By Chris Tribbey
An internal memo at Sony Pictures Entertainment relays the severity of the recent hacker attack against the studio, with the head of the security firm investigating the breach calling the attack “unprecedented.”
“The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat,” Kevin Mandia, head of security firm Mandiant, wrote in the memo attained by Recode.
“In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”In the memo, Sony says that while it can’t share much about its internal security protocols, it does note that “the investigation is ongoing [and] Mandia’s note is helpful in understanding the nature of what we are dealing with.”
The studio hired cyber security company FireEye Inc’s Mandiant forensics unit last week to investigate how the hack occurred, with the breach taking down most of the studio’s network for a full week.
During the shutdown, employee salaries and social security numbers, sensitive data about actors and film crews, and high-quality versions of several unreleased Sony films have been released online.
There was speculation that North Korea was behind the attack — possibly as a response to the upcoming comedy film “The Interview” about an assassination plot against the nation’s leader — however the isolated nation denied they were responsible Sunday.
“The hacking into Sony Pictures Entertainment might be a righteous deed of the supporters and sympathizers with [North Korea] in response to its appeal,” a Reuters report quoted North Korea as saying. “There are a great number of supporters and sympathizers with [North Korea] all over the world.”
Meanwhile, Sony saw another one of its divisions — Sony Computer Entertainment — attacked early Monday, with the online PlayStation Network brought down for a couple of hours in a possible cyber attack.
A hacker group called Lizard Squad — which has gone after Sony Computer Entertainment in the past — took responsibility for the attack, and took to Twitter to threaten more moves against Sony.
“Unlike Santa, we don’t like giving all of our Christmas presents out on one day. This entire month will be entertaining,” the group tweeted.