(Adds interview with FireEye, background)
By Mark Hosenball and Jim Finkle
WASHINGTON/BOSTON, Dec 29 (Reuters) - U.S. investigators believe that North Korea likely hired hackers from outside the country to help with last month’s massive cyberattack against Sony Pictures, an official close to the investigation said on Monday.
As North Korea lacks the capability to conduct some elements of the sophisticated campaign by itself, the official said, U.S. investigators are looking at the possibility that Pyongyang “contracted out” some of the cyber work. The official was not authorized to speak on the record about the investigation.
The attack on Sony Pictures is regarded to be the most destructive against a company on U.S. soil because the hackers not only stole huge quantities of data, but also wiped hard drives and brought down much of the studio’s network for more than a week.
While U.S. officials investigate whether North Korea enlisted help from outside contractors, the FBI stood by its previous statement that Pyongyang was the prime author of the attack against the Sony Corp unit.
“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment,” the Federal Bureau of Investigation said in a statement to Reuters.
North Korea has denied that it was behind the Sony attack and has vowed to hit back against any U.S. retaliation.
The people who claimed responsibility for the hack have said on Internet postings that they were incensed by the Sony Pictures film “The Interview,” a comedy about a fictional assassination of North Korean leader Kim Jong Un.
Because of the hackers’ threats, major U.S. cinema chains refused to show the film. Last week, Sony struck deals with some 320 independent theaters to distribute “The Interview” and also made the film available online.
Some private security experts have begun to question whether Pyongyang was behind the Sony cyberattack at all.
For instance, consulting firm Taia Global said the results of a linguistic analysis of communications from the suspected hackers suggest they were more likely from Russia than North Korea. Cybersecurity firm Norse said it suspects a Sony insider might have helped launch the attack.
“I think the government acted prematurely in announcing unequivocally that it was North Korea before the investigation was complete,” said Mark Rasch, a former federal cybercrimes prosecutor. “There are many theories about who did it and how they did it. The government has to be pursuing all of them.”
The FBI said its determination that North Korea was behind the hack was based on information from a variety of sources, including intelligence sources, the U.S. Department of Homeland Security, foreign partners and the private sector.
“There is no credible information to indicate that any other individual is responsible for this cyber incident,” the agency said.
Kevin Mandia, whose security firm was hired by Sony to investigate the attack, said the only way to know who the culprits are is to trace the network traffic from the infected machines back to the hackers’ machines. Only the government and Internet service providers have that kind of visibility, he added.
“I don’t have the data that they have to come up with that conclusion,” Mandia, chief operating officer of FireEye Inc , said in a video interview with Reuters.
“Every attack loops through numerous machines,” he said. “You have to peel that onion all the way back. It isn’t an easy thing to do.”
Mandia, who has supervised investigations into some of the world’s biggest cyberattacks, said the Sony case was unprecedented.
“Nobody expected when somebody breaks in to absolutely destroy all your data, or try to anyway, and that’s just something that no one else has seen,” he said. (Reporting by Mark Hosenball in Washington and Jim Finkle in Boston; Editing by Tiffany Wu and Warren Strobel)