Despite the FBI's firm assertion earlier this month that North Korea was definitely behind the Sony hack attack, not everyone has been satisfied with that conclusion. A Chatham House cybersecurity expert, conservative blogger Charles C. Johnson, a hacking conference security director, and plenty of theorists on Twitter and Reddit have all advanced postulations that don't point to North Korea. But only cybersecurity firm Norse was able to talk the FBI into a meeting yesterday, where company researchers proposed the hack was pulled off by an angry employee, perhaps working with piracy hackers, Politico reports. The company's evidence, compiled partly using leaked Sony HR docs, points to six people (two in the US, one in Canada, one in Singapore, one in Thailand), including an employee who worked in a technical capacity and knew her way around Sony's networks, the Security Ledger reports.
Norse VP Kurt Stammberger says insider knowledge would explain how the hackers were able to access Sony server IP addresses and passwords. Arguments already presented against North Korea's culpability include that the malware and IP addresses used in the hack were easily obtainable and that the code supposedly used in previous North Korea attacks was widely known in underground hacking circles, notes Politico. But while the FBI isn't officially changing its stance based on Norse's new info, an official said to be close to the investigation told Reuters yesterday that the US now thinks North Korea may have commissioned foreign hackers to assist it in the attack. And Stammberger thinks the FBI is still open to ideas. "If they weren't, they wouldn’t take a meeting with us," he tells the Daily Beast. (No matter who was behind the hack, John McCain says it's war.)