Who knew that Sony’s top brass, a line-up of mostly white male executives, earn $1 million and more a year? Or that the company spent half a million this year in severance costs to terminate employees? Now we all do, since about 40 gigabytes of sensitive company data from computers belonging to Sony Pictures Entertainment were stolen and posted online.
As so often happens with breach stories, the more time that passes the more we learn about the nature of the hack, the data that was stolen and, sometimes, even the identity of the culprits behind it. A week into the Sony hack, however, there is a lot of rampant speculation but few solid facts. Here’s a look at what we do and don’t know about what’s turning out to be the biggest hack of the year—and who knows, maybe of all time.
Who Did It?
Most of the headlines around the Sony hack haven’t been about what was stolen but rather who’s behind it. A group calling itself GOP, or Guardians of Peace, has taken responsibility. But who they are is unclear. The media seized on a comment made to one reporter by an anonymous source that North Korea might be behind the hack. The motive? Retaliation for Sony’s yet-to-be-released film The Interview, a Seth Rogen and James Franco comedy about an ill-conceived CIA plot to kill North Korean leader Kim Jong-un.
If that sounds outlandish, that’s because it likely is. The focus on North Korea is weak and easily undercut by the facts. Nation-state attacks don’t usually announce themselves with a showy image of a blazing skeleton posted to infected machines or use a catchy nom-de-hack like Guardians of Peace to identify themselves. Nation-state attackers also generally don’t chastise their victims for having poor security, as purported members of Guardians of Peace have done in media interviews.
Nor do such attacks result in posts of stolen data to Pastebin—the unofficial cloud repository of hackers everywhere—where sensitive company files purportedly belonging to Sony were leaked this week.
We’ve been here before, with nation-state attributions. Anonymous sources told Bloomberg earlier this year that investigators were looking at the Russian government as the possible culprit behind a hack of JP Morgan Chase. The possible motive in that case was retaliation for sanctions against the Kremlin over military actions against Ukraine. Bloomberg eventually walked back from the story to admit that cybercriminals were more likely the culprits. And in 2012, U.S. officials blamed Iran for an attack that erased data on thousands of computers at Saudi Aramco. No proof was offered to back the claim, but glitches in the malware used for the attack showed it was less likely a sophisticated nation-state attack than a hacktivist assault against the oil conglomerate’s policies.