Screen shot from an internal audit report allegedly stolen from Sony and circulating on file-trading networks.
"Sony's reaction has all the markings of a company without any sort of coherent plan," writes Bruce Schneier. "Near as I can tell, every Sony executive is in full panic mode."
As always, Schneier nails it. Snip:
[W]e don't know these attacks were sanctioned by the North Korean government. The US government has made statements linking the attacks to North Korea, but hasn't officially blamed the government, nor have officials provided any evidence of the linkage. We've known about North Korea's cyberattack capabilities long before this attack, but it might not be the government at all. This wouldn't be the first time a nationalistic cyberattack was launched without government sanction. We have lots of examples of these sorts of attacks being conducted by regular hackers with nationalistic pride. Kids playing politics, I call them. This may be that, and it could also be a random hacker who just has it out for Sony.
Remember, the hackers didn't start talking about The Interview until the press did. Maybe the NSA has some secret information pinning this attack on the North Korean government, but unless the agency comes forward with the evidence, we should remain skeptical. We don't know who did this, and we may never find out. I personally think it is a disgruntled ex-employee, but I don't have any more evidence than anyone else does.
What we have is a very extreme case of hacking.
"Reacting to the Sony Hack" [schneier.com]
