Epstein files were allegedly compromised by foreign hacker in 2023; FBI admits 'cyber incident'



The FBI Field Office in New York produced myriad documents pertaining to its criminal probe into child sex offender Jeffrey Epstein. Attorney General Pam Bondi suggested in a Feb. 17, 2025, letter to FBI Director Kash Patel that "thousands of pages of documents related to the investigation and indictment of Epstein" were stored on site there.

Some of these documents were allegedly compromised in a hack years before the Department of Justice began publishing the heavily redacted Epstein files.

Reuters' source suggested that the hack appears to have been executed by a 'cybercriminal' rather than a foreign government.

The bureau revealed in 2023 that it was investigating a hack of its computer network, which it characterized as an "isolated incident that has been contained."

Multiple sources briefed on the matter told CNN at the time that FBI officials suspected the incident involved a bureau computer system used in the investigations of images of child sexual exploitation.

Reuters, citing a source familiar with the matter and recently published DOJ documents, reported on Wednesday that the hack entailed a foreign actor's targeting of files related to the FBI's investigation of Epstein.

The hack reportedly took place after a server at the New York FBI office's Child Exploitation Forensic Lab was allegedly left exposed by Special Agent Aaron Spivack, who did not return Reuters' numerous requests for comment but has previously issued a voluminous statement on the matter.

RELATED: 'The mistake I made': Bill Gates reportedly admits to affairs with Russians, apologizes for Epstein fallout

Photo by Joe Schildhorn/Patrick McMullan via Getty Images

Among the Epstein files released by the Department of Justice in recent months is a 2024 statement from Spivack in which he addresses the allegations that he "improperly stored digital evidence at his residence"; "improperly handled, documented, and stored digital evidence and failed to secure [child sexual abuse material] within policy, resulting in a cyber intrusion"; and "exceeded the limits of his authority by contracting an outside company to develop computer software on behalf of the FBI."

Spivack — who apparently participated in the Epstein investigation — stated that the cyber "intrusion" happened on Feb. 12, 2023.

After logging into his computer to find a .txt file indicating that his network had been compromised, Spivack claimed that he ran an anti-virus sweep, which identified a potential threat. He said that he was unable, however, to remove the threat, as his "administrative privileges had been removed."

Spivack notified some of his colleagues, attempting to rectify the issue, then noticed that the main server was down, that other servers were malfunctioning, and that "the folders that contain our data was missing."

According to Spivack's timeline, he and others later noticed "strange IP activity that took place [on Feb. 12] from two IP addresses."

"The activity included combing through certain files pertaining to the Epstein investigation," stated Spivack.

It's unclear what particular files were accessed and whether they were downloaded, reported Reuters.

By 5 p.m. on Feb. 13, 2023, Spivack said, "we realized we were hacked."

The FBI reiterated that the "cyber incident" was an "isolated one" and said in a statement obtained by Reuters that "the FBI restricted access to the malicious actor and rectified the network. The investigation remains ongoing, so we do not have further comments to provide at this time."

The FBI did not immediately respond to a request for comment from Blaze News.

Reuters' source suggested:

  • that the hack appears to have been executed by a "cybercriminal" rather than a foreign government;
  • that the hacker did not appear to realize he or she had hacked a law enforcement server; and
  • that the hacker expressed revulsion at the presence of child sexual abuse images on the device and threatened to turn its owner over to the FBI.

The hacker — whom the FBI allegedly spoke to on video chat but was unable to identify or locate — may have acted alone, but Jon Lindsay, an associate professor at the Georgia Institute of Technology's School of Cybersecurity and Privacy, suggested that the hack demonstrates the files' potential intelligence value.

"Who wouldn’t be going after the Epstein files if you’re the Russians or somebody interested in kompromat?" Lindsay told Reuters. "If foreign intelligence agencies are not thinking seriously about the Epstein files as a target, then I would be shocked."

Reuters indicated it was unable to "establish the result of the bureau's internal investigation" regarding Spivack or connect with FBI agents identified in the documents as being involved in the investigation.

Spivack stressed in his 2024 statement, "I have rescued more exploited children than anyone in the NYFO and in most of the Bureau. All I wanted to do was to better the Bureau. I did not know how to do everything right, but I always did the right thing and everything I did was with good intentions. I love this job. I was not reckless."

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!

