Microsoft Subnet An independent Microsoft community View more

Sony hack dubbed 'unparalleled' crime, 'unprecedented' due to undetectable malware

Mandiant called the attack on Sony Pictures 'unprecedented in nature' due to undetectable malware and overall an 'unparalleled and well-planned crime.'

Sony Pictures hacked
Credit: Reddit

Some Sony employees have received threatening emails stemming from the company's recent attack at the hands of the hacking group GOP, which seems intent on completely annihilating Sony Pictures. The more we learn about the Sony hack, as people sift through the leaked Sony data, the more the attack boggles the mind. And that’s not just the minds of average people, as an expert in cyber-intrusions has called the attack an “unparalleled and well-planned crime.”

Variety published an email exchange between Sony Entertainment CEO Michael Lynton and Kevin Mandia, COO of FireEye and formerly CEO of Mandiant. Even Mandia, who has been called in to clean up after numerous serious cyber-attacks, regards the attack as “unprecedented.” Mandia wrote:

This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat.

In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well-planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.

The FBI’s confidential five-page flash alert warned businesses about the malware used in the Sony attack, including that the “malware overrides all data on hard drives of computers, including the master boot record, which prevents them from booting up.” The report, according to Reuters, added, "The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods."

It’s not looking good for Sony or its employees. Besides previously unreleased films appearing on torrent sites, other sensitive leaked info includes unreleased scripts, the personal information of 3,800 employees, performance reports, salaries, executives’ bonuses, and all manner of private details found in emails, such as medical treatments and a romantic entanglement resulting in disciplinary action. The social security numbers of “47,000 celebrities, freelancers, and current and former Sony employees” are also circulating on the internet. More will surely hit the news as people pour through the 100 terrabytes of data the Guardians of Peace group says it nabbed from Sony.

On Friday, Variety reported that some Sony employees received a threatening email warning employees to sign their names or else “not only you but your family will be in danger.” The goal of the GOP, according to message, is to remove Sony Pictures from the Earth.

In response, the FBI released the following statement:

The FBI is aware of threatening emails that have been received by some employees at Sony Pictures Entertainment. We continue to investigate this matter in order to identify the person or group responsible for the recent attack on the Sony Pictures network. Recent events underscore the persistence and maliciousness of harmful cyber criminals, and the FBI will continue to identify and apprehend those who pose a threat in cyberspace. 

North Korea has denied it hacked Sony in retaliation for the movie The Interview, yet called the attack a “righteous deed.” Meanwhile, AlienVault Labs noted, “The hackers who compiled the malware used the Korean language on their systems.” Some question if that might mean North Korea was indeed behind the attack.

AlienVault also told Lucian Constantin, “From the samples we obtained, we can say the attackers knew the internal network from Sony since the malware samples contain hardcoded names of servers inside Sony’s network and even credentials—usernames and passwords—that the malware uses to connect to systems inside the network.” Initial reports of the Sony hack included claims that GOP hackers had insider help; it's unknown if that is how the attackers knew Sony's internal network.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.