 |
| An entrance gate to Sony Pictures Entertainment at the Sony Pictures lot
is pictured in Culver City, California in this April 14, 2013 file
photo. |
Credit: Reuters/Fred Prouser/Files
(Reuters) - The
Federal Bureau of Investigation warned U.S. businesses that hackers have
used malicious software to launch a destructive cyberattack in the
United States, following a devastating breach last week at Sony Pictures
Entertainment.
Cybersecurity experts said the malicious software
described in the alert appeared to describe the one that affected Sony,
which would mark first major destructive cyber attack waged against a
company on U.S. soil. Such attacks have been launched in Asia and the
Middle East, but none have been reported in the United States. The FBI
report did not say how many companies had been victims of destructive
attacks.
"I believe the coordinated cyberattack with
destructive payloads against a corporation in the U.S. represents a
watershed event," said Tom Kellermann, chief cybersecurity officer with
security software maker Trend Micro Inc. "Geopolitics now serve as
harbingers for destructive cyberattacks."
The five-page, confidential "flash" FBI warning
issued to businesses late on Monday provided some technical details
about the malicious software used in the attack. It provided advice on
how to respond to the malware and asked businesses to contact the FBI if
they identified similar malware.
 |
| The word 'password' on a computer screen is magnified with a magnifying
glass in this picture illustration taken in Berlin May 21, 2013. |
Credit: REUTERS/Pawel Kopczynski
The report said the malware overrides all data on
hard drives of computers, including the master boot record, which
prevents them from booting up.
"The overwriting of the data files will make it
extremely difficult and costly, if not impossible, to recover the data
using standard forensic methods," the report said.
The document was sent to security staff at some U.S. companies in an email that asked them not to share the information.
The FBI released the document in the wake of last
Monday's unprecedented attack on Sony Pictures Entertainment, which
brought corporate email down for a week and crippled other systems as
the company prepares to release several highly anticipated films during
the crucial holiday film season.
A Sony spokeswoman said the company had “restored
a number of important services” and was “working closely with law
enforcement officials to investigate the matter.”
She declined to comment on the FBI warning.
The FBI said it is investigating the attack with help from the Department of Homeland Security. Sony has hired FireEye Inc's (FEYE.O)
Mandiant incident response team to help clean up after the attack, a
move that experts say indicates the severity of the breach.
While the FBI report did not name the victim of
the destructive attack in its bulletin, two cybersecurity experts who
reviewed the document said it was clearly referring to the breach at the
California-based unit of Sony Corp (6758.T).
"This correlates with information about that many
of us in the security industry have been tracking," said one of the
people who reviewed the document. "It looks exactly like information
from the Sony attack."
FBI spokesman Joshua Campbell declined comment
when asked if the software had been used against the California-based
unit of Sony Corp, although he confirmed that the agency had issued the
confidential "flash" warning, which Reuters independently obtained.
"The FBI routinely advises private industry of
various cyber threat indicators observed during the course of our
investigations," he said. "This data is provided in order to help
systems administrators guard against the actions of persistent cyber
criminals."
The FBI typically does not identify victims of attacks in those reports.
Hackers used malware similar to that described in
the FBI report to launch attacks on businesses in highly destructive
attacks in South Korea and the Middle East, including one against oil
producer Saudi Aramco that knocked out some 30,000 computers. Those
attacks are widely believed to have been launched by hackers working on
behalf of the governments of North Korea and Iran.
Security experts said that repairing the
computers requires technicians to manually either replace the hard
drives on each computer, or re-image them, a time-consuming and
expensive process.
Monday's FBI report said the attackers were "unknown."
Yet the technology news site Re/code reported
that Sony was investigating to determine whether hackers working on
behalf of North Korea were responsible for the attack as retribution for
the company's backing of the film "The Interview."
The movie, which is due to be released in the
United States and Canada on Dec. 25, is a comedy about two journalists
recruited by the CIA to assassinate North Korean leader Kim Jong Un. The
Pyongyang government denounced the film as "undisguised sponsoring of
terrorism, as well as an act of war" in a letter to U.N.
Secretary-General Ban Ki-moon in June.
The technical section of the FBI report said some
of the software used by the hackers had been compiled in Korean, but it
did not discuss any possible connection to North Korea.
~ Jim Finkle