Few companies could have prevented the cyberattack that devastated Sony Pictures, the FBI said during a Senate Banking Committee hearing on cybersecurity and the finance industry.
"[T]he malware that was used would have gotten past 90 percent of the Net defenses that are out there today in private industry and [would have been] likely to challenge even state government," said Joe Demarest, assistant director of the Federal Bureau of Investigation's cyberdivision. His comments were officially confirmed later by the FBI.
Demarest on Tuesday told a cybersecurity conference the FBIwho was behind the attacks on Sony. Demarest's comments today align with those by Kevin Mandia, CEO security forensics company Mandiant, which Sony hired to investigate the attack. In an internal memo to Sony Picture's CEO Michael Lynton, Mandia called the attack "unprecedented" for which neither Sony Pictures or "other companies could have been fully prepared." The emails were first reported Saturday by Reuters.
A group calling itself the Guardians of Peace breached Sony Pictures' computer systems on November 24. The group leaked computer security department. It also destroyed Sony's computer hard drives.on the internal workings of Sony's
Circumstantial evidence had indicated North Korea could be behind the cyberattack, including similarities in the malware used by North Korea against South Korean media companies and banks in 2013.
North Korea, which hasallegations of its involvement, expressed support for the hack over the weekend.
"The hacking into Sony Pictures might be a righteous deed of the supporters and sympathizers with the DPRK [Democratic People's Republic of Korea]," a spokesman for North Korea said.
Demarest said the FBI has determined the attack was "organized," "certainly persistent," and it's "level of sophistication is extremely high," according to The Hill.
"Wow," Sen. Chuck Schumer (D-NY) said, The Hill reported.
An internal Sony email leaked to Variety by Sony employees on Monday said FBI officials are expected tomembers today to discuss how they should manage the leak of their personal information, which included Social Security numbers.