Sources for
Recode understand
that the perpetrators took advantage of a zero-day exploit, or a
software security hole that hadn't been patched yet. The details of just
what this attack involved are still under close guard, but it suggests
that Sony had no surefire way to protect itself. Also, it hints that the
culprits had a lot of skill, a lot of money or both. Zero-day
vulnerabilities are usually difficult to find and fetch a high price on
the black market (typically between $5,000 to $250,000), so the
attackers must have
really wanted in.
Neither Sony nor FBI investigators are commenting on the claims.
It's unlikely you'll get more details beyond what these organizations
have been willing to dish out,
then. However, a zero-day flaw would lend support to theories that this
was a state-sponsored attack. Amateurs and small criminal groups are
less likely to have the resources to hit such a high-profile target, and
it's no secret that countries like North Korea spend extravagant amounts on cyberwarfare.
Posted in:
