Sony Hack Attack ‘Unparalleled,’ Security Firm Head Says

Cyber-security firm is “aggressively responding” to attack

The head of the cyber-security firm that Sony has tapped to deal with the recent wave of hacking attacks that have rocked the company has called the attacks “unparalleled” and a “well planned crime,” Sony Entertainment CEO Michael Lynton told employees Saturday.

In an email to employees, Lynton shared a message from Kevin Mandia, the head of Mandiant, the cyber-security team that Sony has enlisted to respond to the hackings. In the message, Mandia said that the attack “differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public.”

He added that Mandiant is “aggressively responding to this incident.”

The message came a day after Sony employees received a message purportedly coming from hacker group Guardians of Peace, which threatened not only Sony employees but their families as well.

“Many things beyond imagination will happen at many places of the world. Our agents find themselves act in necessary places.  Please sign your name to object the false of the company at the email address below if you don’t want to suffer damage. If you don’t, not only you but your family will be in danger,” Friday’s email from the purported hackers read, in part.

Sony has been under siege in recent days, with details ranging from executive salaries to budget information being revealed as a result of the hack attack.

In his message to employees, Lynton also thanked them for their “resilience and resourcefulness” under the “incredibly stressful circumstances.”

Read Lynton’s message, with Mandia’s note, below.

Over the last week, some of you have asked about the strength of our information security systems and how this attack could have happened. There is much we cannot say about our security protocols for obvious reasons, but we wanted to share with you a note we received today from Kevin Mandia, the founder of the expert cybersecurity firm that is investigating the cyber-attack on us. The investigation is ongoing, but Mr. Mandia’s note is helpful in understanding the nature of what we are dealing with. Full text below.

We also want to thank you once again for your resilience and resourcefulness in carrying out our critical day-to-day activities under incredibly stressful circumstances. As a result of your efforts, we have made great progress moving our business forward, and we will continue to do so.

– — –
Dear Michael,

As our team continues to aid Sony Pictures’ response to the recent cyber-attack against your employees and operations, I wanted to take a moment to provide you with some initial thoughts on the situation.

This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat.

In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.

We are aggressively responding to this incident and we will continue to coordinate closely with your staff as new facts emerge from our investigation.

Sincerely,
Kevin Mandia