LOS ANGELES – Everyone has a theory about who really hacked Sony Pictures Entertainment Inc.

Despite President Barack Obama’s conclusion that North Korea was the culprit, the Internet’s newest game of whodunit continues. Top theories include disgruntled Sony insiders, hired hackers, other foreign governments or Internet hooligans. Even some experts are undecided, with questions about why the communist state would steal and leak gigabytes of data, email threats to some Sony employees and their families and then threaten moviegoers who planned to watch “The Interview” on Christmas.

“Somebody’s done it. And right now this knowledge is known to God and whoever did it,” said Martin Libicki, a cyber security expert at RAND in Arlington, Virginia, who thinks it probably was North Korea. “So we gather up a lot of evidence, and the evidence that the FBI has shown so far doesn’t allow one to distinguish between somebody who is North Korean and somebody who wants to look like North Korea.”

Perhaps the only point of agreement among those guessing is that even the most dramatic cybercrimes can be really, really hard to solve convincingly. When corporations are breached, investigators seldom focus on attributing the crime, because their priority is assessing damage and preventing it from happening again.

“Attribution is a very hard game to play,” said Mike Fey, president of security company Blue Coat Systems Inc. and former chief technology officer at McAfee Inc. “Like any criminal activity, how they get away with it is a very early step in the planning process, and framing another organization or individual is a great way to get away with something.

Fey added: “If they’re smart enough and capable enough to commit a high-profile attack, they’re very often smart enough and capable enough to masquerade as someone else. It can be very difficult to find that true smoking gun.”

Unlike crimes in the physical world, forensic investigators in the cyber world can’t dust for fingerprints or corroborate evidence by interviewing suspects. In prior closed-book cases, cyber criminals caught bragging online only were charged after evidence was found on their hard drives.

“The NSA (National Security Agency) has penetrated a lot of computers, but until Ed Snowden came around, nobody was certain, because the NSA has the world’s best operational security. They know how to cover their tracks and fingerprints very well,” Libicki said.

Because North Korea is so isolated and its Internet infrastructure is not directly connected to the outside world, it’s more difficult to trace attacks originating there.

North Korea has vehemently denied that it was responsible for the attack.

To complicate matters, roughly 10 percent of home computers are compromised by hackers, allowing their use to conduct attacks on others, said Clifford Neuman, a director of the University of Southern California Center for Computer Systems Security. These compromised machines become networks of computers controlled remotely by hackers and borrowed or rented in an underground economy.

Botnets “could be used by cyber terrorists or nation states to steal sensitive data, raise funds, limit attribution of cyber attacks or disrupt access to critical national infrastructure,” Gordon Snow, then-assistant director of the FBI’s cyber division, told a Senate panel in 2011.

The FBI worked with other U.S. agencies, including the National Security Agency, on the Sony investigation to trace the attacks. The FBI said clues included similarities to other tools developed by North Korea in specific lines of computer code, encryption algorithms and data deletion methods. It also discovered that computer Internet addresses known to be operated by North Korea were communicating directly with other computers used to deploy and control the hacking tools and collect the stolen Sony files.

The FBI said some of its evidence against North Korea was so sensitive it couldn’t be revealed. Neuman said that could include reviewing evidence of communications or even recorded conversations between suspected hackers before or during the breach and subsequent leaks of Sony’s confidential business information.

“Attribution to any high degree of certainty will always be impossible,” said Chris Finan, a former White House cyber security adviser. “At some point these are always judgment calls. You can do things like corroborate using intelligence sources and methods. But ultimately you’re still looking at a pool of evidence and you’re drawing a conclusion.”

Even knowing North Korea was involved doesn’t mean others weren’t, too.

“It’s very difficult to understand the chain of command in something like this,” Fey said. “Is this a hacking-for-hire scenario? Is it truly delivered by an organization? Or, is it possible there’s some alternate nefarious plot under way none of us understand yet.”

He later added: “One last idea. What if all this is just a movie-goer (who) can’t stand the idea of another Seth Rogen movie?”

Movie available online

LOS ANGELES – “The Interview” is available for rental on a variety of digital platforms, including Google Play, YouTube Movies, Microsoft’s Xbox Video and a separate Sony website, Sony Pictures announced.

The movie, released at 1 p.m. Wednesday, costs $5.99 to stream and $14.99 to purchase. It also will open in more than 300 theaters Thursday.

The studio announced the on-demand release just one day after reversing a previous decision not to show the film at all after hackers released thousands of internal Sony documents and threatened moviegoers with violence. The decision not to release the film widely was criticized, with President Barack Obama one of Sony’s harshest critics.

“It has always been Sony’s intention to have a national platform on which to release this film,” Sony Pictures chair and CEO Michael Lynton said Wednesday.

White House spokesman Eric Schultz said Obama welcomed the news.

The unusual release is unprecedented: Studios have released smaller indie and foreign movies simultaneously in theaters and on digital platforms, but never a mainstream film like “The Interview.”

However, analysts said the situation with “The Interview” left Sony little choice.

“This isn’t being done because Sony wants to do it regularly, but rather out of necessity prompted by the exhibitor boycott,” said Wedbush Securities analyst Michael Pachter. “The only guys showing it are independent chains.”

“Sony is in a delicate situation here since they normally never go this route with a major film, but theater chains also know this is a unique back-against-the-wall situation,” added Gitesh Pandya, editor of BoxOfficeGuru.com.

It’s challenging to put a figure on how much Sony might benefit financially from releasing the movie on demand, Pandya said.

But he said all the attention “The Interview” has had over the past month has likely boosted the curiosity level for movie goers and will lead to “strong averages from the limited theatrical release plus solid VOD sales over the holidays.” He expects the interest to fade away in early January.

Google showed its support with a post on its official blog, saying the company “could not sit on the sidelines.”

“Of course it was tempting to hope that something else would happen to ensure this movie saw the light of day. But after discussing all the issues, Sony and Google agreed that we could not sit on the sidelines and allow a handful of people to determine the limits of free speech in another country (however silly the content might be). “

Lynton said the release represented the company’s commitment to free speech.

“While we couldn’t have predicted the road this movie traveled to get to this moment, I’m proud our fight was not for nothing and that cyber criminals were not able to silence us,” he said.