LOS ANGELES/BOSTON (Reuters) - Forensics experts hired by Sony Corp to investigate the massive cyber attack at its Hollywood studio said the breach was unprecedented, well-planned and carried out by an “organized group,” according to an email obtained by Reuters on Saturday.
Kevin Mandia, the top executive at FireEye Inc’s Mandiant forensics unit, made the comments in an email to Michael Lynton, chief executive of Sony Pictures Entertainment (SPE).
They are among the first comments about the investigation to be made public, yet they do not discuss what people most want to know: The extent of the damage to the studio’s network or who was behind the campaign, the most destructive cyber attack reported to date against a company on U.S. soil.
The destructive attack knocked much of Sony’s network off line with malware that wipes drives of PCs, making them unable to operate. It is expensive to repair them because each drive needs to be manually replaced or re-imaged.
People close to the investigation have told Reuters that North Korea is a principal suspect, yet a North Korean diplomat has denied that his nation is involved.
Lynton forwarded a message from Mandia to employees.
Mandia, whose firm has probed some of the biggest cyber attacks to date, said in his email that “The scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public.”
He added that “The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”
FBI spokesman Joshua Campbell said the agency concurred with Mandiant’s analysis the attack went undetected by standard anti virus software, but declined to discuss progress in the agency’s investigation.
Daniel Clemens, chief executive of boutique cybersecurity firm PacketNinjas, said that while the attack was unprecedented in impact, “There are many things Sony could have done to prepare and defend against this attack.”
He added that if the government launches probes into the breach, they are likely to find that Sony did not have all necessary safeguards in place to fend off and uncover hackers.
Reporting by Lisa Richwine and Jim Finkle