The first in an expanded version of the Sony Pictures cyber-attack occurred this week ushering in a new era of extortionware.
A group of hackers known as “Mr. Smith” posted a fresh batch of HBO files Monday with the attendant demand for $6 million in ransom in order to prevent further leaks. The post included scripts form five “Game of Thrones” episodes along with a month’s worth of email from Leslie Cohen, HBO’s VP of programming.
The dump also included internal documents like executive job offers and legal defense strategies for dealing with claims against the company. Just enough flavor to suggest the depth of impact awaiting any delay in complying with the extortion demand. A few samples of emails, financial balance sheets and internal memos, employment agreement terms, and marketing strategies that contained language best described as sensitive intend to paint the outline of a picture that could be devastating to HBO.
As a side-note, HBO unbelievably claimed this week that they still don’t believe that their email system had been compromised.
While these leaks fall short of the chaos inflicted on Sony in 2014, where thousands of embarrassing emails and personal information, including salaries and social security numbers of nearly 50,000 current and former Sony employees resulted in the termination and re-assignment of several high-ranking executives, the game has only just begun.
Mr. Smith claims to have tons more scripts, upcoming episodes of HBO shows and movies, and sensitive email and memos damaging to HBO. Now, when was the last time you wrote a memo or email that upon reflection you probably don’t want the world outside your company to see? Was that just yesterday?
This attack is a precursor to what we think will be a new wave of similar attacks on businesses of all types and will soon out-distance Ransomware as the most wide-spread and deadly in terms of consequences. This is because in spite of elevated social visibility and pressure to the contrary, executives in key leadership roles tend to flex communication and response reactions relying on muscle memory rather than conscious thought. While public companies spend millions on communication protocols and the care and feeding of executive dispositions, private companies do not.
HBO is a public company owned by Time Warner, a larger public company, but they represent a tiny portion of the U.S. business population. Of the 6,000,000 companies in the U.S. only 1% of them are public. Either way, communication carelessness is not limited to small businesses out in the middle of the suburbs. We all write emails we wish we hadn’t.
It is bad enough that HBO scripts and clips are released into the wild. People generally have short memories and the damage that an unveiled script might cause is probably minimal. People will not avoid watching an upcoming episode of Game of Thrones because a script is available on the Internet.
The real threat is the reputational damage a politically incorrect email will visit on a senior executive and the career consequences that may arise as a result.
In the case of Sony Pictures, Amy Pascal, the former Chairperson of Sony Pictures was terminated in February 2015, after she was caught swapping racially insensitive jokes in email about President Obama’s presumed taste in African-American films, her candid assessments of star behavior (Leonardo DiCaprio, “despicable”), the fact that she didn’t like Cameron Crowe’s movie and maybe most embarrassingly, her personal shopping list (Mr. Bubble bath bomb tray, $18).
It is easy to imagine how our own private communications in emails, memos, comments in meetings recorded in minutes, negotiations with sensitive business dealings might appear were they aired publicly. How many times have we referred to a business associate, partner, customer or supplier in unkind terms in a fit of anger or frustration?
On the record.
The backlash from the HBO hack is not yet known, nor is it yet determined that they will cough up $6 million in exchange for a promise not to release any of those private documents. But one thing is certain. In the very near future, this form of blackmail will make the $17,000 Bitcoin payment for the return of some data files to the Hollywood Presbyterian Medical Center look like child’s play.
The truly amazing part of all this is that according to people who work with executives at Sony Pictures today, their email box still fills up with content that the senders would definitely not like to see show up in another venue.
It should then surprise no one that cyber-criminals continue to develop new forms of on-line threats and ply them with ease. As Willie Sutton said about robbing banks, “I rob banks because that’s where the money is.” Oh.
The post Extortionary Circumstances!: Now playing exclusively on HBO appeared first on Netswitch Technology Management.
This is a Security Bloggers Network syndicated blog post authored by Steve King. Read the original post at: News and Views – Netswitch Technology Management