The malicious software that crippled Sony Pictures Entertainment and resulted in the release of gigabytes of sensitive information was not something that even state of the art antivirus software would have picked up.
"This incident appears to have been conducted using techniques that went undetected by industry standard antivirus software," the FBI said in a statement released Saturday.
In an e-mail to Sony staff obtained by USA TODAY, the security company analyzing the attack said "the malware was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other organizations of this critical threat."
Kevin Mandia, CEO of Mandiant, the security firm, went on to say in his e-mail, "this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared."
The ongoing cyberattack against SPE began two weeks ago. Security experts say it could portend a new era in computer assaults — one of wanton destruction and the release of embarrassing and potentially devastating data to the world.
"This is a game-changer for us in the United States, this level of maliciousness is unprecedented. I've never seen it, ever," said Jim Penrose, a former National Security Agency computer security expert now with Darktrace
, a British security firm.