In the two weeks or so since Sony Pictures was hit by hackers, speculation has been rife about who was behind the attack, as well as the subsequent data dumps that’ve been landing on the Web since.
The finger of blame has been pointing confidently at North Korea for much of the time, after all, messages purporting to be from the hackers have been demanding Sony Pictures cancel the release of The Interview, a movie about a CIA plot to take out the North Korean leader, Kim Jong-un.
However, a senior FBI official said on Tuesday that “at this point” there is “no attribution to North Korea,” confirmation that investigations over the past two weeks have so far failed to find any link.
The evaluation was made by Joe Demarest, assistant director of the FBI’s cyber division, who was speaking at a cybersecurity conference sponsored by Bloomberg Government.
His words will no doubt be welcomed by the North Korean regime, which over the weekend issued a statement denying any involvement in the damaging security breach, though it was happy to describe it as a “righteous deed.”
North Korea’s not out of the woods yet, however. Note the careful inclusion of the term “at this point.” That’s right, the FBI’s investigations are of course continuing, and North Korea remains a figure of interest, though Demarest’s words indicate the FBI is now casting its net wider.
A number of security researchers said last week there appeared to be similarities between the Sony Pictures attack and a security breach last year involving computer systems in South Korea, which has frequent fallouts with its neighbor in the north.
It was also reported that the malware used in the attack on the movie studio was made using a machine with Korean language settings.
But with the FBI’s statement on Tuesday, it looks as if it could be a while before we learn who really infiltrated Sony Pictures’ servers, an act that Reuters said is likely to cost the studio around $100 million, with much of the money going on computer repairs or replacements, as well as procedures for shoring up its computer networks.
Something it’s impossible to put a price tag on, however, is the damage to its reputation. Many following the story have been shocked by how lax Sony Pictures had been with sensitive company data, much of it stored in files kept online without any password protection.