Winter is Coming...For HBO and the Media Industry

Last week’s HBO hack led to the release of sensitive information about HBO executives, contact lists, and -- most salacious for the media -- scripts and low-res copies of brand new “Game of Thrones” episodes. While the hacks have not led to any decrease in viewership for the epically popular series, the fact that HBO hasn’t learned the lesson of other entertainment organizations before it (the disastrous Sony hack comes to mind) is disconcerting, to say the least.

While the hack hasn’t seemed to hurt “Game of Thrones” in any significant way, there are some aspects of the hack that are important to note.

Is there anything about the hack I don’t already know?

There are two things that a lot of news stories on the hack have not mentioned:

1. It seems that the last episode leaked (‘Spoils of War’) was not actually the result of the same hack, but rather due to a mistake by HBO's distributor in India.

2. The hacker, who goes by the nickname "Kind Mr.Smith", used the address [email protected] This is actually an interesting choice of platform, as qq is a very popular messaging app in China. It also requires more validation than other available and anonymous platforms. While we don’t want to jump to conclusions, this could indicate that the attacker is Chinese. This is supported by the text of the ransom note, which does not appear to have been written by a native English speaker

Is 1.5 TB of data really that much?

This is considered to be the biggest leak that the entertainment industry has ever seen, involving seven times the amount of data involved in the 2014 Sony incident. However, given that the hacker claims to possess several episodes, in addition to scripts and executive data, 1.5 TB is understandable. After all, the size of an episode distributed in the most common format (1080p/23.90 ProRes HQ w/ 8 channels of audio) is around 90 GB.

What can it tell us about cyber security in the entertainment industry

Though almost all companies and industries face the threat of mega-breaches, the latest HBO hack has many questioning the readiness of media companies to face cyber threats. In fact, several Reddit users have shared their own personal stories about what they claim to be very poor standards of security: use of personal emails for business purposes and transferring sensitive information, reusing passwords, using personal computers and USBs in the work environment and more. Among the leaked materials were three Office Word documents containing the personal email address and passwords of an HBO SVP. This could potentially be even more damaging than the leaked “Game of Thrones” episodes.

Is cyber extortion on the rise?

During the past year, there has been a noticeable increase in cyber-extortion. While the term is mostly associated with the use of ransomware, several 2016 incidents brought to public attention the use of other practices for financial extortion. One such incident involved the Armada Collective, which threatened organizations with major DDoS attacks unless paid a ransom. Another example with similarities to the HBO case involved threat actor The Dark Overlord, who stole data from healthcare companies and demanded a ransom for not publishing it. He also traded the data on the dark web.

The public attention and media coverage given to such practices did not go unnoticed on the Dark Web. Intsights’ analysts have read several discussions on closed cyber crime forums in which hackers stated that they would rather try to extort someone (with concrete or empty threats) for a nice sum of money than buy expensive malware and run a more sophisticated and costly campaign. Cyber-extortion is viewed as a practice that requires little effort on the attacker's behalf, and although many targets refuse to pay the ransom, all it takes is a few successes to make the project profitable. In 2017, we have seen many ransomware attacks by copycats pretending to be prominent threat actors such as the Armada Collective, Lizard Squad and The Dark Overlord. The trend is expected to continue.

Stay up to Date!

Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.