What we now know about the Sony Pictures hack shows this cybermystery isn't over yet.
The FBI presented evidence that North Korea was behind the hack. Upon closer examination, security experts, hackers and people familiar with Sony's computer networks are uniting with this disheartening reality: Anyone could have pulled this off.
It could have been a disgruntled Sony employee, profit-seeking hackers, North Korea -- or a combination of the three.
Here's are the facts about the hack that we know.
- Hackers used computer servers in Bolivia, Cypress, Italy, Poland, Singapore, Thailand and the United States to attack Sony.
- The IP addresses associated with those servers have "previously [been] linked to North Korea" by the FBI.
- The malware used against Sony had what the FBI calls "lines of code" and "data deletion" methods similar to malware "North Korean actors previously developed."
- The computer-wiping software used against Sony was also used in a 2013 attack against South Korean banks and news outlets, which the FBI attributed to North Korea.
- The malware was built on computers set to Korean language -- unusual in the hacking world.
- Hackers demanded Sony Pictures pull "The Interview" to avoid starting a war over a movie.
These facts are why the Obama administration has accused North Korea of hacking Sony (SNE) Pictures and has vowed to retaliate.
But security experts aren't 100% ready to point their finger at North Korea -- not yet, anyway.
Technical evidence shows anyone can tap servers for hacking and spamming. Hackers routinely borrow and share computer code. Computer-wiping software can be bought legally by anyone. A computer's language setting can be changed on a whim. And this hack actually started as an extortion attempt on Nov. 21 when Sony executives got emails saying: "The compensation for it, monetary compensation we want."
Robert Graham, a researcher with Errata Security, stresses that anyone can hire hackers on the black market. These cybersoldiers of fortune might work on behalf of a country or an ex-Sony employee -- and not even know it.
He's also wary of how quickly the U.S. government blamed North Korea. Hacking investigations typically take months, including the FBI's takedown of online drug bazaar Silk Road and hunting down members of LulzSec.
"Even if its true that it was North Korea, I don't think the FBI would do it in three weeks," Graham said. "Maybe six months."
This year's major hacks are a perfect example. Law enforcement still hasn't publicly identified -- or arrested -- those who broke into Target (TGT), Home Depot (HD) and JPMorgan (JPM) and stole millions of credit cards and lots of personal data.
Robert M. Lee, co-founder of consulting and software firm Dragos Security, puts it this way: There might be evidence against North Korea, but what the FBI presented doesn't cut it.
Lee, until recently a U.S. Air Force intelligence officer specializing in cyber warfare, also worries about how quickly North Korea was blamed. Lee said intelligence agencies and law enforcement don't typically work together at this kind of breakneck speed -- and when they do, they often rely on outdated or inaccurate information, because there are so many conflicting intelligence reports.
For its part, North Korea's government says it was framed. Take that for what you will.
Adding to the fog: Lots of Sony employees with critical access to its computer network were laid off by the company earlier this year, according to ex-employees. And early on, the Sony hackers talked about seeking "equality" at Sony.
A simple explanation points to North Korea. But those who understand hacking worry it's just too simple.