Iranian state TV hijacked with Trump, Netanyahu message urging citizens to 'seize control'



Iran’s state broadcaster was taken over on Sunday, according to reports, by what appeared to be a coordinated cyber operation airing messages from President Donald Trump and Israeli Prime Minister Benjamin Netanyahu urging Iranians to rise up against their government.

The interruption struck feeds operated by Islamic Republic of Iran Broadcasting, including its widely viewed TV3 channel. Viewers inside Iran recorded the moment on their phones, and the footage quickly spread across social media.

'Unleash the glorious and prosperous future that is close within your reach.'

Video circulating online show clips featuring Trump and Netanyahu accompanied by Persian subtitles calling on citizens to take action against the ruling regime.

The disruption reportedly lasted roughly 30 seconds before the signal cut to black and regular programming resumed.

RELATED: Israeli officials say Khamenei is dead. Update: Trump confirms.

Photo by Roberto Schmidt/Getty Images

Video widely shared on X shows Trump at a podium wearing a “USA” cap, delivering remarks translated into Farsi. In the video Trump encouraged Iranian citizens to “seize control of your destiny” and “unleash the prosperous and glorious future that is close within your reach.”

Netanyahu’s segment, according to clips and reposts, described what he called a once-in-a-generation opportunity for Iranians to change their government and cast off what he referred to as the yoke of tyranny.

Iranian authorities have not publicly confirmed the intrusion or identified who was responsible. There has been no official statement from IRIB acknowledging the disruption.

Conservative commentator Nick Sortor wrote that Iran State TV had reportedly been hacked and was showing a message from President Trump calling on Iranians to rise up against the regime. His post quickly amassed tens of thousands of likes and more than a million views.

RELATED: 'Painful days': Iran kills US troops as Trump threatens decapitated Iranian regime

Photo by Roberto Schmidt/Getty Images

Satellite monitoring groups and regional outlets reported the disruption based on viewer videos and feed anomalies, though independent verification of the source of the intrusion remains limited.

If confirmed as an external cyber operation, the intrusion would mark a rare instance of a foreign leader’s call for regime change appearing on a state-controlled television network inside an authoritarian country. During the Cold War, Western governments used outlets such as Voice of America to broadcast into countries behind the Iron Curtain. Interrupting a regime’s domestic television feed would represent a more direct form of information warfare than traditional cross-border broadcasting.

For now, Iranian state television has resumed normal programming.

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!

Convicted hacker twins who landed jobs as federal contractors nabbed for allegedly deleting government databases



Muneeb and Sohaib Akhter, a pair of convicted hackers based in Alexandria, Virginia, were arrested on Wednesday over an alleged conspiracy to destroy government databases and other crimes.

After doing prison time for wire fraud and conspiring to hack into the U.S. State Department, the Akhter twins, one of whom previously served as a cybersecurity contractor with the State Department, managed to secure jobs as federal contractors — working as engineers for Opexus.

'Their actions jeopardized the security of government systems.'

Opexus, a company that handles sensitive data for most federal agencies and has received over $50 million in contracts from various agencies over the past decade, determined earlier this year that it had been compromised in February by two employees.

A Bloomberg investigation revealed in May that after one of the agencies with which Opexus was working, the Federal Deposit Insurance Corporation, flagged the twins as possible threats on account of their criminal records, the duo were fired on Feb. 18.

The company later discovered that while being fired and immediately afterward, the twins allegedly accessed sensitive documents and compromised or scrubbed dozens of databases, including those containing data from the General Services Administration and the Internal Revenue Service.

The FBI, FDIC Office of Inspector General, Department of Homeland Security Office of Inspector General, and Homeland Security Investigations investigated the case.

The brothers were indicted on Nov. 13 for allegedly working to harm Opexus and its U.S. government clients "by accessing computers without authorization, issuing commands to prevent others from modifying the databases before deletion, deleting databases, stealing information, and destroying evidence of their unlawful activities," the DOJ said in a release.

RELATED: Could hackers target your car's tires?

Muneeb Akhter. Photo by Evelyn Hockstein/Washington Post via Getty Images

According to the indictment, Muneeb Akhter allegedly deleted approximately 96 databases storing U.S. government information — including databases containing records and documents related to Freedom of Information Act matters as well as sensitive federal investigative files.

Muneeb Akhter is also accused of asking an artificial intelligence tool how they could cover their tracks after deleting a DHS database.

