News Reader.info

HBO. Sony. Netflix. WME. UTA. ICM. Being hacked in Hollywood was once an exclusive club, but it’s rapidly expanding. Criminals have taken notice of the easy pickings at entertainment

companies, according to two leading IT security experts asked about the recent attack on HBO. Hackers earlier this week obtained an estimated 1.5 terrabytes of information from the HBO

system, including a script for an upcoming _Game of Thrones_ episode and some shows of _Ballers_ and _Room 104_. The materials also reportedly included financial documents, company emails,

and some customer information. After the initial disclosure, tonight’s _Game of Thrones_ episode leaked, but its appearance was believed to be unrelated to the previous intrusion. Hackers

have also threatened to release more material. Although identifying the exact culprits for HBO’s problem hasn’t been achieved, corporate hacking is maturing. Where once it was a game played

by young men, it’s now grown into a criminal enterprise or a nation-state show of power, according to two leading IT security experts WATCH ON DEADLINE Dan Clements, an IT cyber-security

consultant who has worked with many three-letter agencies, said cyber-crime used to be just a lark to a large underground cadre of hackers. Composed of hard-core computer nerds and avid

gamers alienated from the real world, all boastful and eager to impress their peers, the hacking groups usually infiltrated sites just to prove it could be done. The goal was to obtain a

“trophy,” rather than a ransom. That relatively benign practice changed with the Sony corporate hack, Clements said, an intrusion which the FBI blamed on North Korea. But before that major

incident, where stolen executive emails led to firings, there was an earlier intrusion. A group called the Lizard Squad, made up of Eastern Europeans, Australians, and even a Hawaii-based

hacker, probed into Sony, Clements said. By sharing what they found on popular underground hacker web sites, they may inadvertently led to the North Korean exploits. “Some of that Sony

information had been floating around the underground, and the North Koreans may have had access to that intelligence,” Clements said. “The FBI said the cyber prints (on the major hack) were

the North Koreans. But the rumor in the underground was that the gamers had already been in there.” Pre-Sony, the underground groups could be found by people who knew where to look, Clements

said. Now, most rogue hackers are practically invisible. “The groups are pretty dark these days,” Clements said. “In the old days, they liked to brag. There’s too much visibility these

days. The young guys still brag, but the professionals aren’t going to be seen. You’re not going to be able to figure out who they are.” Roderick Jones, a former Scotland Yard security

expert who now runs Rubica, a San Francisco cyber-security firm, said that most hacking attacks begin simply. “If you look at the history of attacks that were, at the time, described as

sophisticated and then back it up from there, they’re usually the effect of a Phishing attack against an employee. Stuxnet, that’s a sophisticated attack. The major of attacks aimed against

organizations are getting employees to click bad links.” Hacking into systems happens because of the collaborative nature of the workforce, Jones says. “Too many people have access to

sensitive material,” he said, citing NSA whistle-blower Edward Snowden as the classic example. Sadly, there is no defense against someone determined to get into a computer system, Clements

said. “If you create a penetration testing group and formulate a hack plan, and have them try to get in, they’re going to be able to get in. The probability is so high that they can figure

out how to get in, and once they’re in, then they migrate amongst servers and people and figure out what they want to take and if they want to hold us hostage. It just depends on their

motivations.” But there is one hope. Many former hackers eventually decide to go legit. “I’ve seen them over 20 years grow up and want to have real jobs,” said Clements. “A lot of them want

to work for security companies, some of them help law enforcement.”