This does not surprise me at all. The first level of security is the physical level, i.e., access to the physical network. If you have a computer connected to a physical cable, you are almost all the way there. All you need then is a user account.
To get through firewalls and routers, that takes a bit more effort. After that, you still need a user account.
There was a story the insider / hacker was going to be arrested soon. Then everything spun to North Korea.
I wonder why North Korea is the story ‘they’ want. ?
Does Sony get some insurance claim or in some way let off the hook if an outsider nation hacked them and not a ticked off recently fired employee?
What is the ‘win’ for Obama being able to blame North Korea? If anything, it makes the U.S. and the companies based here (Sony is viewed as technological high tech and even they got hacked) as weak and potential victims.
What’s the political win for Obama?
That is why most “hacks” involve at least some inside involvement. Typically, the company will do everything they can to deny insider involvement, because that ratchets up their legal exposure exponentially. Every company should have a security policy in place for immediate execution in the event of employee termination. Companies that don’t are just begging to be sued.
I tend to agree, probably inside job. I was a systems engineer, doing some critical testing with another engineer on a tight deadline at one place. There was a network manager blocking my requests for access between a couple sites miles from each other, frustrating me for a couple weeks. When no one was looking, we ran a couple patch cables from our equipment bypassing his firewalls and routers, got the connection, completed our testing of a bank of servers and removed the bypass. The network manager never knew. The guy was too anal and paranoid. Later on, he blocked some important department heads and got canned. In short, there is lots of politics and subterfuge going on in companies that is not always visible.