Employees of Sony Pictures Entertainment have received a bizarre email purportedly sent by the hackers who took down the company’s network and systems.
In broken English, the sender claims to be the head of the hacker group, that the Sony Pictures attack was just a small part of the group’s plans, and that the company clinging “to what is good to nobody” is the reason why the attack continues.
“Please sign your name to object the false of the company at the email address below if you don’t want to suffer damage. If you don’t, not only you but your family will be in danger,” the sender threatened. “Nobody can prevent us, but the only way is to follow our demand. If you want to prevent us, make your company behave wisely.”
While the company has still not offered any comment about the happenings to the public, this email got an internal reaction by Michael Lynton, on of Sony’ chiefs, who told the company’s employees that the FBI has been notified of the email in question, and advised them not to respond to it or click on any links it might contain.
“Not only are these criminals using scare tactics, they may also be attempting to further infect the SPE IT network,” he pointed out.
He also sent out an internal memo that included a note sent to him by Kevin Mandia, the CEO of Mandiant, the cyber security firm Sony has contracted to investigate the breach, saying that the attack “is unprecedented in nature.”
“The malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat,” Mandia wrote.
“In fact, the scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public. The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared.”
The internal memo was apparently a way for the company to address questions from employees who believed that the breach was the result of a recent cost-cutting effort within the company, which also apparently resulted in the slashing of IT budgets (among other things).
Documents stolen and leaked by the attackers have also shown that the company’s infosec posture is worryingly bad.
In the meantime, a North Korean spokesman has reiterated the claim that they didn’t mount the attack.
“We do not know where in America the Sony Pictures is situated and for what wrongdoings it became the target of the attack, nor [do] we feel the need to know about it,” he stated. “But what we clearly know is that the Sony Pictures is the very one which was going to produce a film abetting a terrorist act while hurting the dignity of the supreme leadership [of North Korea].”
But, he also said that the attack “might be a righteous deed of the supporters and sympathisers.”