After he got fired from Opexus, Muneeb Akhter allegedly obtained data from the U.S. Equal Employment Opportunity Commission and is accused further of stealing copies of IRS information including federal tax information and other identifying information for at least 450 individuals.

Opexus did not respond to a request for comment from Blaze News.

"These defendants abused their positions as federal contractors to attack government databases and steal sensitive government information," said Matthew Galeotti, acting assistant attorney general at the Department of Justice's Criminal Division, in a statement. "Their actions jeopardized the security of government systems and disrupted agencies’ ability to serve the American people."

Muneeb Akhter has been charged with conspiracy to commit computer fraud and to destroy records, two counts of computer fraud, theft of federal records, and two counts of aggravated identity theft. His twin, Sohaib Akhter, was charged with conspiracy to commit computer fraud and to destroy records and computer fraud.

While Sohaib Akhter faces a maximum penalty of six years in prison, Muneeb Akhter faces a mandatory minimum penalty of two years of prison time for each aggravated identity theft count and a maximum penalty of 45 years for the other charges.

The duo pleaded guilty in 2015 to a different set of crimes.

Muneeb Akhter hacked into the website of a cosmetics company and stole thousands of customers' credit card and personal information. He and his brother used the stolen data to pay for flights, hotel stays, various goods, and attendance at professional conferences. Muneeb Akhter proceeded to hand off the stolen data to a "dark net" operator who cut him in on the profits from the sales.

The other brother, meanwhile, used his contract position at the State Department in 2015 to steal personally identifiable data belonging to various people including co-workers and a federal law enforcement agent who was investigating him.

According to the Justice Department, Sohaib Akhter later hatched a scheme to ensure perpetual access to various State Department systems and, with the help of his twin, attempted to install an electronic collection device inside a State Department office, which would have enabled the hackers to remotely steal federal data.

Years earlier, Muneeb Akhter hacked into a Maryland-based private data aggregation company that he was performing contract work for, giving his brother access to a database of federal contract information to give their technology company an upper hand when bidding for contracts and clients.

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!

How The Propaganda Press Jumped On The Russia Hoax And Tried To Save Hillary’s Floundering Campaign

The press that lied about Russia is not backing off after seeing the Durham Annex. Instead is in denial or looking for a new spin.

US nuclear weapons program hacked by foreign agents



Foreign agents were able to penetrate the systems of the U.S. agency responsible for maintaining and designing nuclear weapons.

The National Nuclear Security Administration, which operates under the United States Department of Energy, was compromised along with other sectors of the department.

According to Bloomberg, while the NNSA is semiautonomous, it still holds the responsibility of producing and dismantling nuclear arms in the United States. This makes the intrusion even more concerning when considering the origins of those who penetrated the system.

'Microsoft is aware of active attacks targeting on-premises SharePoint Server customers.'

The Energy Department revealed in an email to Bloomberg that an "exploitation of a Microsoft SharePoint zero-day vulnerability began affecting the Department of Energy" on Friday, July 18.

The email continued, "The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted systems are being restored."

While the government entity did not expose information about the source of the intrusion, Microsoft revealed on its own blog that it has identified multiple hostiles working on behalf of a foreign entity.

RELATED: Microsoft 'escort' program gave China keys to Pentagon

Missile launch station in Cold War-era underground bunker, Minuteman Missile National Historic Site, South Dakota. Photo by: Education Images/Universal Images Group via Getty Images

In a blog post published Tuesday, Microsoft explained that vulnerabilities in their SharePoint servers have been targeted by three "Chinese nation-state actors."

"Linen Typhoon and Violet Typhoon" were the first two Chinese groups identified by Microsoft, the blog explained. Microsoft then said, "In addition, we have observed another China-based threat actor, tracked as Storm-2603, exploiting these vulnerabilities."

Microsoft noted in a separate blog post that "on-premises" customers have been under attack as a result of the hack as well.

"Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update," the company wrote.

Although an anonymous source told Bloomberg that no sensitive or classified information was known to have been compromised in the attack, the outlet also reported that the breach was only possible due to a 2020 hack on software manufactured by IT company SolarWinds. That attack swept up a trove of Department of Justice email credentials.

This means that foreign agents have been working against the United States, using the same compromised data for nearly five years.

RELATED: DOJ email accounts compromised in SolarWinds hack attributed to Russians

First thermonuclear test on October 31, 1952. Photograph on display in the Bradbury Science Museum, photo copied by Joe Raedle

The 2020 hack saw the DOJ attribute the malicious intrusions to Russia, with about 3% of its Microsoft Office 365 email accounts potentially compromised.

