Ransomware plot line: Netflix hackers follow script that leads to money
TV show leak is good reminder for everyone to put their digital lives in order
By Bob Sullivan, Special to ThirdCertainty
The premature release of the new season of “Orange is the New Black” by hackers is no big deal. Really. You can see why producers made the calculation that stopping the “hack” was not even worth the alleged $66,000 or so the hackers demanded as “ransom,” according to TorrentFreak.
Online show fans are very familiar with the restraint required to avoid hearing about plot lines before they get a chance to catch up on episodes. In fact, of all the places where the internet seems incapable of decorum or restraint, most internet users are (spoiler alert) shockingly good at not spoiling shows. So we will get through this together, even if the goofily named “TheDarkOverlord” group follows through on its threat to release many more shows.
Movie studio hacks were (and are) much more serious for massive, timed movie releases, where the first weekend can make or break an entire investment in a film. What many folks forget about the infamous Sony hack in 2014 is that those hackers (named Guardians of Peace) ruined a major Christmas season studio release called “The Interview,” which was going to poke fun at North Korea’s leader.
Threats from those hackers led to movie houses canceling showings, turning the millions Sony spent on marketing into wasted money. Long after the movie was pulled, Sony was paying for “The Interview” billboards and bus stop signs all over Manhattan.
And this is why the Netflix “hack” story matters.
Ransom-based hacks reap big rewards
If you read any industry report on the dark side of the internet, it’s clear that hackers and virus writers have turned their attention to extortion and ransom. Symantec, in a well-timed study, said last week that the number of ransomware programs tripled in the past year, and about two-thirds of victims pay up. A study last year by Larry Ponemon found much the same thing. That means ransom-based hackers are rolling in cash, and thanks to all that R&D money, ramping up their game.
Why are ransom attacks so popular? That’s where the money is. More important, that’s where the leverage is.
Related infographic: Ransomware rampage takes aim at business targets
Let’s step back for a moment to a simpler time, when we mostly worried about stolen credit cards. Sure, replacing credit cards is annoying and costs money to “the system.” But really, it was only money. And, for criminals, there was the pesky task of turning the stolen data into money, which is rather challenging. How challenging? A $3,000-limit credit card could sell for as little as $5 to $10.
Theft of intellectual property brings with it an amplifier. Some secrets are more important to some people than others. Most stolen things are hard to sell, so they sell at a big discount. But steal a secret, and you can sell it back to its owner at a premium.
Spending money to save face
The most powerful version of this amplification effect can involve embarrassment. What we remember about the Sony hack was the stolen emails that rocked Hollywood. (Salaries were released; rampant accusations of sexism followed.)
I shouldn’t have to remind anyone about the value of the theft of Leon Panetta’s emails.
Seeing these rather dramatic displays, plenty of other companies have paid up to avoid email hacking embarrassment, I’ve been told by many analysts.
Other kinds of intellectual property theft can be more alarming. Ransom hackers have long targeted hospitals, and because their systems are so mission critical, administrators pay. Even law enforcement agencies have paid up.
So that brings us to obvious targets like Netflix. Firms that try to trade in suspense can be vulnerable to this kind of intellectual property theft. One can easily imagine another Sony incident, where a company spends years and millions of dollars trying to lead up to a cliff-hanging release that gets blown by hackers.
The real threat, however, lies in the kind of hacks we rarely hear about. Real corporate espionage. Theft of plans for naval ships, for example, dubbed “economic warfare.” Competitors stealing each other’s business plans, or secret ingredients, or employee records. Merely leaking a list of company salaries could wreck a firm.
Focus on the wrong threat
So as we’re all obsessing over the leak of a TV show, now is a good time to pause and take inventory of your digital life. We’ve spent far too much time obsessing about our electronic money, which for the most part is ridiculously safe thanks to an incredibly robust auditing system that’s full of backups.
Other data in our lives is at much greater risk. If a hacker encrypted all your baby photos, how much would you pay to get them back? If a hacker learned all your travel plans for the next year, how would you feel? What could a hacker with access to your Gmail account do? (Probably change all your passwords, for example). Backups are your only real insurance against many of these attacks.
Hackers know these things. Slowly, we will all learn theses lessons, too. Don’t be the last one to find out.
More stories about hackers and ransomware:
Evolution of a threat: Expect ransomware targets, methods to broaden
Ransomware attacks are a fact of life, so real-time detection, response is critical
Ransomware hits keep coming—and victims keep paying