All sorts of theories about who really made off with terabytes of Sony Pictures Entertainment’s corporate data and then set off malware erasing the company’s hard drives have emerged over the past week in the wake of Sony’s release of The Interview. While the FBI is insistent that the responsibility for the Sony breach and cyber-defenstration rests solely on the Democratic People’s Republic of Korea, security analysts who have conducted their own examination of the malware and other information suggest that the attack was at least partially an inside job.
But there’s been another strange twist in the Sony Pictures saga: now Lizard Squad, the DDoS attackers involved in the Christmas denial-of-service attacks against Sony’s PlayStation Network and Microsoft’s Xbox Live network, have claimed they were tangentially involved in the breach. Someone claiming to represent Lizard Squad told the Washington Post’s Brian Fung that Lizard Squad had sold Sony Pictures usernames and passwords to the Sony attackers (the "Guardians of Peace"). Fung said that his contact confirmed his identity by posting something to the group’s Twitter feed.
"We handed over some Sony employee logins to them," said Fung's source. "For the initial hack. We came by them ourselves. It was a couple."