The private forensics specialists Sony Pictures Entertainment (SPE) has hired to investigate the major cyber-attack that last week shut down all its servers said the attack was “unprecedented”, “damaging” and “unique” in its nature. The experts also added that it was “well-planed” and carried out by an organized group.
These statements were made by Kevin Mandia, director of operations at the cyber-security organization FireEye (FEYE), in a recent e-mail he has sent to Michael Lynton, CEO of SPE. On Saturday, the e-mail was forwarded by Mr Lynton to all his employees and so it got to the press.
This e-mail contains the first clues about what happened last week on Sony’s servers but they do not answer the most critical questions about the most damaging cyber-attack ever made against a company headquartered in US – how big was it and who was behind it?
Experts say the attack infested almost all Sony’s network with malicious software that intended to wipe the PCs’ harddrives and make them unable to further operate. The attack was costly too because the drives need to be manually repaired or replaced.
FBI has also started a parallel investigation to find out who was behind the attack and how was it possible. Federal investigators believe that North Korea is the main suspect for a couple of reasons. First one of the movies hacked last week from SPE servers was a comedy about two fake CIA agents who try to assassinate Kim Jong-Un, the North Korean leader. Pyongyang government said that the movie a form of sponsoring terrorism and “an act of war”. North Korea also threatened Sony that there will be retaliation if the movie was ever released. SPE planned to release it on December 25.
Also, the federal agency has a second reason to believe North Korea might have done it – the software used in the attack was very similar to malware software used in a two previous cyber-attacks against South Korea and Middle East. Investigators strongly believe that North Korea was behind those attacks. However, in a recent interview a North Korean official denied any involvement.
FEYE’s COO has also said that this attack differed in its scope from any previous attacks his company had investigated –it was meant to both destroy property and leak secret information to the general public.
Mandia also said that the Sony cyber-attack was so unparalleled that neither Sony nor other entities could have been fully prepared for it. It seems that the malware used was so unique that managed to be untraceable by any antivirus software, Mandia added.
“The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat,”
Mania wrote in the e-mail.