With investigators probing the possibility that stolen passwords were used in the North Korean cyberattack that crippled Sony Pictures Entertainment, a security expert has drawn parallels with the NSA’s highly embarrassing 2013 data breach.
“This is the commercial equivalent of the Snowden incident,” Eric Chiu, president and co-founder of cloud security company HyTrust told FoxNews.com, in an email. “Snowden showed us the power of a single system administrator in his ability to steal millions of classified documents.”
An intelligence source told Fox News that there is no evidence of a forced entry into the Sony systems, pointing to an insider threat or lost or stolen credentials.
Former contractor Edward Snowden ignited a firestorm when he stole a cache of NSA documents last year and began releasing them to the press.
Chiu told FoxNews.com that Sony Pictures’ woes highlight the crucial importance of watertight security amongst system administrators.
“[This] is a reinforcement that system administrators and their credentials are the most dangerous threat to companies today,” he explained. “System administrators usually have root or 'god-like' levels [of] access to all critical systems and the data stored in those environments (email, intellectual property, employee data as well as customer credit card and patient information) - this is the equivalent of a skeleton key that can unlock every door in a company's network and servers.”
In a statement released on Friday the FBI accused North Korea of launching the attack against Sony Pictures.
“As a result of our investigation, and in close collaboration with other U.S. Government departments and agencies, the FBI now has enough information to conclude that the North Korean government is responsible for these actions,” it said.
The FBI cited technical analysis of the data detection malware used in the attack, which revealed links to other North Korean malware. Investigators also noted a “significant overlap” between the infrastructure used in Sony attack, such as IP addresses, and other malicious cyber activity linked directly to North Korea. Additionally, the FBI found that tools used in Sony Pictures attack bore similarities to a North Korean cyberattack against South Korean banks and media outlets in March 2013.
Still reeling from the devastating Nov. 24 hack by the shadowy Guardians of Peace group, Sony Pictures announced Wednesday that it had canceled “The Interview’s” Christmas Day release after a number of movie chains said that they would not show the film. “The Interview,” which pokes fun at North Korean leader Kim Jong-un, is believed to have prompted last month’s devastating attack on the studio and subsequent threats to movie theaters.
Sony Pictures has not yet responded to a request for comment on this story from FoxNews.com.
Fox News' Catherine Herridge contributed to this report.
Follow James Rogers on Twitter @jamesjrogers