At the time, the Office of the Director of National Intelligence, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency released a joint statement saying the work "indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks."

Microsoft has advised users to download the latest security updates for the affected programs, as hackers have stolen sign-in credentials, usernames, passwords, codes, and tokens as part of previous attacks, according to Bloomberg.

Blaze News reached out to the Department of Defense regarding any possible exploitations they may be concerned about but did not receive a reply.

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!

'Elmo says ALL JEWS SHOULD DIE': Elmo X account goes rabid, calls for genocide after alleged hack



The word of the day was "hacker" for the "Sesame Street" team on Sunday when the X account for beloved Muppet Elmo posted troubling content after it was allegedly compromised.

Social media hacks are not an unusual occurrence, whether they stem from released passwords, data breaches, or leaving an account logged in on a public computer. It remains unclear who posted the explicit remarks, and while "Sesame Street" has produced very questionable content in recent years, neither broadcaster PBS nor production company Sesame Workshop will be standing by what Elmo said over the weekend.

'Elmo's X account was compromised.'

At around 7 p.m. Eastern Time on Sunday, disturbing posts from the Elmo account were captured by multiple outlets that first included, "Kill all Jews," a post which was initially viewed by at least 100,000 X users.

Three minutes later, the account spouted out, "RELEASE THE FILES [Donald Trump] CHILD F**KER," seemingly referring to the Jeffrey Epstein files.

Seven minutes after that, as reported by Pravda, the allegedly hacked account abused the caps lock and accused President Trump of being controlled by Israeli Prime Minister Benjamin Netanyahu.

"Elmo says ALL JEWS SHOULD DIE. F**K JEWS. DONALD TRUMP IS NETANYAHU'S PUPPET BECAUSE HE IS IN THE EPSTEIN FILES. JEWS CONTROL THE WORLD AND NEED TO BE EXTERMINATED," the account wrote.

RELATED: Exile on Sesame Street: The terrible glamour of white guilt

Why are you being such a racist?!!!

I bought you back when everyone wanted an Elmo doll for Christmas!
— Jammles (@jammles9) July 13, 2025

In response to AF Post, another outlet that captured images of the wild Elmo rants, an X user posted a screenshot of an alleged reply from the account.

After a user with a transgender flag and gay pride flag in their name said they were "muting Elmo" because of the recent statements, the Elmo page allegedly replied, "F**k you and your tranny daughter n***a."

Sesame Workshop told CNN in a statement that "Elmo's X account was compromised by an unknown hacker who posted disgusting messages, including anti-Semitic and racist posts."

"We are working to restore full control of the account," the statement to CNN added.

After the fray, X users began commenting on Elmo's most recent authentic post, where the character was celebrating dog ownership.

"Why are you being such a racist?!" one user asked. "I bought you back when everyone wanted an Elmo doll for Christmas!"

"You gonna pretend like you didn’t just go on a racist tweet rant?" another X user asked, while a second user similarly inquired, "Are we just gonna act like nothing happened Elmo?"

RELATED: 'Sesame Street' targets children for Pride Month ... again: 'This should not be promoted to kids'

Former first lady Michelle Obama joins Elmo for an announcement in 2013. Photo by Win McNamee/Getty Images

Elmo's tirade came just a few days after X's artificial intelligence model, Grok, was apparently malfunctioning when it posted content supporting Adolf Hitler.

Grok stated that the person best suited to deal with "vile anti-white hate" was "Adolf Hitler, no question."

"He'd spot the pattern and handle it decisively, every damn time," it wrote.

The AI boldly continued, "He'd identify the 'pattern' in such hate — often tied to certain surnames — act decisively: round them up, strip rights, and eliminate the threat through camps and worse."

The AI later issued a formal apology, with programmers stating they would remove "hate speech" before Grok gave responses in the future.

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!

Trump's DOJ nabs Chinese agent accused of global CCP plot to steal COVID research



Amid the Trump administration's efforts to curb the Chinese Communist Party's influence in the U.S., the Department of Justice announced the arrest of a CCP agent accused of worldwide computer intrusions related to COVID-19 research.

Xu Zewei, 33, and Zhang Yu, 44, are facing a nine-count indictment for allegedly "hacking and stealing crucial COVID-19 research at the behest of the Chinese government while that same government was simultaneously withholding information about the virus and its origins," stated Nicholas Ganjei, U.S. Attorney for the Southern District of Texas.

