Advertisement

Hackers broke into Sony Pictures using an unpatched security hole

Whether or not you believe that North Korea hacked Sony Pictures, one thing is becoming apparent: whoever's responsible knew what they were doing. Sources for Recode understand that the perpetrators took advantage of a zero-day exploit, or a software security hole that hadn't been patched yet. The details of just what this attack involved are still under close guard, but it suggests that Sony had no surefire way to protect itself. Also, it hints that the culprits had a lot of skill, a lot of money or both. Zero-day vulnerabilities are usually difficult to find and fetch a high price on the black market (typically between $5,000 to $250,000), so the attackers must have really wanted in.

Neither Sony nor FBI investigators are commenting on the claims. It's unlikely you'll get more details beyond what these organizations have been willing to dish out, then. However, a zero-day flaw would lend support to theories that this was a state-sponsored attack. Amateurs and small criminal groups are less likely to have the resources to hit such a high-profile target, and it's no secret that countries like North Korea spend extravagant amounts on cyberwarfare.

[Image credit: AP Photo/Nick Ut]