Displaying items by tag: HBO

Equifax breach the latest in troubling hacking trend

Written on Wednesday, 20 September 2017 08:55

Large digital security breaches are a common occurrence in the corporate world today. The latest breach, experienced by consumer credit reporting agency Equifax, follows a trend of troubling hacks that have played out across the globe this year. It seems adversaries will stop at nothing to evolve their threats, move with even more speed, and find new ways to widen their operational space.

Equifax chief executive Richard Smith said his company “will make changes” after a massive security breach in July that may have exposed the data of up to 143 million people, he said in an opinion piece in USA Today on September 12. Smith said the company first learned of the breach on July 29, but didn’t go public with the information for six weeks because “we thought the intrusion was limited.”

Smith described the hack as the “most humbling moment” in the company’s 118-year history. Founded in 1899 and based in Atlanta, Georgia, it is the oldest of the three largest American credit agencies along with Experian and TransUnion. “We are devoting extraordinary resources to make sure this kind of incident doesn’t happen again,” Smith wrote, promising to “make changes and continue to strengthen our defenses against cyber crimes.”

The company has been highly scrutinized for its handling of the data breach, which compromised the personal information of as many as 143 million Americans. Residents in the United Kingdom and Canada were also impacted. After detecting the breach, Equifax waited six weeks before it notified the public in early September. Rather than informing people whose data had been compromised, the company set up a website that wasn’t ready for days.

Yahoo experienced similar scrutiny when it dealt with massive data breaches. The company announced in September 2016 that hackers in 2014 had stolen data from more than 500 million of its users’ accounts. Yahoo then announced in December 2016 another breach dating back to 2013 in which over a billion users had their data stolen. The US Securities and Exchange Commission opened an investigation into whether Yahoo should have informed investors sooner about the breaches.

To make up for its failure to protect users’ data, Equifax, which rakes in around US$ 3.1 billion in annual revenue, offered free credit monitoring services to its customers. But the company was criticized for requiring those who enrolled for the offer to waive their right to sue the company. Soon enough, Equifax backtracked on the requirement, allowing customers to sue the company if they sent it in writing within 30 days.

Nevertheless, Equifax has been forthcoming about the wider issue of cybersecurity and the need for change. Smith acknowledged some of the company’s problems in his article, admitting that consumers and media have raised “legitimate concerns” about the services Equifax offered and the operations of its call center and website. “We accept the criticism and we are working to address a range of issues,” he said.

Smith said the company is now committed to doing everything it can to support those affected by the breach. “Our team is focused on this effort and we are engaged around the clock in responding to millions of inquiries from consumers,” he said. Equifax has warned, however, that credit card numbers of around 209,000 people have been exposed, in addition to “personal identifying information” on roughly 182,000 customers involved in credit report disputes.  

Prior to Equifax’s data breach, Time Warner-owned US TV network HBO was the latest major corporation to fall victim to hackers. HBO confirmed on July 31 that a whopping 1.5 terabytes of material had been stolen – a significantly larger amount than the 200 gigabytes stolen from Sony Pictures in 2014. Similar to Equifax’s breach, HBO’s hackers obtained potentially sensitive information, including employee data and even access to internal corporate emails.

The string of corporate hacks this year, including the global “WannaCry” ransomware attack in May and the subsequent “Petya” attack in late June, represent a chilling trend taking place all over the globe, in which cyber hackers are finding more avenues to infiltrate even the most seemingly protected organizations, by findingnew ways to widen their operational space.

An ever-evolving threat

Hackers today have more tools at their disposal than ever before. They also have a keen sense of when to use each one for maximum effect. In Cisco’s Annual Cybersecurity Report 2017, it explains how the explosive growth of mobile endpoints and online traffic work in favor of cyber hackers. Adversaries have more space in which to operate, the report claims, and more choices of targets and approaches.

It may not be possible to stop all attacks, the report says, but you can minimize both the risk and the impact of threats by “constraining your adversaries’ operational space and, thus, their ability to compromise assets.” Cisco suggests that companies should simplify their collection of security tools by integrating them into an automated architecture to streamline the process of detecting and mitigating threats. That leaves companies with more time to address more complex and persistent ones.  

