Cybersecurity experts said the malicious software described in the
alert appeared to describe the one that affected Sony, which would
mark first major destructive cyber attack waged against a company on
U.S. soil. Such attacks have been launched in Asia and the Middle
East, but none have been reported in the United States. The FBI
report did not say how many companies had been victims of
destructive attacks.
"I believe the coordinated cyberattack with destructive payloads
against a corporation in the U.S. represents a watershed event,"
said Tom Kellermann, chief cybersecurity officer with security
software maker Trend Micro Inc. "Geopolitics now serve as harbingers
for destructive cyberattacks."
The five-page, confidential "flash" FBI warning issued to businesses
late on Monday provided some technical details about the malicious
software used in the attack. It provided advice on how to respond to
the malware and asked businesses to contact the FBI if they
identified similar malware.
The report said the malware overrides all data on hard drives of
computers, including the master boot record, which prevents them
from booting up.
"The overwriting of the data files will make it extremely difficult
and costly, if not impossible, to recover the data using standard
forensic methods," the report said.
The document was sent to security staff at some U.S. companies in an
email that asked them not to share the information.
The FBI released the document in the wake of last Monday's
unprecedented attack on Sony Pictures Entertainment, which brought
corporate email down for a week and crippled other systems as the
company prepares to release several highly anticipated films during
the crucial holiday film season.
A Sony spokeswoman said the company had “restored a number of
important services” and was “working closely with law enforcement
officials to investigate the matter.”
She declined to comment on the FBI warning.
The FBI said it is investigating the attack with help from the
Department of Homeland Security. Sony has hired FireEye Inc's
Mandiant incident response team to help clean up after the attack, a
move that experts say indicates the severity of the breach.
While the FBI report did not name the victim of the destructive
attack in its bulletin, two cybersecurity experts who reviewed the
document said it was clearly referring to the breach at the
California-based unit of Sony Corp.
"This correlates with information about that many of us in the
security industry have been tracking," said one of the people who
reviewed the document. "It looks exactly like information from the
Sony attack."
[to top of second column] |
FBI spokesman Joshua Campbell declined comment when asked if the
software had been used against the California-based unit of Sony
Corp, although he confirmed that the agency had issued the
confidential "flash" warning, which Reuters independently obtained.
"The FBI routinely advises private industry of various cyber threat
indicators observed during the course of our investigations," he
said. "This data is provided in order to help systems administrators
guard against the actions of persistent cyber criminals."
The FBI typically does not identify victims of attacks in those
reports.
Hackers used malware similar to that described in the FBI report to
launch attacks on businesses in highly destructive attacks in South
Korea and the Middle East, including one against oil producer Saudi
Aramco that knocked out some 30,000 computers. Those attacks are
widely believed to have been launched by hackers working on behalf
of the governments of North Korea and Iran.
Security experts said that repairing the computers requires
technicians to manually either replace the hard drives on each
computer, or re-image them, a time-consuming and expensive process.
Monday's FBI report said the attackers were "unknown."
Yet the technology news site Re/code reported that Sony was
investigating to determine whether hackers working on behalf of
North Korea were responsible for the attack as retribution for the
company's backing of the film "The Interview."
The movie, which is due to be released in the United States and
Canada on Dec. 25, is a comedy about two journalists recruited by
the CIA to assassinate North Korean leader Kim Jong Un. The
Pyongyang government denounced the film as "undisguised sponsoring
of terrorism, as well as an act of war" in a letter to U.N.
Secretary-General Ban Ki-moon in June.
The technical section of the FBI report said some of the software
used by the hackers had been compiled in Korean, but it did not
discuss any possible connection to North Korea.
(Reporting by Jim Finkle. Additional reporting by Lisa Richwine;
Editing by Ken Wills)
[© 2014 Thomson Reuters. All rights
reserved.] Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |