An FBI official underscored the unprecedented nature of the hacking attack on Sony Pictures Entertainment, suggesting to a Senate committee that most of private industry and even the government is unprepared to defend against that type of security breach.
“The malware that was used would have slipped, probably would have gotten past 90% of the net defenses that are out there today in private industry, and I would challenge to even say government,” Joseph Demarest, assistant director of the FBI’s cyberdivision, told members of the Senate Banking, Housing and Urban Affairs Committee, on Wednesday.
Demarest said that the “level of sophistication” in the hacking attack was “extremely high, and we can tell based on our investigative efforts to date, organized and certainly persistent.”
Federal authorities are investigating a North Korean connection to the attack. North Korean government officials have protested Sony’s planned release of the comedy “The Interview,” although they have since denied involvement.
Demarest did not elaborate on a possible North Korean connection, other than to refer in general to “nation states that have this capability.”
Demarest was responding to a query from Sen. Chuck Schumer (D-N.Y.), who said that it was “sort of surprising” if a “country like North Korea would have the ability to turn a large company like Sony into a knot.”
Demarest did praise Sony for its level of cooperation, something that companies have been reluctant to do in the past.
“The event occurred, and within hours you find teams from the FBI and other agencies on the ground with Sony and their cybersecurity provider Mandiant,” he said.
The committee was holding a previously scheduled hearing on cybersecurity in the financial sector.