According to Cisco’s 2017 Security Capabilities Benchmark Study, organizations that have not yet suffered a security breach may believe their networks are safe. This confidence is probably misplaced, the report says, considering that 49 percent of the security professionals surveyed said their organizations have had to manage public scrutiny following a security breach.

Take Yahoo for instance: Following the shocking revelation that 1.5 billion of its users accounts were hacked on two separate occasions, the company was forced to slash the price of its core internet business in the sale to US telecom giant Verizon by $350 million. Yahoo is also in the midst of lawsuits related to the way the hacks were handled. In an effort to diffuse the situation and make up for damage to its reputation, Yahoo announced that it would not award CEO Marissa Mayer a cash bonus for 2016.

The Cisco study found that nearly a quarter of the organizations that have suffered an attack lost business opportunities, and four in ten said those losses were substantial. One in five organizations lost customers due to an attack, and nearly 30 percent lost revenue. When breaches occur, operations and finance were the functions most likely to be affected (36 percent and 30 percent, respectively), followed by brand reputation and customer retention (both at 26 percent).

The report once again emphasizes the importance of companies focusing their resources on reducing their adversaries’ operational space if they want to avoid the aforementioned consequences. As a result, attackers will find it difficult to gain access to valuable enterprise resources and to conduct their activities without being detected. Automation, the report says, is essential to achieving this goal.

Automation helps companies to understand what normal activity is in the network environment, so they can focus their resources on more significant threats. Simplifying security operations, the report says, is the most effective way of eliminating adversaries’ unconstrained operational space. Unfortunately, most organizations are using more than five solutions from more than five vendors, according to the study, creating a complex web of technology, which can be a recipe for less, not more, protection.

Published in Featured

HBO the latest victim of mass data exfiltration

Written on Thursday, 10 August 2017 11:16

Time Warner-owned American TV network HBO was the latest major corporation to fall victim to data exfiltration, the unauthorized copying or transfer of data from a computer or server by means of malicious activity. The hackers stole 1.5 terabytes of material from HBO – a much larger amount than the 200 gigabytes stolen from Sony Pictures in 2014.

HBO released a statement on July 31 confirming it had been hacked. The hackers claimed to have acquired 1.5 terabytes of data from the network, allegedly including scripts and other content from popular TV shows like Game of Thrones. To put the scale of the hack into perspective, 1.5 terabytes is equivalent to about 1,536 gigabytes.

“HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information,” HBO said in a statement. “We immediately began investigating the incident and are working with law enforcement and outside cybersecurity firms. Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold.”

The network didn’t confirm what content had been stolen or the specific titles of TV content that had been breached, but according to a report by Variety, the hackers obtained potentially sensitive information, including employee data, and even access to internal corporate emails. The hackers published documents online to prove they had accessed information of a senior HBO executive, including details such as online banking.

HBO Chairman and CEO Richard Plepler sent an email to employees alerting them of the breach, saying, “As many of you have probably heard by now, there has been a cyber incident directed at the company which has resulted in some stolen proprietary information, including some of our programming. Any intrusion of this nature is obviously disruptive, unsettling and disturbing for all of us.”

Plepler assured HBO employees that the company is working with “outside experts” around the clock to protect collective interests. “The problem before us is unfortunately all too familiar in the world we now find ourselves a part of,” he continued. “As has been the case with any challenge we have ever faced, I have absolutely no doubt that we will navigate our way through this successfully.”

HBO has struggled to prevent its content being leaked online for years. Game of Thrones fans will remember the first four episodes of season five being leaked online before the show’s premiere after review DVDs were sent to members of the press and industry insiders. The company subsequently stopped the practice of sharing content before it’s due to be released, but that hasn’t deterred experienced hackers from getting their hands on it.

The unknown hackers sent an email to members of the press announcing their victory: “Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones……!!!!!! You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread the words. Whoever spreads well, we will have an interview with him. HBO is falling.” 

