Sony Picture attacked by Russian hackers not North Korea
North Korea called The Interview 'illegal, dishonest and reactionary' - but researchers say the country is not to blame for the cyber-attack Reuters

Security researchers believe the massive cyber-attack on Sony Pictures was the work of a team of six hackers completely unrelated to North Korea, and includes a disgruntled former employee.

Coming days after the FBI and US President Barack Obama pointed the finger of blame at North Korea, researchers from security firm Norse claim they have uncovered evidence - including some discovered among the files leaked during the attack - that six individuals based in the US, Canada, Singapore and Thailand are to blame.

It is claimed "at least one" of the half-dozen is a former Sony Pictures employee of ten years who was described in documents leaked during the hack as having a "very technical background" and was mentioned in a file detailing a mass lay-off in spring this year.

US believes North Korea 'contracted out' work to others

But insiders close to the US's investigation into the hack remain convinced North Korea is to blame, and that it may have hired outside help to perform the attack. Speaking to Reuters, a source said investigators are looking into the possibility that Pyongyang "contracted out" some of the cyber work.

Researchers from Norse followed the former Sony employee online and discovered a number of angry posts she made on social media about the layoffs and Sony in general.

By gaining access to IRC (internet relay chat), forums, and other sites, the researchers were also able to see communications between the employee and individuals affiliated with underground hacking and hacktivist groups in Europe and Asia.

Speaking to CBS News over Christmas, Kurt Stammberger, a senior vice president at Norse, said: "We are very confident that this was not an attack masterminded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history."

As reported by Security Ledger, Norse claims the former Sony employee is a woman called Lena, and that she was claimed to be a member of Guardians of Peace, or GoP, the hacking group which first claimed responsibility for the attack.

"This woman was in precisely the right position and had the deep technical background she would need to locate the specific servers that were compromised," Stammberger said.

Many in the cyber-security industry have doubted North Korea's involvement in the attack, firstly because initially the hackers made no mention of anti-North Korea comedy The Interview, which was only later claimed to be the reason for the attack. Doubt has also been cast over the FBI's findings, which were unusually made public during the ongoing investigation, and just days after the hack took place.

Questions have also been raised over the speed at which the hackers were able to download huge quantities of data from Sony's servers, suggesting they had direct access via a USB drive, rather than downloading over the internet, where the process would take much longer and leave the hackers vulnerable to interception by Sony's firewalls.

Norse has handed its findings to the FBI. Stammberger said: "They're the investigators. We're going to show them our data and where it points us. As far as whether it is proof that would stand up in a court of law? That's not our job to determine, it is theirs."