The cyberattack against HBO and its biggest series Game of Thrones is the latest reminder that Hollywood remains a vulnerable target for online pillagers.
For cybercriminals seeking attention, there are few greater prizes than the hottest show on television or the biggest movie in theatres.
The hackers who took credit for attacking HBO say they have stolen and leaked a trove of HBO data onto the web, including a script for an upcoming episode of Game of Thrones, as well as video of new episodes of shows such as Ballers, Insecure and Room 104. And, they say, there’s more to come.
HBO confirmed in a statement on Monday that it experienced a breach that compromised some of its programming and immediately began to investigate the incident, working with law enforcement and independent cybersecurity experts.
“The problem before us is unfortunately all too familiar in the world we now find ourselves a part of,” HBO Chief Executive Richard Plepler said in a memo to employees. “I can assure you that senior leadership and our extraordinary technology team, along with outside experts, are working round the clock to protect our collective interests. The efforts across multiple departments have been nothing short of herculean.”
HBO declined to comment further on the investigation.
It’s unclear how hackers got access to HBO’s data, how much they stole or if there was a ransom (cybercriminals are notorious for exaggerating claims).
“Hi to all mankind,” the hackers said in emails to media outlets, including the Los Angeles Times. “The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones!!!!!! You are lucky to be the first pioneers to witness and download the leak.”
HBO, which is owned by media giant Time Warner Inc, is just the most recent entertainment company to endure threats from cybercriminals. In May, hackers claimed to have stolen Walt Disney Co’s Pirates of the Caribbean: Dead Men Tell No Tales (Salazar’s Revenge in the UAE) and demanded ransom, though that hack turned out to be a hoax, according to Disney CEO Robert Iger.
In another major recent incident, Netflix was attacked by a hacker known as the Dark Overlord, who uploaded episodes from the new season of Orange Is the New Black after the company refused to pay the ransom.
The most devastating example of a Hollywood cyberbreach remains the 2014 attack on Sony Pictures Entertainment that was blamed on North Korea. That attack came as Sony was about to release the comedy The Interview, about a fictional attempt to assassinate North Korean leader Kim Jong Un. It began by crippling Sony’s computer systems and uploading yet-to-be released movies online; it went on to expose embarrassing emails between executives and movie producers.
Hollywood has long been a victim of illegal hacking and piracy, and Game of Thrones is already one of the most popular targets. According to website TorrentFreak, citing data from piracy monitoring firm MUSO, the season seven premiere of Game of Thrones was pirated 90 million times, mostly from unauthorised streaming portals.
In 2015, the first four episodes of Game of Thrones season five were leaked to file-sharing sites a day before the first one aired.
Because TV dramas such as Game of Thrones are made for the public and analysed and discussed weekly online, they are highly desirable for cybercriminals.
The more successful a media product, the more vulnerable it is, said Michael Sulmeyer, cybersecurity project director at the Belfer Center for Science and International Affairs at Harvard University.
“HBO has done brilliantly marketing Game of Thrones and it makes them an attractive target for hackers,” he said.
The series, based on the novels by George R.R. Martin, has become a flagship programme for the network that first premiered the show in 2011. The premiere of the current season drew 16.1 million viewers in its first day, a record for the network.
Entertainment companies have an especially hard time securing data because so many companies, including special effects specialists and marketing firms, are involved in production and post-production.
“Their systems are highly dispersed,” said Clifford Neuman, director of the Center for Computer Systems Security at the University of Southern California. “There is a lot of moving data all across the system and it makes it more difficult to secure.”
Yet, Neuman said, the breadth of data that the hackers said they accessed suggests that the vulnerability was more central to HBO.
“It seems the data that was distributed is pretty much across the board,” Neuman said.