HBO the latest victim of mass data exfiltration

Time Warner-owned American TV network HBO was the latest major corporation to fall victim to data exfiltration, the unauthorized copying or transfer of data from a computer or server by means of malicious activity. The hackers stole 1.5 terabytes of material from HBO – a much larger amount than the 200 gigabytes stolen from Sony Pictures in 2014.

HBO released a statement on July 31 confirming it had been hacked. The hackers claimed to have acquired 1.5 terabytes of data from the network, allegedly including scripts and other content from popular TV shows like Game of Thrones. To put the scale of the hack into perspective, 1.5 terabytes is equivalent to about 1,536 gigabytes.

“HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information,” HBO said in a statement. “We immediately began investigating the incident and are working with law enforcement and outside cybersecurity firms. Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold.”

The network didn’t confirm what content had been stolen or the specific titles of TV content that had been breached, but according to a report by Variety, the hackers obtained potentially sensitive information, including employee data, and even access to internal corporate emails. The hackers published documents online to prove they had accessed information of a senior HBO executive, including details such as online banking.

HBO Chairman and CEO Richard Plepler sent an email to employees alerting them of the breach, saying, “As many of you have probably heard by now, there has been a cyber incident directed at the company which has resulted in some stolen proprietary information, including some of our programming. Any intrusion of this nature is obviously disruptive, unsettling and disturbing for all of us.”

Plepler assured HBO employees that the company is working with “outside experts” around the clock to protect collective interests. “The problem before us is unfortunately all too familiar in the world we now find ourselves a part of,” he continued. “As has been the case with any challenge we have ever faced, I have absolutely no doubt that we will navigate our way through this successfully.”

HBO has struggled to prevent its content being leaked online for years. Game of Thrones fans will remember the first four episodes of season five being leaked online before the show’s premiere after review DVDs were sent to members of the press and industry insiders. The company subsequently stopped the practice of sharing content before it’s due to be released, but that hasn’t deterred experienced hackers from getting their hands on it.

The unknown hackers sent an email to members of the press announcing their victory: “Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones……!!!!!! You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread the words. Whoever spreads well, we will have an interview with him. HBO is falling.” 

HBO isn’t alone. Today’s headlines are filled with companies that have had data and information stolen, whether it’s customer data, employee information, classified product data and more. In November 2014, a hacker group called ‘Guardians of Peace’ (GOP) leaked confidential data from Sony Pictures, including information such as emails between employees, information about salaries, and copies of then-unreleased Sony films.

The Sony hack was evidently politically charged with the GOP group demanding that Sony halt the release of its film The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-Un. The hackers threatened terrorist attacks at cinemas screening the film, so Sony opted not to continue with the release. After evaluating the software and techniques used in the hack, US intelligence officials claimed that the attack was sponsored by North Korea.

To understand how to prevent data theft, like the HBO hack, it’s important to first look at the different ways data can be stolen from an organization, explains Mohammed Al-Moneer, Regional Director, MENA, at A10 Networks. Data breaches can occur either physically or digitally "over-the-wire” he claims.

“An over-the-wire data breach can occur with various degrees of complexity, duration and effort,” said Al-Moneer. “Exploits that potentially give access to the stolen content might be as simple as taking advantage of improper security measures to bypass authentication for streaming services, or exploits that give command and control over a host to the intruder.”

Other common vectors used to steal data include spear phishing or deeper penetration into the corporate network or from a connected subsidiary or partner. Spear phishing is the practice of sending emails seemingly from a trusted sender in order to induce targeted individuals to reveal confidential information.

“If the main attack is through an intermediate and compromised system, there is a delicate balance that an intruder might consider in deciding at which rate to exfiltrate the data,” Al-Moneer said.

“The longer the intrusion, the higher the chance of being discovered or inadvertently losing access because of nightly patching or the power state of the compromised system. However, if the intruder sends large amounts of data too quickly, it might raise some eyebrows and generate alerts from security solutions.”

HBO hired a security company to scrub search results for the hacked files from search engines, Variety reported. The security firm disclosed to Google that the hackers stole “thousands of Home Box Office (HBO) internal company documents.”

The Digital Millennium Copyright Act (DMCA) issued a take-down notice to Google forcing the search engine to remove links to the leaked files, highlighting the seriousness of the hack. The take-down notice said the hackers obtained “masses of copyrighted items, including documents, images, videos and sound.”

The HBO hack occurred at a time when organizations are on high alert following the global “WannaCry” ransomware attack in May this year and the subsequent “Petya” cyberattack in late June. Victims of the Petya attack were left unable to unlock their computers even if they paid the ransom to the hackers. How can companies prevent data breaches like these from happening?

When it comes to preventing data breaches and leaks, analytics and visibility are critical and can help detect data exfiltration events, said Al-Moneer. “Detailed telemetry solutions that have good analytics are essential to monitoring traffic that is leaving the network, and can detect traffic flows that are outside the norm,” he said. From there they provide insight into what’s happening and “act to stop any malicious activity.”

In a case where data is exiting the network via fast exfiltration, he said IT management can use security solutions that create rules to lock down traffic in extreme circumstances, or even proactively set up policies that limit traffic. Additionally, Data Loss Prevention (DLP) systems that use the Internet Content Adaption Protocol (ICAP) to connect to the network can help prevent unauthorized data exfiltration.

The FBI has collaborated with Mandiant, a cybersecurity firm, to investigate the HBO hack. Newsmax reported the two will try to search for information that can lead them to the identity of the hackers responsible for the leaks of confidential information. The hackers did not provide any ransom demand that could help the network prevent the release of the data.