‘Unprecedented’ Cyberattack No Excuse for Sony Breach, Pros Say

In this Dec. 2, 2014 file photo, cars enter Sony Pictures Entertainment headquarters in Culver City, Calif. Sony Pictures said the investigation into the cyberattack that crippled its computer systems is continuing and denies a report that it is poised to name North Korea as the culprit. (AP Photo/Nick Ut, File)
In this Dec. 2, 2014 file photo, cars enter Sony Pictures Entertainment headquarters in Culver City, Calif. Sony Pictures said the investigation into the cyberattack that crippled its computer systems is continuing and denies a report that it is poised to name North Korea as the culprit. (AP Photo/Nick Ut, File)
In this Dec. 2, 2014 file photo, cars enter Sony Pictures Entertainment headquarters in Culver City, Calif. Sony Pictures said the investigation into the cyberattack that crippled its computer systems is continuing and denies a report that it is poised to name North Korea as the culprit. (AP Photo/Nick Ut, File)

(Ars Technica) – The security company investigating the attack against Sony Pictures Entertainment has reportedly penned a letter that seemingly holds the entertainment firm blameless for the breach of its systems—a move that has opened up the investigating firm to criticism by security professionals.

The letter—to SPE’s CEO Michael Lynton from Kevin Mandia, the head of FireEye’s Mandiant, the incident response service the company hired to investigate the attack and restore its network—calls the attack “unprecedented in nature.” Mandia states that the attack would not have been detected by antivirus programs, and the attackers used non-standard strategies to cause damage to the company.

“In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public,” Mandia states in the letter, which was leaked to media outlets. “The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”

Yet, security professionals aren’t buying it. Within 24 hours, several security experts had criticized the statements and refuted Mandia’s characterization of the attacks.

READ MORE

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.