Despite a lack of compelling evidence, the world has mostly assumed that villainous North Koreans broke into Sony last year, causing one of the biggest digital meltdowns of all time. But many experts remain skeptical, including one veteran hacker who says he's positive the Russians did it.
According to a new report by online security firm Taia Global, the mega-breach into Sony Pictures was not the work of a North Korean team. Instead, the attack came by way of Russia, known worldwide for its large pool of expert and unscrupulous hackers:
A team of Russian hackers gained access to Sony Pictures Entertainment Culver City network in late 2014 by sending spear phishing emails to Sony employees in Russia, India and other parts of Asia. Those emails contained an attached .pdf document that was loaded with a Remote Access Trojan (RAT). Once Sony employees' computers were infected, the hackers used advanced pivoting techniques to gain access to the Sony Pictures Entertainment network in Culver City CA where they continue to have access as of today.
Taia's source here is a Russian hacked who goes by "Yama Tough," which is not only an extremely cool name, but a venerable one in the field:
Yama Tough is a long-time Russian-born black hat hacker (over 10 years) who has been engaged by both the Russian and Ukrainian governments as well as private companies outside of Russia.
Yama Tough says he was able to make contact with an "Unnamed Russian Hacker," (URH) and could confirm his participation in the Sony breach. Not only this, but the UHR provided evidence that he's still inside Sony's network:
As a way of introduction and to establish his bona fides as a member of the team who hacked Sony, URH provided Yama Tough with two Excel spreadsheets that were not included in any of the earlier Sony data dumps. One week later, URH provided 100MB of Sony data to Yama Tough who in turn provided a sampling of six files to Taia Global. After that came several Sony emails with dates as late as January 14 and January 23, 2015. It became apparent that URH had ongoing access to Sony's network despite the numerous companies and agencies involved in investigating the breach.
Taia CEO Jeffrey Carr told Forbes that he's "100% certain" that Yama Tough is being truthful here, but this still requires a lot of trust on our part. But if Russian hackers are not only responsible for the initial leakage cataclysm, but are still digging through Sony's servers months after the fact, both Hollywood and the American intelligence community could be in for yet another very bad couple weeks.