HBO isn’t alone. Today’s headlines are filled with companies that have had data and information stolen, whether it’s customer data, employee information, classified product data and more. In November 2014, a hacker group called ‘Guardians of Peace’ (GOP) leaked confidential data from Sony Pictures, including information such as emails between employees, information about salaries, and copies of then-unreleased Sony films.

The Sony hack was evidently politically charged with the GOP group demanding that Sony halt the release of its film The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-Un. The hackers threatened terrorist attacks at cinemas screening the film, so Sony opted not to continue with the release. After evaluating the software and techniques used in the hack, US intelligence officials claimed that the attack was sponsored by North Korea.

To understand how to prevent data theft, like the HBO hack, it’s important to first look at the different ways data can be stolen from an organization, explains Mohammed Al-Moneer, Regional Director, MENA, at A10 Networks. Data breaches can occur either physically or digitally "over-the-wire” he claims.

“An over-the-wire data breach can occur with various degrees of complexity, duration and effort,” said Al-Moneer. “Exploits that potentially give access to the stolen content might be as simple as taking advantage of improper security measures to bypass authentication for streaming services, or exploits that give command and control over a host to the intruder.”

Other common vectors used to steal data include spear phishing or deeper penetration into the corporate network or from a connected subsidiary or partner. Spear phishing is the practice of sending emails seemingly from a trusted sender in order to induce targeted individuals to reveal confidential information.

“If the main attack is through an intermediate and compromised system, there is a delicate balance that an intruder might consider in deciding at which rate to exfiltrate the data,” Al-Moneer said.

“The longer the intrusion, the higher the chance of being discovered or inadvertently losing access because of nightly patching or the power state of the compromised system. However, if the intruder sends large amounts of data too quickly, it might raise some eyebrows and generate alerts from security solutions.”

HBO hired a security company to scrub search results for the hacked files from search engines, Variety reported. The security firm disclosed to Google that the hackers stole “thousands of Home Box Office (HBO) internal company documents.”

The Digital Millennium Copyright Act (DMCA) issued a take-down notice to Google forcing the search engine to remove links to the leaked files, highlighting the seriousness of the hack. The take-down notice said the hackers obtained “masses of copyrighted items, including documents, images, videos and sound.”

The HBO hack occurred at a time when organizations are on high alert following the global “WannaCry” ransomware attack in May this year and the subsequent “Petya” cyberattack in late June. Victims of the Petya attack were left unable to unlock their computers even if they paid the ransom to the hackers. How can companies prevent data breaches like these from happening?

When it comes to preventing data breaches and leaks, analytics and visibility are critical and can help detect data exfiltration events, said Al-Moneer. “Detailed telemetry solutions that have good analytics are essential to monitoring traffic that is leaving the network, and can detect traffic flows that are outside the norm,” he said. From there they provide insight into what’s happening and “act to stop any malicious activity.”

In a case where data is exiting the network via fast exfiltration, he said IT management can use security solutions that create rules to lock down traffic in extreme circumstances, or even proactively set up policies that limit traffic. Additionally, Data Loss Prevention (DLP) systems that use the Internet Content Adaption Protocol (ICAP) to connect to the network can help prevent unauthorized data exfiltration.

The FBI has collaborated with Mandiant, a cybersecurity firm, to investigate the HBO hack. Newsmax reported the two will try to search for information that can lead them to the identity of the hackers responsible for the leaks of confidential information. The hackers did not provide any ransom demand that could help the network prevent the release of the data.

Published in Featured

Global revenue made from telecom services is expected to reach over 1.2 trillion Euros in 2018, says research group Statista. The telecom sector continues to be at the epicenter for growth, innovation, and disruption for virtually any industry, and leading telcos aren’t holding back from the opportunity to capitalize on this growth. The latest example of this is AT&T, the U.S. telecoms heavyweight, and its recently announced $85 billion deal to purchase Time Warner that would create a powerhouse with control over a vast array of media and entertainment assets and the means to deliver them. The deal represents a big step forward for AT&T, but some analysts have voiced concern about the merger, saying it could lead to “self-dealing and discrimination” by a combined powerful media and telecoms provider.

