Sony Hack: FBI Says Attack So Sophisticated, Would Have Gotten Past ’90 Percent’ of Firms

“The level of sophistication was extremely high …we can tell based on our investigative efforts to date,” an FBI official tells lawmakers

A top FBI official told a congressional committee Wednesday that the Guardians of Peace hackers who invaded Sony Pictures’ systems had an “extremely high” level of sophistication and used hacking tools that would have gone undetected at most businesses.

“The malware that was used would have slipped and gotten past 90 percent of the net defenses that are out there today in private industry and been a challenge to state governments,” said Joseph M. Demarest Jr., assistant director of the FBI’s cyber division.

Testifying at the Senate Banking Committee hearing called to discuss cybersecurity in the financial sector, Demarest was asked about the possibility that nation states like North Korea could have attacked Sony and be pursuing other American companies.

Demarest said the FBI is still trying to determine where the Sony hack originated, but it had no difficulty determining the attack’s seriousness.

“The level of sophistication was extremely high …we can tell based on our investigative efforts to date … organized and certainly persistent,” said Demarest.

He also revealed that after talking to Sony and its vendor, the advanced technology incorporated into the malware was readily apparent to the FBI.

Demarest added that the FBI, Sony and the company it has hired to probe the attack, Mandiant, have worked closely together and that federal officials had teams at Sony within hours of the attack’s discovery.

Sony hasn’t recovered since the November 24 attack essentially shut down its Culver City headquarters. Collateral damage includes the leaking of confidential employee information including social security numbers, contentious executive emails and the pirating of upcoming releases.

Investigations from private third party entities and the FBI are ongoing.

Matt Donnelly contributed to this report

Comments