Federal investigators probe possible insider in Sony attack

0
8230853724_b06a002bcd_k

[Photo: Wesley Lelieveld/Flickr CC]

Federal agents investigating a large-scale cyber attack against Sony Pictures Entertainment are examining the likelihood that someone inside the company may have assisted hackers in the gathering and leaking of executive e-mails, personal employee information and other sensitive data, according to a law enforcement source.

The New York Times reported Wednesday evening that U.S. government officials were weighing the possibility that an insider aided hackers in conducting a cyber attack against Sony Pictures in response to the planned release of a film depicting the fictitious assassination of North Korean leader Kim Jong-un.

On Wednesday, unnamed government sources confirmed to major media outlets that suspicion fell on North Korea as an instigator in the online campaign against Sony. Hackers who have identified themselves by the moniker “Guardians of Peace” have released a trove of digital data belonging to Sony, including private medical data of Sony employees and corporate e-mails of various executives.

While investigators continue to seek the perpetrators of the alleged crime, attention has focused inward on the possibility that someone inside Sony — knowingly or unwittingly — helped outside hackers in their crusade against the company.

Dozens of Sony employees have been interviewed by agents over the past few weeks about the attack, according to a federal law enforcement source who spoke to The Desk on condition of anonymity. Those employees include executives, human resource staff and technical support staff, the source said.

Federal investigators believe hackers had “sophisticated knowledge” of the internal system at Sony and that “they knew exactly where to look to get what they wanted,” the source said. Agents have determined that servers used to store information for Sony’s human resources department were among the computers compromised by hackers.

“This was not the kind of attack where hackers grab whatever they can find,” the law enforcement source said. “All indications so far is that the person or group behind the attack had a general sense of what they wanted and a pretty good idea on where to find it. And so, for that reason, we’re exploring the possibility that someone [at Sony] may have helped out here.”

The Times reported on Wednesday that forensic examiners found names and credentials specific to Sony servers inside the malicious code used in the attack. A security researcher told the newspaper that it was “clear” hackers had access to Sony’s servers well before the attack began.

The attack has done little to damage Sony’s standing in the entertainment world, but the leaking of employee information and executive e-mails have embarrassed many of the company’s top executives. Studio executives have apologized in the past few days after leaked e-mails exposed their unflattering remarks about various movie stars and politicians.

At an all-staff meeting on Monday, Sony Pictures Chief Executive Officer Michael Lynton apologized for the attack, promising employees that “hackers won’t take us down.” Hackers responded by releasing tens of thousands of Lynton’s corporate e-mail messages the following day.

On Wednesday, several major movie chains announced they would not screen “The Interview,” the controversial forthcoming film that some say instigated the attack. In response, Sony announced it would scrap the planned Christmas Day release; in a subsequent interview, a spokesperson said the film studio had no further plans to release the movie in theaters or in any other form.