Back in November, the hackers Guardians of Peace began cyberattacks on Sony Pictures. They did this by taking down computer systems and releasing stolen files—all to bully the company into canceling the release of the controversial film The Interview. And just when we thought the hackers won, after the film's Christmas Day release was pulled from major movie theaters, the film was released in select theaters and online.
The Interview. starring Seth Rogen and James Franco, follows the story of the comedic duo assassinating North Korean leader Kim Jong Un. The film went on to become Sony's top grossing movie ever online with approximately two million digital downloads by Jan. 1.
Sony's CEO Kazuo Hirai spoke out against the controversy during Sony Corp.'s event on Monday at the International CES 2015, calling the hack both "vicious" and "malicious."
Although North Korea has denied any connection to the Sony hack, experts in the U.S. were quick to point their finger in Pyongyang's direction for obvious reasons. While speculation over who was behind the attack swirled around, on Dec. 19, the Federal Bureau of Investigation (FBI) formally identified the North Korean government as the culprit of the cybercrime.
"North Korea's actions were intended to inflict significant harm on a US business and suppress the right of American citizens to express themselves," the FBI wrote. "Such actions of intimidation fall outside the bounds of acceptable state behavior."
The FBI cites similar "lines of code, encryption algorithms, data deletion methods and compromised networks" to previous attacks linked to North Korea. Still, crime experts continue to differ on opinions regarding whether or not North Korea was in fact behind the cyberattack.
"It is known that 98 percent of federal trials end up being a prosecution win—meaning the evidence is sufficient," said attorney and U.S. white collar crime expert Arkady Bukh. "That said, it is unlikely for the Federal agency to point a finger on someone with no reason."
Other experts have differing opinions."It's clear to us, based on forensic evidence we've collected, that they [North Korea] is not accountable for arranging or initiating the attack on Sony," says CEO of cyber security firm Norse Sam Glines.
Some have even speculated that pulling the film was just a marketing ploy, even after the Gaurdians of Peace (GOP) threatened with 9/11 style attacks if the movie was released. And of course, the U.S. took these threats seriously. "If network security experts get lax, the ramifications of cyberattacks will grow and get more malicious," Bukh says.
And then there are the rumors that maybe Russia was behind the attack. The largest cybercrime case, a banking card fraud scheme that cost American companies $300 million, was linked to Russia.
Russian hackers are the leaders when it comes to high quality cyberattacks, and they are the best at making money for their crimes. Bukh has estimated that Russia's piece of the global cyberhacking pie is $4.5 billion.
"Financial gain is the most prevalent reason for risking cyberattack," according to Bukh. "A close second is a combination of curiosity and ego. Some hackers engage in this type of activity as a form of sport—to see what they can get away with."
Symantec has ranked the top 20 countries that generate the most cybercrime, using the following criteria: share of malicious computer activity, malicious code rank, spam Zombies rank, phishing, bot rank and attack origin. According to this criteria, the U.S. was found to generate the most cybercrime, followed by China, Germany, Britain and Brazil.
Russia ranked at number twelve, while North Korea didn't even make the top 20 cut.
Buhk believes that the odds that the Russians were linked to the Sony hack are slim. "The motive of the attack did not seem to be financial and all of the cyberattacks of Russian origin with which I'm familiar, are financially motivated," he says. "However, politics sometimes makes for strange bedfellows and international alliances morph and evolve frequently."
Bukh says that if the true culprits were hackers with North Korean links than this person(s) could be charged with multiple counts of unauthorized access, theft, wire fraud and conspiracy. "If it was an inside-job, then the hacker may end up getting a Drum Award. But, in the modern world (and we see this with Russian hackers all the time), a person can be arrested anywhere in the world and brought to the U.S. to face the charges and stand trial."
Until then, the Internet will inevitably produce more theories on who is behind the attack. President Obama has taken matters into his own hands, imposing new sanctions against North Korea in response to the hack.
The Sony hack, which resulted in thousands of leaked emails and access to personal information of past and current employees, should show major companies the importance of beefing up security measures.
"The Internet has permeated every area of our lives," Bukh says. "Chaos and financial loss, as well as potential death, are the very real consequence of a Laissez-faire attitude regarding security."