HBO. Sony. Netflix. WME. UTA. ICM. Being hacked in Hollywood was once an exclusive club, but it is rapidly expanding. Criminals have taken notice of the easy pickings at amusement companies, according to two leading IT security experts asked about the recent attack on HBO.
Hackers earlier this week got an estimated 1.5 terrabytes of information from the HBO platform, including a script for an upcoming Game of Thrones incident and a few displays of Ballers and Space 104. The materials also allegedly included fiscal records, business emails, and some client information. After the first revelation, tonight’s Game of Thrones episode leaked, but its look was believed to be irrelevant to the former intrusion. Hackers also have threatened to release more stuff.
Although identifying the exact culprits for HBO’s problem has not been attained, corporate is maturing. Where once it had been a game played by young men, it has now grown to a criminal venture or a nation-state series of electricity, according to two leading IT security experts
Dan Clements, an IT cyber-security adviser who has worked with many three-letter agencies, said cyber-crime was only a lark to a sizable underground cadre of hackers. Composed of hard-core computer nerds and avid players alienated from the true world, all boastful and eager to impress their peers, the hacking teams generally infiltrated sites merely to prove that it could be accomplished. The goal was to get a “trophy,” instead of a ransom.
That relatively benign clinic shifted with the Sony business hack, Clements said, an intrusion that the FBI blamed on North Korea. But before that major incident, in which stolen incoming emails caused firings, there was an earlier intrusion. A team called the Lizard Squad, composed of Eastern Europeans, Australians, and even a Hawaii-based hacker, probed into Sony, ” Clements said.
By discussing what they found on popular underground spy internet sites, they could inadvertently resulted in the North Korean exploits.
“Some of that Sony info had been floating across the underground, and also the North Koreans might have had access to that intelligence,” Clements said. “The FBI reported the cyber prints (about the major hack) were the most North Koreans. But the rumor from the underground was that the players had already been in there.”
Pre-Sony, the subterranean groups could be located by people who knew where to search. Clements said. Today, most rogue hackers really are virtually imperceptible. “The classes are pretty dark nowadays,” Clements said. “Back in the old days, they needed to brag. There’s too much visibility nowadays. The young guys still brag, but the professionals aren’t going to be seen. You are not going to be able to work out that they are.”
Roderick Jones, a former Scotland Yard security expert who now runs Rubica, a San Francisco cyber-security company, said that many hacking attacks start simply. “If you look at the history of attacks which were, in the time, described as sophisticated and then up it from there, they’re usually the effect of a Phishing attack from a worker. Stuxnet, that is a complicated attack. The important of attacks aimed against organizations are receiving employees to click bad links.”
Hacking into systems occurs because of the collaborative nature of this workforce, Jones says. “Too many people have access to sensitive stuff,” he stated, citing NSA whistle-blower Edward Snowden because the classic case.
Sadly, there’s not any defense against someone decided to get into a computer system, Clements stated. “If you make a penetration testing team and invent a hack program, and have them try to get in, they’re going to be able to acquire in. The probability is so high that they can work out how to get in, and as soon as they’re in, they then migrate amongst serves and people and figure out exactly what they want to carry and if they would like to hold us hostage. It just depends on their motives.”
But there’s one hope. Many former hackers finally opt to go legit. “I have seen them over 20 years grow up and wish to have actual jobs,” said Clements. “A lot of them need to work for security companies, some of them assist law enforcement.”