Thursday, December 25, 2014

opinion | Sony cyberattacks unlikely to be work of single agent

A surprising number of people have raised the possibility that the Sony cyberattack is the result of an inside job, in particular that of a single rogue agent. The narrative is that the attack was the work of a disgruntled employee, one with access to critical computer infrastructure throughout Sony. After compromising the system and leaving behind enough red herrings to make North Korea seem culpable, the perpetrator triggered the attack right when North Korean anger against the film would be highest, manipulating all sides against each other.

Already we’re assuming the employee is (1) disgruntled enough to actually launch an attack and (2) has deep access to Sony’s computer infrastructure. Fair enough, but for the narrative to work, the perpetrator must also have (4) intimate knowledge of the studio’s film release plans, (5) keen awareness of the geopolitical tensions surrounding North Korea, and (6) be a smart enough hacker to execute an attack of this scale, cover his own tracks, and leave enough leads for investigators to suspect North Korea.

If the leaps in logic needed to follow this narrative haven’t already caused a minor aneurysm, we must now also assume the perpetrator has crazy good timing and is fearless enough to raise the ire of various government agencies. Throw in an underground lair and we’ve got a cross between a Bond villain and The Joker.

Is it possible that an inside man had a hand in instigating this attack? Absolutely. It seems close to impossible for the perpetrators to carry out such an attack without inside information about which databases to breach and how. But to suggest one man brought a behemoth studio to its knees seems unlikely at best, and to further say that somehow North Korea is entirely exculpated is naive.

No comments:

Post a Comment