Although many believe that North Korea is behind the cyber attack on Sony Pictures, investigators also have looked at the possibility that the Chinese military was behind the original break-in. That might be why Mandiant, the cyber security firm, was brought in to investigate, according to a source who has worked with Sony, Mandiant and the FBI on many previous hack attacks. “Mandiant has investigated so many Chinese attacks,” the source said. “It’s kind of their forte.”
There are other signs that the Chinese military might be involved, as well. “Most custom malware like this has been coming out of the Chinese cybercrime groups and is used for intelligence gathering,” the source said. “They have probably been inside Sony’s network for at least six months, maybe longer.”
The source said that the Chinese Army “monitors every company that has some interest in China.” And by “monitor” he means that for intelligence-gathering purposes, the military hacks nearly every foreign company that does business there. What sets this incident apart, the theory goes, is that until now, information hacked by the Chinese military’s elite cyber squad never has been made public.
In September, two months before the hackers revealed themselves, China’s largest privately owned conglomerate reached a major deal to co-finance a slate of films with Sony Pictures and Jeff Robinov’s Studio 8. The companies had been in talks since March, which is about the time that experts believe the initial hack might have occurred. At a press conference on the Sony lot, Guo Guangchang, Chairman of Shanghai-based Fuson International, told reporters: “We always look at long-term investments, and we’re also partners with Sony. We invest in the experts in this industry.” At his side were Rabinov, Sony Pictures Entertainment Chairman and CEO Michael Lynton, and Sony Motion Picture Group Chairman Amy Pascal.
“My theory is that the initial intrusion was done by the Chinese military for monitoring purposes,” the source told Deadline. “Then access was sold or traded to one or more traditional western hacking groups. It was probably done by a member of China’s military group for their own personal gain. Once they had access, the new hackers grabbed data and set up an elaborate timetable of release.”
In other words, a rogue Chinese military officer might have outsourced the stolen data to the hactivist group that calls itself the Guardians of Peace, which then released the mountain of stolen information to the media. Speculation has centered on North Korean involvement because of Sony’s upcoming release of The Interview, a comedy about a bumbling plot to assassinate North Korean dictator Kim Jong-un. In an awkwardly worded threat, the GoP warned Sony to “Stop immediately showing the movie of terrorism which can break regional peace and cause the War!”
North Korea has denied any involvement in the Sony attack but called it a “righteous deed.” Ja Song Nam, North Korea’s ambassador to the United Nations, has called the film “an act of war,” and North Korea’s foreign ministry has threatened “merciless countermeasurer” if the film is released. “What we clearly know is that the Sony Pictures is the very one which was going to produce a film abetting a terrorist act while hurting the dignity of the supreme leadership of North Korea,” said a spokesman for the North Korea’s National Defense Commission.
Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, said last week that he is “fairly confident” that North Korea is involved in the attack.
North Korea is China’s client state, and while the Hermit Kingdom might have been the end user of the stolen data, other indications point to China as the source of the original break-in.
The Chinese military has been accused of hacking American companies before – charges the military denies. “It is unprofessional and groundless to accuse the Chinese military of launching cyber attacks without any conclusive evidence,” the Chinese Defense Ministry said in January 2013.
“What makes this attack unprecedented is that the hackers decided to make the intrusion public to the employees, then started formatting hard drives, then started strategically leaking out information to embarrass and damage Sony’s reputation,” said the source dealt with Sony, the FBI and Mandiant in the past. “That’s not the MO of any state-run hacking group. This looks like a ‘hactivism’ group or some lesser hackers that are trying to punish Sony. Sony is not well liked because of their effort to stamp out hacking on the PlayStation line. That’s what got Sony Computer Entertainment hacked by Anonymous a few years ago.”
Regardless, the source is confident that whoever is behind the Sony attack will be identified, saying, “Mandiant and the FBI will be able to trace back the hack eventually.”