clock menu more-arrow no yes mobile

Filed under:

Sony Hack Was Not an Inside Job, Says Security Expert Kevin Mandia

It was state action, says FireEye president Kevin Mandia, speaking at the Code/Enterprise event in San Francisco.

Sumit Kohli

Last year’s Sony hack was clearly the work of North Korea and not that of a disgruntled insider, according to FireEye president Kevin Mandia.

“Definitely not an insider,” Mandia said at Code/Enterprise in San Francisco. “Nope.”

While he said it is governments, not security firms, that are in the best position to assign blame, Mandia said the Sony hack was clearly the work of a government. Mandia noted that this was the first time a U.S. president publicly blamed another country for a cyber attack.

Over the course of several weeks as details in last year’s Sony hack emerged, critics questioned whether it was possible for North Korea to carry out the attack as the FBI has alleged.

Attribution — the business of determining who carried out an attack — is always sticky in high-profile cyber incidents. Attackers often leave behind false clues meant to confuse investigators by pointing to someone else. Ultimately it was the FBI which determined that hackers working on behalf of North Korea carried it out. Part of the reason they knew came from the fact that the U.S. National Security Agency had penetrated the China-based networks that North Korea’s cyber warriors tend to use.

“A media and entertainment company got hacked by a nation-state,” Mandia said. “I don’t think there are too many companies that could withstand that.”

Sony Pictures Entertainment was the victim of the worst known cyber attack in corporate history that first came to light on Nov. 24. Motivated in part by plans to release an R-rated comedy called “The Interview,” about two bumbling TV reporters tapped to assassinate North Korean leader Kim Jong-un, the attackers brought the operations of Sony Pictures’ computer networks to a halt and proceeded to disclose mountains of sensitive corporate information including executive emails and numerous business documents, all of which are now fully searchable courtesy of Wikileaks.

FireEye’s Mandiant incident response unit was called in to help the company investigate the attack and begin the process of recovering. Mandia likened it to his aunt being attacked by a UFC fighter. “It was an unfair fight.”

He said the Sony attack represented a combination of factors not seen all at once in prior attacks. He said you had a government attacking a private sector company, releasing private information and then “blowing up the house” on the way out.

That was a wake-up call to all companies. “Everyone in this room recognizes the risk profile just changed.”

This article originally appeared on

Sign up for the newsletter Today, Explained

Understand the world with a daily explainer plus the most compelling stories of the day.