Remember when Game of Thrones got hacked this summer, stressing us out about whether we were going to be deluged with spoilers for one of the most popular shows of all time? It’s bad enough that we need to deal with things like the Equifax breach, but seriously, if hackers are coming after our TV, too, nothing is sacred—and that means understanding network hacks includes a whole new dimension we never thought about before. Here’s what went down with the GoT hack and what we can learn from it.
HBO is falling, and winter is coming
Right as HBO was in the middle of airing GoT’s next to last season, a hacker group going by the name of Kind Mr. Smith breached the HBO network and pillaged 1.5 terabytes of data. They nicked episodes and scripts, immediately freaking everybody out about the possibility of dreaded spoilers that might ruin the season. But Kind Mr. Smith made off with other sensitive stuff, too, like executives’ emails, documents allegedly concerning legal issues facing the company, and even technical documentation on HBO’s network, including administrator passwords. Employee data, such as job offer letters and personal health information, was compromised, as well.
The hackers threatened to begin releasing their stolen goods if HBO refused to cough up a hefty ransom of $7.5 million in bitcoin within three days. As Fortune reports, Kind Mr. Smith issued a lengthy video ransom note to HBO’s chief executive Richard Plepler that closed with the tagline, “HBO is falling.” HBO ultimately decided not to pay the ransom, so Kind Mr. Smith retaliated by publishing caches of the data at regular intervals, all while insisting that the entertainment giant pay up to avoid further releases.
According to Mashable, piracy records were shattered as more than one billion people downloaded the show’s seventh season. Personal details about the GoT stars themselves, including their phone numbers and email addresses, also appeared online, as did cast lists for the show. Kind Mr. Smith made good on its threat to a certain extent, but HBO, citing a policy of not negotiating with ransomware demands, held firm.
HBO: Victorious for now—but still vulnerable
When you play the Game of Thrones, you win or you die—and HBO seems to have won, at least for now. The hackers thought they had a fierce dragon, but it wasn’t nearly as powerful a bargaining chip as they expected. Fans still tuned in en masse to watch season seven right through to the finale, steadfastly avoiding the leaks and urging other fans to ignore them, too, so everyone could enjoy the fun of a spoiler-free finale together. Kind Mr. Smith still has all that data, though, and they’re free to leak it at a time and place of their choosing, so this war may not actually be over.
For the time being, it’s clear HBO has learned a few lessons about understanding network hacks and what to do when you’ve been hit by ransomware. They had already seen how Sony’s high-profile hack caused massive damage to the company’s reputation and led to the firing of Sony Pictures chief Amy Pascal. Then, Netflix was targeted by a hacker (or hackers) named thedarkoverlord, who posted season five of Orange Is the New Black to The Pirate Bay, demanding a ransom in exchange for taking it down—Netflix didn’t give in either.
We don’t yet know a lot about how Kind Mr. Smith got in the door at HBO. That’s probably because HBO is still working with police and cybersecurity experts, and from their perspective, the threat hasn’t actually passed yet. HBO has only said that it doesn’t believe its entire email system has been compromised, although it acknowledges that proprietary information was stolen. Kind Mr. Smith says it took six months to break into HBO’s network. It’s possible Kind Mr. Smith got in via a zero-day exploit since, as The Guardian reports, the hacker group claims it spends over $500,000 a year purchasing those vulnerabilities for use in its attacks. And, unfortunately, the zero-day exploit problem isn’t going to be solved anytime soon.
Our TV isn’t safe. What do we do now?
Now that we know our TV isn’t safe, what’s the moral of the story? First, it’s clear there are some jerks out there who just want to see the world burn and are perfectly happy spoiling our favorite shows, so they can rake in some sweet, sweet bitcoin. But businesses watching this whole saga unfold have to be a little twitchy, too—after all, this is one of everybody’s IT security nightmares come to life. If even the mighty Game of Thrones is a target now, no one is out of the danger zone.
If Kind Mr. Smith did take advantage of a zero-day exploit to break into HBO’s network and stage a ransomware attack, then chances are pretty good they did so via a spear-phishing campaign or a variant, like CEO fraud. Or, perhaps they crept in through a print security vulnerability. Whatever it was, HBO is carefully reviewing its cybersecurity practices to pinpoint the weak link. If an unwitting employee clicked on a link they shouldn’t have, then that points to the need for better cybersecurity training. HBO, recognizing it has a target on its back, is surely taking further measures to fend off the next ransomware attack.
Kind Mr. Smith seems to have gone quiet on the HBO front for the moment. But they—and other hackers like them—will be back soon, and in greater numbers. One thing we can be sure of? Winter is still coming, so the time for HBO and businesses everywhere to call in their dragons is now.