Russian hackers were responsible for infiltrating Sony Pictures Entertainment's digital networks and leaking documents and emails onto the internet, according to a new report containing evidence obtained by cybersecurity firm Taia Global. Moreover, the report claims that Sony files are still being siphoned off by Russian hackers.
The source for all this? Yama Tough, a hacker who stole and released the source code for a 2006 version of Symantec's Norton antivirus software from Indian government servers and tried to extort the company for $50,000 in 2012. The mysterious hacker is thought to be a member of the allegedly India-based hacker group Lords of Dharmaraja, who leaked documents obtained from Indian military servers in the same year. According to Taia Global, Yama Tough made contact with the Russian hackers and obtained the documents from them.
"We are 100 percent certain that the evidence we have received is genuine," said Jeffrey Carr, CEO of Taia Global. "The information in terms of how the attack was done—I would say I'm 80 to 90 percent certain about it because of our relationship with Yama Tough over the years."
According to Carr, Yama Tough has supplied Taia Global with data mined from international networks in the past, and that the data is generally reliable. Carr added that sometimes, however, the information Yama Tough provides the company is not so solid.
"There is the possibility that Yama is involved and that he pulled the documents himself."
In their report, Taia Global lists documents it received from Yama Tough dating back to November 2014, when the first intrusion by the hacker group Guardians of Peace, believed to be North Korean by the US security community, occurred. Sony employees would not verify the document's authenticity, but a third party film analyst who created the document in question confirmed it as genuine, Carr said.
Yama Tough and Taia Global's claims add new fuel to the fire of doubt regarding North Korea's involvement in the Sony hacks within the cybersecurity community. Immediately after the first hacks came to light, experts lambasted the FBI's evidence as flimsy at best. Even now, experts can't agree on who is most likely to have perpetrated the hacks.
As for Yama Tough's claims regarding the involvement of Russian hackers in stealing Sony's files, the only evidence available is the hacker's word and linguistic analysis performed by Taia Global themselves on the GOP's Pastebin posts that the firm claims indicated Russian authorship, not North Korean.
"I have not met with the hackers, nor have I communicated them or know for certain that they exist," Carr said. "There is the possibility that Yama is involved and that he pulled the documents himself, but he's denying that he did. There's only so much that we know for sure, so we have to trust the information that's given to us."
As for what Sony should do about Russian hackers still stealing data from their network, as Yama Tough claims, Carr was blunt.
"I believe companies are spending too much money on incidence response, when they should be focusing on keeping their data from leaving the network," he said.