FBI Official: Malware in Sony Attack Would Have Gotten Past 90% Of Cybersecurity Defenses

Sony logo

An FBI official underscored the unprecedented nature of the hacking attack on Sony Pictures Entertainment, suggesting to a Senate committee that most of private industry and even the government is unprepared to defend against that type of security breach.

“The malware that was used would have slipped, probably would have gotten past 90% of the net defenses that are out there today in private industry, and I would challenge to even say government,” Joseph Demarest, assistant director of the FBI’s cyberdivision, told members of the Senate Banking, Housing and Urban Affairs Committee, on Wednesday.

Demarest said that the “level of sophistication” in the hacking attack was “extremely high, and we can tell based on our investigative efforts to date, organized and certainly persistent.”

Federal authorities are investigating a North Korean connection to the attack. North Korean government officials have protested Sony’s planned release of the comedy “The Interview,” although they have since denied involvement.

Demarest did not elaborate on a possible North Korean connection, other than to refer in general to “nation states that have this capability.”

Demarest was responding to a query from Sen. Chuck Schumer (D-N.Y.), who said that it was “sort of surprising” if a “country like North Korea would have the ability to turn a large company like Sony into a knot.”

Demarest did praise Sony for its level of cooperation, something that companies have been reluctant to do in the past.

“The event occurred, and within hours you find teams from the FBI and other agencies on the ground with Sony and their cybersecurity provider Mandiant,” he said.

The committee was holding a previously scheduled hearing on cybersecurity in the financial sector.

Filed Under:

Want to read more articles like this one? SUBSCRIBE TO VARIETY TODAY.
Post A Comment 4

Leave a Reply

4 Comments

Comments are moderated. They may be edited for clarity and reprinting in whole or in part in Variety publications.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

  1. Sonder Twyful says:

    The fact that most of our corporations could be easily hacked does NOT mean the hack was sophisticated! All that means is that most of our companies’ computer security is as crap as Sony’s is/was. Corporate America should wake up and take heed. Keeping all your company’s password, in plaintext, on a server that everyone can access is NOT good security.

  2. Reblogged this on @stevebanfield and commented:
    …and 100% of Sony’s apparently non-existent defenses.

More Biz News from Variety

Loading