FBI official calls Sony attackers 'organized,' 'persistent'

The FBI spills more details to US Senate on the hack that destroyed Sony's computers and leaked sensitive documents.

Seth Rosenblatt Former Senior Writer / News

Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.

See full bio

Seth Rosenblatt

Dec. 10, 2014 1:43 p.m. PT

2 min read

The FBI supports the assertion from an independent security firm that the Sony hack was unusual and hard to prevent. FBI

Few companies could have prevented the cyberattack that devastated Sony Pictures, the FBI said during a Senate Banking Committee hearing on cybersecurity and the finance industry.

"[T]he malware that was used would have gotten past 90 percent of the Net defenses that are out there today in private industry and [would have been] likely to challenge even state government," said Joe Demarest, assistant director of the Federal Bureau of Investigation's cyberdivision. His comments were officially confirmed later by the FBI.

Demarest on Tuesday told a cybersecurity conference the FBI couldn't yet determine who was behind the attacks on Sony. Demarest's comments today align with those by Kevin Mandia, CEO security forensics company Mandiant, which Sony hired to investigate the attack. In an internal memo to Sony Picture's CEO Michael Lynton, Mandia called the attack "unprecedented" for which neither Sony Pictures or "other companies could have been fully prepared." The emails were first reported Saturday by Reuters.

A group calling itself the Guardians of Peace breached Sony Pictures' computer systems on November 24. The group leaked financial documents, unreleased movies, confidential information about employees and celebrities, and details on the internal workings of Sony's computer security department. It also destroyed Sony's computer hard drives.

Circumstantial evidence had indicated North Korea could be behind the cyberattack, including similarities in the malware used by North Korea against South Korean media companies and banks in 2013.

North Korea, which has denied allegations of its involvement, expressed support for the hack over the weekend.

"The hacking into Sony Pictures might be a righteous deed of the supporters and sympathizers with the DPRK [Democratic People's Republic of Korea]," a spokesman for North Korea said.

Demarest said the FBI has determined the attack was "organized," "certainly persistent," and it's "level of sophistication is extremely high," according to The Hill.

"Wow," Sen. Chuck Schumer (D-NY) said, The Hill reported.

An internal Sony email leaked to Variety by Sony employees on Monday said FBI officials are expected to meet with Sony Pictures staff members today to discuss how they should manage the leak of their personal information, which included Social Security numbers.