Seventh day of Hackmas: Winter came to HBO
HBO is a premium television network in the US and in 2017 suffered a massive data breach that reportedly exposed 1.5 terabytes (i.e. lots) of data. The breach was discovered after the hacker group named “little.finger66” used a sophisticated cyberattack to gain access to the HBO network.
“Hi to all mankind,” the hackers said in emails to media outlets, including the Los Angeles Times. “The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones!!!!!! You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread the words. Whoever spreads well, we will have an interview with him. HBO is falling.”
What exactly was taken?
Beyond the already released (at that time) episodes of the hugely popular Game of Thrones, it was unclear if the claim of 1.5 terabytes of data was accurate. The concern beyond the unreleased episodes, however, was the major concern that the hackers now had access to company financial documents, employee emails and personal information about its employees and customers.
The Sony hack in 2014, whilst smaller in data size, contained a number of very controversial pieces of information – including the pay gap between Jennifer Lawrence and her male co-stars in the movie American Hustle.
What’s the suspected cause?
One of the following is true, however it’s never been publicly confirmed by HBO.
- HBO was running old and outdated systems that were easily compromised. Netflix lost 10 episodes from Orange is the New Black due to the same vulnerability.
- A company executive was targeted in a spearphising campaign. It’s not unbelievable to understand that if an exec were to request administrative credentials from fearful systems administrator, those credentials would be handed over without question.
Could this have been prevented?
Both of those scenarios can be prevented.
- Update old systems and make sure your current systems are patched for the latest security updates
- Educate your staff! Build a company culture where a subordinate feels comfortable to ask a superior to confirm that they really need those logon credentials