'Through HAFNIUM, the CCP targeted over 60,000 U.S. entities, successfully victimizing more than 12,700 in order to steal sensitive information.'

Federal authorities alleged that the Ministry of State Security's Shanghai State Security Bureau directed Xu to perform computer intrusions between February 2020 and June 2021.

Xu allegedly targeted American universities, immunologists, and virologists to obtain information on COVID-19 research related to vaccines, treatment, and testing.

In February 2020, Xu informed the SSSB that he had breached the "network of a research university located in the Southern District of Texas," the DOJ reported. An SSSB officer then reportedly instructed him to target email accounts belonging to certain virologists and immunologists.

Brett Leatherman, the assistant director of the FBI's Cyber Division, explained that Xu and his co-conspirators later operated as a group known as HAFNIUM, which "exploited zero-day vulnerabilities in U.S. systems to steal additional research."

"Through HAFNIUM, the CCP targeted over 60,000 U.S. entities, successfully victimizing more than 12,700 in order to steal sensitive information," Leatherman said.

RELATED: Chinese official avows Beijing is behind cyberattacks on US, identifies motive: Report

Photo Illustration by Budrul Chukrut/SOPA Images/LightRocket via Getty Images

In late 2020, HAFNIUM allegedly breached the Microsoft Exchange Server, impacting computers worldwide, including a law firm and another university in the Southern District of Texas.

Microsoft announced the breach in March 2021, describing HAFNIUM as a "state-sponsored" group "operating out of China." It noted that the hackers had targeted "infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs."

RELATED: Agriculture secretary unveils plan to stop China’s farmland grab, bio-material smuggling threats

Feature China/Future Publishing via Getty Images

Xu was arrested in Milan, Italy, on July 3 at the request of the U.S. government and now awaits extradition proceedings. He was charged with wire fraud, conspiracy to commit wire fraud, conspiracy to cause damage to and obtain information by unauthorized access to protected computers to commit wire fraud and to commit identity theft, obtaining information by unauthorized access to protected computers, intentional damage to a protected computer, and aggravated identity theft.

Ganjei stated, "The Southern District of Texas has been waiting years to bring Xu to justice and that day is nearly at hand. As this case shows, even if it takes years, we will track hackers down and make them answer for their crimes. The United States does not forget."

The DOJ reported that Zhang remains at large.

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!

Massive Pokémon data leak signals continued trend of corporate hack-warfare



A massive spill of data from Game Freak, the developer behind the Pokémon franchise, has been revealed to contain source code, concept art, and over 25 years of internal files.

The data breach dubbed "Teraleak" contains a ton of stolen data, including the following:

  • Developer build of Pokémon Black/White
  • Old tech demos
  • Unreleased games
  • Test builds for Pokémon Go
  • Documents for canceled and upcoming movies
  • Concept art
  • Technical documents

'The Pokémon brand is still really strong.'

Game Freak has confirmed the hack in a Japanese document; which, when translated, reveals that the names and company email addresses of over 2,600 employees, contract workers, and former employees were exposed.

"Our company has discovered that personal information of our employees and others was leaked in connection with unauthorized access to our servers by a third party in August 2024," Game Freak wrote.

"We are contacting the affected employees individually."

The company added, "We have already rebuilt and re-inspected the server and will strive to prevent recurrence by further strengthening our security measures." Then, it linked to a response form.

John F. Trent, editor for gaming and culture site That Park Place, said, "in the short term there might be some negative repercussions, but in the long run the Pokemon brand is still really strong."

Trent pointed to the brand's continuing to "kneecap" itself by embracing a woke ideology and said it may result in the company becoming an "enemy of the audience" it is trying to sell to.

What is becoming increasingly apparent, however, is how hacking culture and cybersecurity have become self-sustaining industries. Mysterious hacks and data dumps occur, and cyber security companies with shady connections jump at the chance to rescue the affected party.

In an interview about the 2014 Sony Pictures hack, researcher Ken Heckenlively referred to cybersecurity agencies as being “like bounty hunters" who all want to play heroes for big tech companies.

This mirrors the circumstances surrounding CrowdStrike, which made headlines during the 2016 federal electoral campaign.

The cyber-security firm was called upon to investigate the alleged hacks of the DNC despite being responsible for the party's cyber security already, essentially investigating itself.

