Sony hack: Signs point to North Korea

Sony hack could lead to censorship
Sony hack could lead to censorship

We can't say for sure, but the evidence in the Sony Pictures hack is increasingly pointing to North Korea, according to several security experts.

The attack is similar to last year's raid on South Korean banks and telecoms -- one that the country's intelligence officials attributed to the North Korean government.

Here are the latest findings from security researchers at antivirus maker Kaspersky.

Hackers destroyed data on Sony Pictures computers with the same kind of digital weapon used against South Korea.

The malware was built using Korean language -- an odd choice. Most hackers use English or Russian.

And the creepy message that popped up on Sony Pictures employees' computers has the same style -- colors, human skeletons, misspellings -- as those used against South Korea.

"Those are striking similarities," said Kaspersky researcher Kurt Baumgartner. "When you put all of that together, there's an actor that becomes more clear."

hacker message
At left, the 2013 threat against South Korea. At right, the Sony hackers.

There are more similarities.

The malware used against South Korea was called DarkSeoul. The one used on Sony is Destover. Security experts say it's impossible to speak of one without the other.

Both were incredibly destructive to businesses. They slipped into computers and wiped them clean.

Both types of malware were built with similar timing, customized to their specific victims two days before the attack. Other hacks might use malware created with different lead times.

"It's a copycat," said Jaime Blasco, director of the computer security group AlienVault Lab, who analyzed the malware.

Then there's the motive. Sony is about to release "The Interview," a comedy about a plot to kill North Korean leader Kim Jong-Un. Is this retribution? Sony executives have already suspected North Korea might be the culprit, calling it "a terrorist attack."

What's more, the Sony Pictures hack has a different purpose than many recent ones. Cybercrime from China has been associated with stealing secrets from U.S. companies. Crime syndicates in Russia have focused on credit cards. "Hacktivists" disrupt companies or governments -- but claim a clear, idealistic mission.

The Sony Pictures hack was purely about destroying information and embarrassing the company. Hackers stole movie scripts, entire films, internal memos and personal information on movie stars and Sony employees. Then they wiped computers.

"That's why this one feels so different. This is about hurting Sony," said Carl Wright, formerly the chief information security officer for the U.S. Marine Corps and now general manager for TrapX Security.

Sony Pictures did not return requests for comment.

Happy birthday PlayStation!
Happy birthday PlayStation!

The timing couldn't have been worse. Earlier this year, Sony laid off many employees, including members of its comparatively tiny cybersecurity team, according to a former employee in that group.

Adding to the pain: Sony lost its top cybersecurity executive just two months ago. After a major hack of the Sony Playstation network in 2011, Sony plucked a top official from the Department of Homeland Security to be its chief information security officer. That executive, Philip Reitinger, left Sony in September to start his own firm. Sony noted that it was quick in hiring a replacement for that role.

CNNMoney Sponsors