More and more content is being consumed on-the-go nowadays, and this trend hasn’t gone unnoticed by telecom providers like AT&T. Mobile devices and related broadband connectivity continue to be more embedded in the fabric of society today, which means people want to be able to access their favorite content via their mobile device. Based on the results of Deloitte’s Global Mobile Consumer Survey (GMCS), U.S. consumers look at their devices over 8 billion times a day in total. That makes mobile content a big deal for all sectors within the telecom industry including wireless and wireline/broadband carriers, network equipment/infrastructure companies, and device manufacturers who are all critical components of this key ecosystem, says Deloitte.

Just look at Snapchat’s recent activities: it already hosted outsourced content from Mashable, CNN, and National Geographic to name a few, and in August, Snapchat announced an expansion of its partnership with NBC Universal, to host short-form versions of several of its popular TV shows on the Snapchat platform. This trend in consuming content on-the-go is likely what led AT&T to pursue a merger with Time Warner, which hosts a vast media lineup, including networks such as CNN, TNT, the prized HBO channel and Warner Bros. film and TV studio. It could also further AT&T’s bet that television and video can drive growth into a stalled wireless market.

“Premium content always wins. It has been true on the big screen, the TV screen and now it’s proving true on the mobile screen,” said Randall Stephenson, AT&T’s chief executive, who would head the new company. AT&T and Time Warner said they aim to be the first U.S. wireless company to compete nationwide with cable companies by providing an online-video package similar to traditional pay-TV. The merger will “disrupt the traditional entertainment model and push the boundaries on mobile content availability for the benefit of customers,” the companies said.

The merger will make AT&T a strong rival to Comcast, which owns NBC Universal, and aims to counter the growing threat from online rivals such as Netflix and Amazon which currently dominate the online consumption of content. It also positions AT&T – which recently acquired satellite TV group DirecTV – against its U.S. telecom rival Verizon, which has acquired internet group AOL and is in the process of buying Yahoo, and against new delivery platforms expected from Google and other players.

Will regulators be willing?

Massive merger deals are carefully exposed to the world with optimism by the players involved who expect to reap the benefits. For instance, AT&T’s merger with Time Warner could see it thrive in the content market, combining its strong network with premium content for its customers. But often mass mergers like this aren’t necessarily good for all parties in the industry – an issue that has been raised by various regulators around the world, such as the European Commission. Even Donald Trump, the Republican U.S. presidential candidate has expressed his distaste for the current proposed merger deal.

“As an example of the power structure I'm fighting, AT&T is buying Time Warner and thus CNN, a deal we will not approve in my administration because it's too much concentration of power in the hands of too few," Trump said at a recent campaign rally. Trump argued that the merger is an example of a rigged “power structure”. He also said he would look into “breaking” up Comcast’s acquisition of NBC Universal. "Deals like this destroy democracy," he said, expressing the need to minimize the taxation and regulation of American companies.

The question of whether regulators will accept AT&T’s merger with Time Warner is hanging heavily on AT&T, even though Mr. Stephenson played down any regulatory concerns in a conference call, arguing that AT&T isn’t eliminating a competitor, but rather buying a supplier, which isn’t blocked by regulators, The Wall Street Journal reported. “Any concerns by the regulators we believe would be adequately addressed by conditions,” he said. According to the WSJ report, on the contrary, former regulatory officials believe there could be significant conditions placed on the merger.

Earlier this year, a similar major European merger was blocked by the European Commission. CK Hutchison Holdings, the Hong Kong-based owner of Three UK, planned to merge with O2, Telefonica’s British arm – a merger deal that would have created the largest mobile operator in the country. But the European Commission blocked the merger saying it would have led to less choice and higher prices for consumers, by reducing the number of network-owning operators from three to four.

“Allowing Hutchison to takeover O2 at the terms they proposed would have been bad for UK consumers and bad for the UK mobile sector,” said the Commission’s competition commissioner Margrethe Vestager at the time. “We had strong concerns that consumers would have had less choice finding a mobile package that suits their needs and paid more than without the deal. It would have hampered innovation and the development of network infrastructure in the UK, which is a serious concern especially for fast moving markets.”