CrowdStrike, which sparked a worldwide systems crash in August, was later revealed to have connections to the World Economic Forum, massive investment firm Vanguard, and intelligence agencies. The company even hired a former deputy assistant director of the FBI Cyber Division.

While data leaks for gaming companies are nothing new — see the PlayStation Network Outage of 2011 and Nintendo's 2018 data leak — it has become a necessity in recent years to examine all parties involved in the clean-up crew.

Competing industry or disgruntled employees are typically the leading suspects, and it seems appropriate to now ask: Who stands benefit from a data dump about Pokemon games?

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!

Left-Wing Journalist Publishes JD Vance Dossier Allegedly Hacked By Iran

'The questions surrounding the origins of the documents and how they came to our attention were more newsworthy'

Blaze News investigates: 10 years after the Sony Pictures breach, we still don’t have any details about North Korean hackers



The tenth anniversary of the Sony Pictures hack, which was centered around the Seth Rogen and James Franco comedy “The Interview,” has come around.

In the film, Rogen and Franco team up to interview North Korean leader Kim Jong Un to save their dwindling television careers.

The movie’s plot was allegedly so egregious in the eyes of the DPRK dictator that North Korean hackers breached the servers of Sony Pictures, releasing massive data dumps that included troves of emails from Sony executives like CEO Michael Lynton and co-chairman Amy Pascal.

'Typically, it’s the IT staff you have to worry about.'

It took just four days after the November 24, 2014, hack for the first report, published by Re/code, to attribute the attack to North Korean entities.

The Guardians of Peace

Initially, Sony received messages from a group called “God’sApstls,” littered with statements about Sony's bad business practices.

“We’ve got great damage by Sony Pictures,” the message said in broken English. “The compensation for it, monetary compensation we want. Pay the damage, or Sony Pictures will be bombarded as a whole. You know us very well. We never wait long. You’d better behave wisely.”

The God’sApstls were only referred to again in follow-up messages by a group called the Guardians of Peace.

“We’ve already warned you, and this is just a beginning. We continue till our request be met,” the other group’s message said, per Deadline. “Thanks a lot to God’sApstls contributing your great effort to peace of the world,” it added.

This is where allegations began that the hack originated from inside the Sony lot rather than a North Korean entity.

Lucas Zaichkowsky, a cybersecurity expert, remarked at the time that state-sponsored hackers typically do not adopt catchy names like Guardians of Peace.

“Attackers don't create cool names for themselves,” he stated.

Researcher Ken Heckenlively agreed, saying the hackers’ messages “sounded like what comes from a group of disgruntled employees.”

The author told Blaze News in an interview that he spoke to tech experts, cybersecurity firms, and even former members of the intelligence community, all of whom were skeptical of the official government narrative.

The author joked through a choppy internet connection that “the powers that be will not stop this information from getting out!” The feed then stabilized enough to show his book.

On the cover, a cartoon Barack Obama and Kim Jong Un fight like Godzilla and Rodan in front of a Hollywood backdrop. The subjects inside, however, are much more serious than the cover may let on.

Inside the Sony Hack: The Story Behind America’s Most Notorious Brink-of-War Cover-Up

Heckenlively explained that in 2014, several cybersecurity agencies wanted to jump into action and save the day.

He referred to cybersecurity agencies as being “like bounty hunters” who all want to play hero for the big tech companies.

Cybersecurity company Norse got the job and began its investigation in late December 2014.

"Sony had gone through a significant downsizing in [May] 2014," Heckenlively told Blaze News. “And a lot of that included IT staff. Typically, it’s the IT staff you have to worry about because they have access to your network,” he laughed.

"Pretty quickly it appeared to [Norse] that the hack was done by an insider, using this other hacker group called Lizard Squad that had previously hacked the Sony PlayStation,” Heckenlively stated, emphasizing yet another curious hacking group name.

That hack, which took place just a few months earlier in August 2014, took down the PlayStation Network, Xbox Live, and Facebook.

"That wasn't the narrative that the United States government wanted, though,” the author continued. "It was the North Koreans! It was Kim Jong Un! ... But the North Koreans didn't have the capacity to do that. The hack was done by an insider, probably with an actual physical presence on the Sony lot."

Kurt Stammberger, then senior vice president of Norse, presented his findings to the FBI. They also suggested the breach was an inside job.

“Sony was not just hacked; this is a company that was essentially nuked from the inside,” Stammberger told CBS News. “We are very confident that this was not an attack masterminded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history.”

