Mandiant to Sony Pictures: Nothing could have prepared you for this

Forensics firm calls attack a well-planned, unparalleled crime

sony pictures studios
Credit: Sebi Ryffel

In a letter to Sony Pictures' top executive on Saturday, Kevin Mandia, the CEO of Mandiant, said that the company's recent security problems were a well-planned crime that is unparalleled to anything his company has seen in recent years. Nothing, his note said, could have prepared Sony for what has happened.

Mandiant's comments were part of an email obtained by Salted Hash over the weekend, sent to Sony employees by Michael Lynton, the top executive at Sony Pictures. He was addressing questions about the strength of the company's information security systems, and the source of the attack.

Lynton didn't say much about Sony's security protocols, "for obvious reasons," he said, but included Mandia's comments for a bit of perspective.

Dear Michael,

As our team continues to aid Sony Pictures' response to the recent cyber-attack against your employees and operations, I wanted to take a moment to provide you with some initial thoughts on the situation.

This attack is unprecedented in nature. The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat.

In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.

We are aggressively responding to this incident and we will continue to coordinate closely with your staff as new facts emerge from our investigation.

Sincerely,

Kevin Mandia

While the statements made in the letter are true, it's important to point out that Mandiant wasn't involved with the recovery and investigation efforts during the DarkSeoul or Shamoon attacks - the two instances where wiper malware was used to devastating effect.

Mandia's letter also makes mention of a recent FBI memo, confirming that it was in fact related to the malware discovered on the Sony Pictures network – something that was suspected the day the memo was circulated in the security community.

Yet, despite what the letter says, Sony Pictures could have done plenty to prepare and defend against an attack such as this.

Documents leaked by the group claiming responsibility for the attack, show a number of poor security practices, all of which helped progress this attack to the nightmare that it is.

On Friday, GOP – the group that is behind the attack on Sony Pictures – released an additional 100GB of data, bringing the total amount of data leaked to just shy of 130GB. The group claims to have spent more than a year compromising tens of terabytes of data.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.