Sony attack was 'unparalleled' and 'well-organised'

By on
Sony attack was 'unparalleled' and 'well-organised'

Security firm makes first comments on investigation.

Forensics experts hired by Sony to investigate the massive attack on its systems at its Hollywood studio said the breach was unprecedented, well-planned and carried out by an "organised group".

Kevin Mandia, the top executive at FireEye's Mandiant forensics unit, made the comments in an email to Michael Lynton, chief executive of Sony Pictures Entertainment (SPE).

They are among the first comments about the investigation to be made public, yet they do not address the extent of the damage to the studio's network or who was behind the campaign, in the most destructive cyber attack reported to date against a company on US soil.

The destructive attack knocked much of Sony's network offline with malware that wipes drives PC drives. It is expensive to repair them because each drive needs to be manually replaced or re-imaged.

An analysis of the documents leaked so far has revealed 47,000 social security numbers of current and former Sony Pictures workers, according to the Wall Street Journalwhich includes the likes of Sylvestor Stallone and Judd Apatow.

People close to the investigation have said North Korea is a principal suspect, yet a North Korean diplomat denied his nation is involved.

Mandia, whose firm has probed some of the biggest systems attacks to date, said in his email that "the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public".

"The bottom line is that this was an unparalleled and well planned crime, carried out by an organised group, for which neither SPE nor other companies could have been fully prepared," he said.

FBI spokesman Joshua Campbell said the agency concurred with Mandiant's analysis, but declined to discuss progress in the agency's investigation.

Daniel Clemens, chief executive of boutique cybersecurity firm PacketNinjas, said while the attack was unprecedented in impact, "There are many things Sony could have done to prepare and defend against this attack."

He said if the government launches probes into the breach, they are likely to find that Sony did not have all necessary safeguards in place to fend off and uncover hackers.

An email purporting to be from the “Guardians of Peace” hackers, obtained by movie industry publication Variety, appears to threaten Sony employees whose data was stolen and their families with unspecified danger.

"Many things beyond imagination will happen at many places of the world. Our agents find themselves act in necessary places. Please sign your name to object the false of the company at the email address below if you don’t want to suffer damage. If you don’t, not only you but your family will be in danger,” the message said.

The FBI said in a statement that the agency was aware of the threatening emails sent to some Sony Pictures Entertainment employees, and was continuing its investigation into the hack

Got a news tip for our journalists? Share it with us anonymously here.

Most Read Articles

Log In

  |  Forgot your password?