FBI: Sony hack would work on '90 percent' of public, private firms

The cyberattack that struck Sony Pictures “would have slipped or gotten past 90 percent” of private industry and government cyber defenses, said Joe Demarest, assistant director of the FBI’s Cyber Division, on Wednesday.

“Wow,” Sen. Charles Schumer (D-N.Y.) responded.


Speaking at a Senate Banking Committee hearing, Demarest said the FBI’s investigation had shown the attack's “level of sophistication is extremely high,” and that it was “organized” and “certainly persistent.”

Sony’s movie studio was hit in late November with a crippling cyber offensive that shut down its computer network, removed troves of sensitive data and might have destroyed parts of the company’s internal systems.

Some have linked the attack to North Korea. The code has Korean language origins, and Pyongyang has been threatening retaliation against the U.S. for an upcoming Sony comedy, “The Interview,” about a plot to assassinate North Korean leader Kim Jong Un.

Others think the connection is tenuous.

Sticking to the bureau’s party line since the hack, Demarest declined to attribute the attack to any source.

Regardless, Schumer said, “our awareness” of nation-state cyberattacks “has been heightened because of the supposed attack by North Korea.”

“I think it was frightening to people, the specter that it might have been North Korea that did this,” he added.

Schumer wanted to know how many countries had developed such advanced cyber capabilities.

“You could pick the top three or four off the top of your head that would have the ability when we talk about computer network attack capability,” Demarest said. There is “one predominantly out of the Middle East that we’re also very concerned about.”

“Which I would assume is Iran,” Schumer replied.

Security experts usually describe Russia, China and Iran as the top cyber powers, but North Korea could soon join that elite group.

“We have watched countries over the past two and a half, three years actually evolve and develop greater capabilities,” Demarest said.