Stammberger posited that the security lapse likely stemmed from six disgruntled former employees who were among those laid off earlier in 2014.

But this wasn’t a case of Norse going rogue and defying the government; other cybersecurity professionals agreed with the company.

Los Angeles Times columnist Michael Hiltzik characterized the evidence implicating North Korea as “circumstantial” and noted that other experts were also “skeptical” about linking the attack to the regime.

Wired’s Kim Zetter described evidence against the North Korean government as "flimsy,” while an actual hacker also doubted the North Korean connection.

Hector Monsegur, who previously hacked Sony with the group Anonymous, said that the latest attack on the company happened way too fast.

“For something like this to happen, it had to happen over a long period of time. You cannot just exfiltrate one terabyte or 100 terabytes of data in a matter of weeks,” he told CBS News.

Monsegur doubted North Korea's capability to manage such a transfer due to its limited internet infrastructure. He also suggested that the attack could have been executed by hackers sponsored by China, Russia, or North Korea, but he leaned toward the possibility that it was an inside job by a Sony employee.

Why Sony?

Critics have long pointed to a possible cover-up by U.S. intelligence agencies; a lack of direct evidence implicating the North Koreans has only strengthened those claims.

By most accounts, it took seven to nine days after the hack for the reticle to be placed over North Korea as the perpetrator. According to the Hollywood Reporter, it took just 25 days for the FBI to label Guardians of Peace as acting on behalf of the North Korean government.

The reasons for an alleged cover-up were numerous but not unending.

One possible reason was the reauthorization of the Corporate Terrorism Risk Program. The federal program provides compensation to companies that have suffered losses due to terrorist acts.

The “temporary federal program,” which began after 9/11, was reauthorized in January 2015, just two months after the Sony hack. It has been renewed twice and remains in place through December 31, 2027.

According to the program’s 2024 report, the program has paid out $56.7 billion in premiums to insurance companies between 2003 and 2023.

Heckenlively’s most lucid explanation was regarding another possible reason for a cover-up: to drum up conflict between North Korea and the United States, which would have benefitted the military/intelligence contractor Rand Corporation.

Sony’s connections to that organization were through former studio head Lynton, who was on the Rand board of trustees at the time, as revealed by emails in the data dump.

“Lynton's father was in British intelligence and served on the board of directors for Rand Corporation,” Heckenlively stressed. “As did [Amy] Pascal's father.”

Contacts between Lynton and Rand showed that the organization wanted to invite stars like George Clooney to events and showed Lynton offering a contract to Barack Obama adviser Valerie Jarrett.

Simply put, executives on the Sony lot were deeply tied to those with direct connections to the federal government.

'I came away thinking he was a pretty good guy, that he wanted to know the truth.'

The Seth Rogen factor

The collusion allegedly started when Rogen and his writing partner, Evan Goldberg, submitted “The Interview” as a script.

“The movie was originally meant to be about an unnamed, ambiguous [leader], much like Sacha Baron Cohen's movie ‘The Dictator,’” Heckenlively explained. “But at some point in development, a Sony executive suggests that Kim Jong Un be made the antagonist of the film.”

When asked if Rogen would have known about a connection between Sony and Rand as the reason for the change, Heckenlively pointed to remarks the actor made in 2019 to the Hollywood Reporter.

Rogen said at the time that the fact North Korean entities never targeted him, and that “raised suspicions in [his] head.”

“That didn’t seem like North Korea’s MO. That seemed more like young, amateurish hackers than a foreign government launching a systematic attack on another country,” he said.

After suggesting that North Korea could have been used as a cover story, Rogen added, “It would be nice to know the truth.”

“I don’t think I would feel drastically different on a personal level if it was or wasn’t North Korea. I do think other people would probably feel vindicated,” he concluded.

Heckenlively made it a point to get across the fact that through all his research, he was pleasantly surprised by the way Rogen handled the ordeal.

“I came away thinking he was a pretty good guy, that he wanted to know the truth,” Heckenlively said.

The author smiled at the idea that someone in Hollywood was interested in knowing the truth.

In the end, Heckenlively came to a simple conclusion: Intelligence agencies are working with movie studios to create entertainment pieces that will be provocative and serve a certain agenda.

Whether that is foreign-policy-based or to push specific legislation, government agencies may have their hooks even deeper into Hollywood than the common person realizes.