(Ars Technica) – The security company investigating the attack against Sony Pictures Entertainment has reportedly penned a letter that seemingly holds the entertainment firm blameless for the breach of its systems—a move that has opened up the investigating firm to criticism by security professionals.
The letter—to SPE’s CEO Michael Lynton from Kevin Mandia, the head of FireEye’s Mandiant, the incident response service the company hired to investigate the attack and restore its network—calls the attack “unprecedented in nature.” Mandia states that the attack would not have been detected by antivirus programs, and the attackers used non-standard strategies to cause damage to the company.
“In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public,” Mandia states in the letter, which was leaked to media outlets. “The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”
Yet, security professionals aren’t buying it. Within 24 hours, several security experts had criticized the statements and refuted Mandia’s characterization of the attacks.