside of the DPRK might have been involved but that doesn't change the conclusion about the DPRK's responsibility," said Rathke.
In recent days, the FBI met with multiple cybersecurity firms who suggested that North Korea might have outsourced the attack, or had its hackers working from outside the country.
Another firm, Norse, suggested the hackers might have had inside help. It pointed to a woman who calls herself "Lena" and claims to be connected with the "Guardians of Peace," who took credit for the Sony hack. Norse believes she worked at Sony in Los Angeles for ten years until leaving the company this past May.
Kurt Stammberger, a senior vice president with Norse, spoke first with CBS News last week.
"We are very confident that this was not an attack masterminded by North Korea and that insiders were key to the implementation and success of one of the most devastating attacks in history," Stammberger said.
Cybersecurity consultant Ken Van Wyck said what makes pinpointing the hackers so tricky is that they can mask their identities.
"You can traverse through the internet, jumping from one place to another very, very easily, which essentially hides your tracks," Van Wyck told me. "You can make it looks like somebody else did it, you can make it very difficult for the investigators to find you, it's very easy for the attackers to not get found."
Cyber experts tell CBS News that only the U.S. government has the type of far-reaching access to determine who carried out the attack. The firm hired by Sony to investigate the hack told CBS News that they think North Korea is the culprit, but exactly how it executed the attack is still being probed.