In a statement, CK Hutchison said it was “deeply disappointed” by the Commission’s decision and was considering the possibility of a legal challenge. “We strongly believe that the merger would have brought major benefits to the UK,” it said.

Even in New Zealand, concerns were raised in August this year over Sky TV’s merger with Vodafone New Zealand, due to similar competition reasons. Spark, one of New Zealand’s leading telecom operators, formally spoke out to New Zealand’s Commerce Commission about Sky TV’s planned merger with Vodafone New Zealand, the country’s other major telecom operator. Spark raised the issue over concerns that the merger was not in the best interest of sports fans and the content market. Spark argued that a merged Sky/Vodafone company would be able to leverage its “monopoly power” in the sports market to the detriment of consumers. However, Sky TV denied that it would be in its interests to tie its pay-TV service to Vodafone’s broadband service.

Similar concerns have been raised by John Bergmayer from the consumer group Public Knowledge, regarding AT&T’s merger with Time Warner. He says the merger could open the door to “self-dealing and discrimination” by a combined powerful media and telecoms provider. "DirecTV, for instance, might favor Time Warner content, crowding out or refusing to carry alternative and independent programming that viewers might prefer," he explained. "AT&T might also make it more expensive or difficult for competitors to DirecTV or to its streaming service to access Time Warner programmer, hoping to drive customers to its own platforms," he added. "AT&T could also give preferential treatment to its own programming and services on its broadband networks."

But not everyone is skeptical about large-scale mergers in the industry. In fact, some analysts think it makes sense given the changing media landscape – the same change that the likes of Snapchat have capitalized on. For example, Richard Greenfield of BTIG Research says the sector can no longer count on consumers watching "linear" TV and subscribing to expensive cable "bundles," with many opting for online services and on-demand viewing.

"Time Warner Chairman and CEO Jeff Bewkes and his senior management team can see where the entire legacy media world is headed: secular decline," Greenfield said in a recent blog post. "If Time Warner and its management team were confident in the future of the media sector, particularly the cable network industry, they would not be selling now," he added. "The harsh reality is that the legacy cable network business has been over earning for decades with an unvirtuous circle of pain about to begin."

 

Published in Featured

Game of Thrones fans could be in for a shock as HBO cracks down on illegal downloading. Despite the fact that season 6 of the hit HBO series has drawn record television subscription viewers; Game of Thrones is still the most pirated television show in the world. The Daily Telegraph reports that within 12 hours of airing the first episode of season 6, the premiere episode was illegally downloaded over one million times.

HBO is well aware of the mass appeal that Game of Thrones has amassed and isn’t going to let the potential revenue run away that easy. To put an end to prominent Game of Thrones piracy, HBO has teamed up with anti-piracy agency Echelon to combat mass piracy by sending thousands of letters to ISPs (Internet Service Providers), asking them to warn customers that they have been flagged for piracy infringements, including the IP-addresses of BitTorrent users caught sharing recent episodes of the hit show.

The letter, according to TorrentFreak, reads: “As the owner of the IP address, HBO requests that [ISP] immediately contact the subscriber who was assigned the IP address at the date and time below with the details of this notice, and take the proper steps to prevent further downloading or sharing of unauthorized content and additional infringement notices.”

ISPs have absolutely no obligation to share these warning letters, and HBO cannot track the identity of the pirates illegally downloading and sharing episodes of Game of Thrones. Therefore, many believe that this method of attacking pirates will have a small impact on stopping the illegal sharing. However, HBO does reportedly have a backup plan to combat illegal downloader’s by delivering a mass of take-down notices to torrent websites.

Leading torrent websites such as KickassTorrents and Torrentz have both complied with this method and removed hundreds of links, but the smaller torrent websites are likely to ignore the requests. On the websites that have complied, the initiative has been surprisingly successful, with the most popular torrent releases for the first two episodes of Game of Thrones removed within minutes after they appeared online. The third episode is expected to be the same.

HBO’s partnership with Echelon has certainly produced some favorable results for HBO, but with more and more online piracy avenues opening up, and demand higher than ever, HBO’s fight against piracy is far from over.