Whodunnit? The Mystery of the Sony Pictures Hack

It has become the whodunnit that is gripping Hollywood without a penny being spent on production.

Now The Mystery of the Sony Pictures Hack - which already had all the ingredients for a major Hollywood film - has taken a new twist as the movie at the heart of the row is pulled.

That raises a whole host of questions but the key one - who was behind the attack - remains unanswered.

To help get to the bottom of the mystery, the BBC turned detective and considered the evidence.

What we know so far:

Image copyright Other

What isn't in doubt, despite Sony's desire to write a script where it wakes up and it was all a bad dream, is that the film giant's internal computer system was hacked in November.

The group responsible called itself The Guardians of Peace and warned that if its demands were not met, secret data would be "shown to the world". Crucially though it did not outline its demands.

A number of as-yet unreleased films popped up on online download sites. The Interview, a comedy featuring a plot to assassinate North Korea's leader Kim Jong-un, was not among those released.

The hackers also released the salary and social security numbers of thousands of Sony employees - including celebrities.

Following threats of 9/11 style incidents at any cinema that screened the film from the group behind the hack, Sony announced that it was cancelling the release of the movie altogether.

Who are the prime suspects?

  • A nation state, most likely North Korea
  • Supporters of North Korean regime, based in China
  • Hackers with a money-making motive
  • Hackers or a lone individual with another motive, such as revenge

The case for North Korea:

Image copyright Reuters
Image caption The leadership made no secret of its anger at the imminent release of The Interview

The case for North Korea being behind the attack seems, at least on the face of it, to be a compelling one.

It has a motive and a history of hacking.

Its leadership certainly did not disguise its anger about the forthcoming Sony film The Interview.

In fact, it described the film as "an act of terrorism".

And rather like a robbery being pinned on a local criminal who has a history of similar offences, North Korea has form.

Many are pointing the finger of suspicion firmly towards the crime Unit 121 of North Korea's General Bureau of Reconnaissance, described by some commentators as the country's most elite hacking unit.

And shortly after news that the film was pulled, the New York Times ran an article quoting an unnamed government source as saying it believed that attack to be state-sponsored with the North Korean government involved.

The case against:

Image copyright Thinkstock
Image caption Who else might be to blame?

It might not be the most compelling evidence but it is worth noting that North Korea denied that it was behind the attack, saying instead that it was the work of someone sympathetic to its cause. It hardly ever bothers to deny such claims.

North Korea is not averse to a bit of hacking but many say that the history of this particular crime does not fit with its modus operandi.

Its usual target is South Korea where attacks such as one launched in March 2013 have taken down internal networks.

Blogger Marc Rogers drills down into the details of this particular hack.

He concludes that the fact that the code was written on a PC with Korean locale and language actually makes it less likely North Korea is the source.

He points out that they do not speak traditional Korean in North Korea, they speak their own dialect and traditional Korean is forbidden.

"Let's not forget also that it is trivial to change the language/locale of a computer before compiling code on it," he writes.

He also points out that the the hackers are very net and social-media savvy. "That and the sophistication of the operation, do not match with the profile of the DPRK (Democratic People's Republic of Korea)."

But perhaps his most compelling piece of evidence is the fact that the attackers only latched onto The Interview connection after the media suggested that North Korea might be linked to the attack.

So if not North Korea then who?

Image copyright Getty Images
Image caption Who else would have a motive for the attack?

In his blog, Mr Rogers writes "I would find the presence of Chinese far more plausible" and others also think that Chinese hackers, possibly recruited by North Korea, are a far more likely source of the malware.

Other think it may be hackers out to make some money.

When the hack was first reported there was little to suggest a monetary motive but actually the hackers emailed five top Sony Pictures executives on November 21, days before they began leaking the files, and demanded money.

Sean Sullivan, a senior researcher at security company F-Secure, believes extortion could be the motive behind the hack.

"That is a lot more credible than a nation state," he told the BBC.

For him, the real test will be what the hackers do next.

If the pulling of The Interview was their primary motive, things should quieten down but if there are more data dumps, then he thinks everyone should pretty much dismiss North Korea as the source.

"I would even bet they dump The Interview on to a torrent site unless Sony puts some money in a brown paper bag," he said.

Like Mr Rogers, he does not rule out the involvement of Chinese hackers.

"It is far more likely that North Korea would have recruited Chinese hackers who both wanted to make some money and cause Sony pain," he said.

If the sorry tale were to be turned into a Hollywood movie and, given the times we live in, it almost certainly will - although probably not made by Sony - a better plotline might be anonymous hackers intent on revenge.

To understand how this might be a possibility requires a bit of a trawl through the history of Sony and hacking.

Its battle with hackers began in 2005 when its music division installed software which modified computer operating systems to prevent CDs being copied. It continued in 2010 when Sony took on teenaged hacker George Hotz who jailbroke his PlayStation 3 and released the code.

Its most high-profile attack happened in April 2011 when hacking group Anonymous launched a campaign to bring down the PlayStation Network. The attackers gaining access to the personal information of more than 77 million users. The hack cost Sony at least $171m.

As Chester Wisniewski, a senior security adviser at Sophos, put it in an interview with Gizmodo. "Sony's been raising the ire of hackers for as long as I can remember, so you have to think that they've known they're a serious target."

For Mr Roberts, the most obvious suspect, like many of the best whodunnits, may be far closer to home.

"My money is on a disgruntled (possibly ex) employee of Sony," he concludes.

Will the case ever make it to court?

It is debatable whether those responsible for the attack will ever be brought to justice. The US government has said that, if the hackers do turn out to be North Korean, it will be very difficult to prosecute them.

And while many may speculate on other suspects, hard evidence is proving elusive.

"The jury is out - North Korea is definitely a suspect. It had opportunity and the means but to convict them you need more evidence," said security expert from the University of Surrey Prof Alan Woodward.

What everyone does agrees is that the ripple effects from the attack will be felt long after the commentators have stopped asking who is to blame.

Sony Pictures faces a long road to redeeming its reputation and gaining back the trust of Hollywood.

America faces the hardest of questions about whether, by withdrawing the film, is has given into threats in a way it usually refuses to do.

And the IT bosses of corporations around the world may just as well cancel all their Christmas leave as chief executives demand immediate reviews of their security procedures in a desperate attempt to make sure they never fall foul of similar embarrassing leaks.

For Mr Sullivan the hack represents a good moment for corporate America to scrutinise its security arrangements. While it might seem easy to blame a nation state it is time to sit up and acknowledge that this could have happened to any number of firms.

He hopes there will be " a decent post-mortem".

Until then though The Most Mysterious Case of the Sony Hack will remain like Charles Dickens' final novel - The Mystery of Edwin Drood - unfinished.

More on this story