Sony Hack – FireEye Claims They Are Not At Fault… Sounds Phishy ;)
If you haven’t heard about the Sony hack (#SonyHack) you are most likely living under a rock. Every news outlet under the sun has been reporting on the breach for just over a week now. The data that has been leaked so far has experts estimating the damage has already exceeded $100 million dollars and in the midst of all of this, hacked e-mails between big shot producers and Sony Pictures execs have Hollywood tearing each other limb from limb. In response to the attack, Sony has been working with the FBI and they have recruited premier incident response service Mandiant (Purchased by FireEye in January of this year).
recently published an article
regarding Kevin Mandia’s (Head of Mandiant and founder) letter that basically states that Sony is blameless for the attack, that the attackers used “non-standard strategies”, and that the attack was unprecedented. Coming from such a well-respected authority, it appears to be an attempt to eliminate or limit Sony’s liability on the matter, but statements like these don’t come without backlash… especially from the security community.
Maybe this letter wasn’t to limit Sony’s liability, but instead, it was intended to protect the reputation of FireEye?
Doesn’t Sound Right
“Non-standard attack strategies” – First… I don’t think that attackers have a “standard strategy”. Maybe they’ve used techniques that have not yet been seen in the wild or attacks that are not common, but “non-standard” makes this sound like come sort of compliance guideline. Second… What sounds interesting to me about this is that FireEye makes some heavy claims and lays the product marketing on quite thick about their Advanced Persistent Threat protection
and ability to stop zero-days (and IMHO their products actually work fairly well). Many sources have experts stating that this attack demonstrates the hallmark signs of an advanced persistent threat (see the correlation?).
What I would like to know:
Is FireEye’s product suite part of Sony’s infrastructure under the assumption that it would defend against such attacks? If so, is this truly their “expert opinion” or is this just a classic case of CYA and / or an attempt to protect the brand?
If the answer is “Yes”, then I think the picture becomes a little clearer. – Just my two cents