“She was exactly in the right position to hack into the system.”
The case for the hack being the work of the North Koreans was weak, he added.
“The facts simply don’t fit. First of all the North Koreans rarely back away
from taking the credit for any provocative action.
“In this case they have vociferously denied it.
“This has to have been done by someone with detailed inside knowledge.”
He was not the only expert to be extremely sceptical about pinning the blame
on North Korea as the cyber security industry crawled over the evidence.
Marc Rogers, principle security researcher at CloudFlare, a California-based
security company, was also extremely doubtful.
“I would not say it is ridiculous to say that North Korea was responsible, but
I think it is extremely unlikely,” he said.
“If you are going to accuse somebody of some pretty egregious crimes, you have
to have enough evidence for it to stand up in court and what has been
presented does not meet those standards.”
Mr Rogers disputed key planks of the FBI’s analysis including the agency
bulletin highlighting the similarity used in the Sony attack and that
employed in a 2012 assault on Saudi Arabia and the following year on South
“The problem is nobody has properly attributed this malware to North Korea.”
Mr Rogers said the attack on Saudi Arabia was “pretty amateurish” although the
DarkSeoul attack on South Korea was more professional.
But the Shamoon malware, which was used in the earlier attacks, is widely
known to have been leaked, which would have made it readily available to
He said the FBI’s emphasis on the IP addresses, some of which had been linked
with North Korea, was even more flimsy.
“IP addresses are not conclusive of anything. They are conduits used to get
onto the internet.
“They are proxies and hackers use multiple proxies.
“If you are going to hack, you are hardly going to do it from your own
Further checks showed that these IP addresses had been used by a number of
malware operators in the past.
The behaviour of the group which claimed responsibility also cast doubt on the
North Korean regime being behind the attack.
“The first hack does not even mention the film and then, the icing on the
cake, is the latest statement said they could release the film anyway.”
Jeffrey Carr, chief executive of Taia Global, which analysed the language used
by the hackers, also doubted that North Korea was responsible.
His experts examined closely the language used by the Guardians of Peace, the
group which claimed responsibility for the hack.
In particular it analysed the linguistic errors made by the hackers which, his
team concluded, were most likely to have been made by somebody whose native
language was Russian.
“What is exciting about this report is that it is tied to the hackers
themselves it is as close as you can get to scientific evidence who might
have been responsible,” Mr Carr told the Telegraph.
“Somebody’s language is very difficult to disguise and we believe it that it
adds to the belief that the North Koreans were not responsible.
“This attack is more like an attack on a corporation by a group of hackers
unrelated to any government.”
But Tim Ryan, who heads Kroll Associates cyber security practice, believed
that dismissing the FBI’s analysis was premature.
Mr Ryan, who formerly headed the FBI’s cyber security squad, believed his
former colleagues would not have blamed North Korea without sound evidence.
“What you have to look at is a constellation of facts,” he added.
He dismissed what he believed were conspiracy theories being advanced
“Things are not always like a John Le Carré movie.”