On December 2nd, the Federal Bureau of Investigation sent a confidential notice about the recent hacking attack on Sony Pictures Entertainment to security staff at some large U.S. companies. While the notice did not specify Sony Pictures, it provided details on how the hack was pulled off. It also warned that data destroyed by the malware could be impossible or too costly to recover by current forensic data retrieval methods.
The malware can reportedly overwrite data and destroy the master boot record on the computer’s hard drive data. Sony Pictures has not confirmed whether this is true in their case.
Details on how the attack began are also sketchy, but these kinds of attacks usually start with inside help or a successful phishing attempt. Once hackers have found their way into the system, they can move through the network.
Sony Pictures Still Struggling to Recover
More than a week after the hack attack that brought down Sony Pictures Entertainment, some services have been restored while others remain offline. Employees regained access to email and telephone services last Monday, but only in certain buildings.
The hackers responsible claimed to have up to 100 terabytes of data stolen from the company during the attack. This data includes sensitive information such as executive salaries, employee social security numbers and server security keys. A short time after the attack digital copies of five unreleased Sony Pictures movies were leaked to illegal file sharing sites, though it’s not clear if the films were stolen by the hackers or leaked through other means.
Malware Used by the Hackers Linked to Previous North Korean Attacks
Authorities have yet to determine who is behind the attacks, but some security experts feel North Korea is a strong possibility. A web site run by the North Korean government blasted Sony Pictures for creating an upcoming action comedy with a plot centered around an assassination attempt on North Korean leader Kim Jong Un. The movie in question was not one of the films leaked. When asked whether North Korean hackers were responsible, a spokesman for the country’s United Nations mission cryptically responded with, “I kindly advise you to just wait and see.”
The malware the FBI warned about was written in Korean and has similarities to malware used in a malware attack on South Korean banks and television broadcasters in 2013. The two countries are hostile neighbors, and South Korea is a frequent target of North Korean hacking attacks.
According to an undisclosed source, Sony Pictures has hired the Mandiant division of FireEye to assist with the investigation and recovery. Both companies and the FBI are continuing to pursue the matter.