On Monday, the FBI redoubled its assertion that North Korea was behind the recent Sony hack that resulted in the email inboxes of Sony executives being leaked while cybersecurity experts continue to publicly doubt the veracity of the FBI's claims.
Official FBI statements released to reporters on Monday maintain that the agency's evidence is substantial enough to conclusively pin the hacks on North Korea. Officials stated that "there is no credible information to indicate that any other individual is responsible for this cyberincident," according to reports.
New evidence and statements from an anonymous government source this week have added fuel to the flame of doubt regarding North Korea's involvement, however.
According to an anonymous government source, Reuters reports, the FBI is now considering the possibility that North Korea contracted the job out to foreign hackers. The source told Reuters that North Korea "lacks the ability" to pull off such an extensive cyber attack.
Norse, Inc., a cybersecurity firm based in California, claims to have uncovered evidence that links the hack not to North Korea, but to an ex-employee laid off this year among thousands of other Sony workers.
According to the company, the ex-employee came from a "very technical background" and was in contact with five other internationally-based individuals with ties to the case, and other individuals connected to hacking groups in Europe and Asia.
According to reports, Norse representatives met with FBI investigators on Monday to present their evidence, which included angry social media posts by the ex-employee.
While the evidence on both sides remains arguably inconclusive, a thick atmosphere of disbelief led by cybersecurity experts hangs over the case.
Almost immediately after the FBI released its evidence implicating North Korea in the Sony hacks on December 19th, cybersecurity experts began poking holes in the agency's claims.
Brian Martin of Risk Based Security, for example, told Motherboard that the malware used in the attack communicating with North Korean IP addresses likely indicates nothing more than the hackers cleverly routing their attack through North Korean proxies.
Marc W. Rogers, principal security researcher for CloudFlare, told us that the malware used in the attack—which the FBI claims is similar to previous attacks that have been linked to North Korea—was likely shared among many hackers and built using code from previous malware.
While the official line is still that North Korea is to blame for the hack, the new evidence from Norse and an admission from a government official that the investigation is now looking to actors outside of North Korea—although they maintained North Korea's involvement—are further indications that the evidence against North Korea may not be not as convincing as the FBI claims.