Since the word “hack” has existed, the term has become synonym with crime and cyberattacks, even if unfairly. It’s a process that’s been romanticized by pop culture many times, especially as the world becomes more digital and software dependent.
It’s a bit ironic then, that the same industry that has portrayed that activity hundreds of times is now the target of many prominent real cyberattacks. The recent HBO hacking, which has led to leaks from several of its primetime TV series, is only the most recent one in a long line of cases that these kind of companies have suffered. Be it on the film, TV, music or video game sectors, attacks on the entertainment industry are on the rise.
Why exactly this is happening is a matter worth discussing, so first we’ll go with the basic question:
When did this start?
Cyberattacks on Hollywood or other entertainment industries are nothing new, but cases were far and few between and not necessarily known by the media. The breaking point was 2014, when the Sony Pictures hack happened. The attack was so massive and prominent that the United States government considered it to be of interest to national security, and other countries expressed their concerns over it as well.
The attack compromised information about employees and their families (including executive salaries), internal e-mails (which led to several scandals) and even leaks of entire films and scripts. At the center of it all was The Interview, a comedy that satirized North Korea’s dictatorial regime. Eventually, the US identified that country as the one responsible for the attacks, apparently in retaliation for the production of the movie.
The Sony Pictures hack set a dangerous precedent for these kind of breaches, and since then they have become more common. Just a year after the fact, a study showed that cyberattacks on the industry had gone up 15% in that time.
The problem with these attacks is that they deal with intellectual property, so trying to account for losses is a very difficult, if not impossible task. Insurance for these kind of accidents do exist, but calculating damages can be a laborious and difficult task. These are products with massive audiences and public interest. Their win-or-lose margins are not measured in thousands, but in the millions. Releasing a film, videogame or whatnot is often a risk itself without any unexpected threats. A hack resulting in a leak is just icing on the cake.
But the real advantage criminals have is the fact these thefts are purely digital in nature —it’s much, much easier to hold something hostage when it’s just a couple of gigabytes of data. There’s also no tangible way to make sure a theft has happened in the first place, so that opens the door to simple deceptions. Fear is a strong tool for any sort of criminal, and executives without any IT familiarity will often make mistakes if they’re scared.
And that’s the thing: most agree the attack on Sony wasn’t particularly sophisticated. Reports suggest executives were victim to a classic email phishing scheme, combining Apple account information with LinkedIn passwords to hopefully access Sony’s internal platform.
The prominent cases
After the Sony hack, the entertainment business has been victim to more attacks. None of them have had such a massive scale, but they’ve still hurt their victims nonetheless . In 2015, several episodes of the fifth season of Game of Thrones were leaked, leading HBO to cancel “screener” DVD copies sent to the press, and to tighten security. It didn’t do much for them, though. As mentioned before, recently they suffered a worse series of attacks.
This same year, European videogame developer CD Projekt Red received an attack that led to data leaks from its upcoming and much anticipated title. Also on May, Netflix saw the entire new season of Orange is the New Black leak several weeks before it aired on its service. Those responsible for the hack also threatened to leak a Disney movie, supposedly the new Pirates of the Caribbean, but those ended up being false threats after all. Like we also mentioned before, those kind of deceptions do happen.
Just in 2016, the media and entertainment sector was among the top five most-breached industries. There were 37 publicly reported breaches in total. At least in terms of raw coverage and buzz, 2017 seems like a much more critical year, though we’ll know officially in a few months. What seems sure is that more attacks are coming.
The Sony hack broke the industry’s confidence on its safeguards, and you can tell. According to experts and published spending budgets during 2016, demand for cybersecurity services is booming within the entertainment industry, and losses related to breaches are decreasing. However, time will only tell how effective could be, because there will always be a weak link in such a big chain: it only takes one careless employee or an outdated computer running in the office.
But that’s another crucial part to this story: how and why exactly this is happening. There’s more to this than simply a skilled group of hackers causing mayhem. There’s a very important human element involved, both on the victim and the perpetrators’ sides. We’ll go a bit further in an upcoming post, so be sure to check Akuaro World soon. For now, one thing seems certain: “hacking entertainment” looks like the current favorite hobby of cybercriminals.