Chapman also wondered why North Korea would risk an attack during one of its periodic attempts at slightly warmer relations with the West. "They just released three hostages," said Chapman, talking about the freeing of three Americans -- two of them in early November -- who had been imprisoned on spying charges. "[A hack] would be counter-productive in the eyes of the [North Korean] government at this point."
But Chapman acknowledged that it was possible North Korea had hired outsiders or that sympathizers might be responsible. "Cyber is cheap," Chapman said. "You can get a lot of programmers in Asia for a little bit of money. And it could have been a sympathizer in China or even Sacramento."
On Wednesday, Demarest and others testifying before the Senate described the ease with which anyone could become a fairly proficient hacker simply by spending a few thousand dollars for off-the-shelf tools available from the digital black market, lending credence to Chapman's belief that it a nation state need not be involved.
Their point was that the skills necessary to carry out the Sony hack are not limited to first-tier nations known for cyber capabilities, like Russia, China and Iran, or even a second-stringer like North Korea, but are present throughout cyber crime gangs, whose abilities often exceed that of military cyber squads.
"Senator Schumer, we can make you a hacker in 30 minutes, based on the tools that are currently available in the underground," Demarest said.
Schumer said he doubted that and held up his mobile phone, a simple feature phone, drawing laughs from the hearing room.
Sign up for CIO Asia eNewsletters.