Hackers have been wreaking havoc on American pay-tv network HBO over the course of the summer. Since July they have managed to steal files attached to the second season of hit show Westworld, released unaired episodes of Curb Your Enthusiasm, Insecure, Ballers, and Barry and the Deuce. However, the most high-profile of their attacks has undoubtedly been the leaking of Game of Thrones related material, including, as yet unaired episodes of the latest series.
The hackers decided to put the boot in that little bit extra after a fresh dump of files was distributed by an individual calling himself ‘Mr. Smith’ with the comment “If history repeats itself HBO may never be the same again. Winter really is here.”
On the show itself, characters like Littlefinger or Varys are usually the ones providing an insider threat, you can never be too sure of the angle they are playing in pursuit of their own glory.
However, the insider threat at HBO is multifaceted and looks like it requires battling enemies on multiple fronts. On one side, we have the external threat of the extortionist hackers. They publicly demanded in excess of £4.5m in ransom to prevent the release of the unaired shows and upcoming scripts.
There is then the security threat posed by the theft and distribution of Personally Identifiable Information (PII) and private emails. They dumped the personal contact details of Game of Thrones actors online alongside HBO network passwords and emails from the networks VP for film programming.
It’s not only hackers causing woe for HBO. The Spanish arm of the company was responsible for the leak of Season 7, Episode 6 a week before its air date by accidentally releasing it on their streaming platform early. Although it was taken down it was up long enough to be copied and shared the world over.
This is just the latest breach of material in Hollywood. Perhaps most famously was the Sony hack from a few years ago, which left TV and Film companies seriously rethinking their cyber security. However, these leaks are still happening as cyber threats continue to evolve. This has been seen this past year with the Netflix hack which witnessed some of their flagship shows leaked early.
Despite many Hollywood production companies and distributors enhancing their security protocols it hasn’t stopped the continued leakage of their crown jewels. This signifies that these leaks aren’t happening because of some new, highly complex technical robbery but rather that the human aspect is at play and again causing an inadvertent data breach or compromise.
TV networks and production companies will all have safeguards in place such as Data Leakage Protection (DLP), Endpoint Detection and Response (EDR), Security Information and Event Monitoring (SIEM) and much more beside. However, all this protection is pointless if the staff aren’t trained to look out for the ways in which hackers are first gaining access to the network.
HBO, and others, need to educate their staff company-wide on what to look out for, with particular focus on employee targeted phishing scams. Only by doing this will they be able to transform their business and create a compliance culture within that takes care of their prized assets.
Do you think these attacks are becoming the normal for Hollywood, what do you think is the best way for Hollywood to fight back against these kinds of thefts. Let us know below.