North Korea denies Sony hack that exposed 47,000 personal records

North Korea has denied responsibility for hacking Sony Pictures Entertainment

North Korea has officially denied responsibility for hacking Sony Pictures Entertainment, an act that crippled the company’s network and exposed the personal details of 47,000 people.

Hollywood stars including Sylvester Stallone were among those connected to the company whose personal details have been posted online by hackers, reported the Wall Street Journal.

Reports of Korean in the malware code used by the hackers sparked speculation the attack was in retaliation for the film The Interview, which is about a plot to assassinate the North Korean leader.

Fuelling the speculation, an unofficial spokesperson for North Korea criticised the film in an interview with The Telegraph saying it showed the "desperation of the US government and American society."

Some security commentators have also pointed to similarities between the Sony attack and a cyber attack allegedly by North Korea against South Korean banks and TV networks in 2013.

But a North Korean diplomat in New York has told US broadcaster Voice of America that the speculative reports linking North Korean hackers to the attack are incorrect.

Speaking on condition of anonymity, the official described the reports linking North Korea to the Sony hacking as “another fabrication targeting the country”.

"My country publicly declared that it would follow international norms banning hacking and piracy,” he said.

So far the only claim of responsibility for the attack has come from a group calling itself Guardians of Peace or #GOP, but nothing is known about the group or its reasons for attacking Sony.

Shortly after the attack, the group threatened to release sensitive data if Sony did not meet its demands, but no details have been made public.

Since then, four still-to-be-released Sony films have been leaked online, along with personal details such as social security numbers of 47,000 employees and freelancers.

The leaked data has also included details of salaries and bonuses; performance reviews; criminal background checks and termination records; correspondence about employee medical conditions; and passport and visa information.

Computer-killing malware

The FBI, which is investigating the attack with FireEye’s Mandiant division, issued a warning about computer-killing malware that is believed to be linked to the Sony attack.

According to the FBI, the malware overrides all data on the hard drives of computers, including the master boot record, preventing them from booting up.

"The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods," said an FBI report.

While this type of attack has been seen before, such as the attack on Saudi Aramco in August 2012 that downed around 30,000 computers, this malware marks a shift in attacks on US-based firms.

Read more on Privacy and data protection