What we can learn from Netflix, Disney’s dealings with hackers

In April, a hacker collective posted a message on Twitter claiming they had access to the fifth season of Netflix’s Orange is the New Black and threatened to leak the episodes if they didn’t get the ransom they demanded.

Netflix ignored them and a couple of days later the episodes appeared on popular torrent download sites. The collective, known simply as “thedarkoverlord,” made good on its threat. The entire season became available weeks ahead of its launch on Netflix — which debuted on June 9 — and Netflix’s refusal sent a very strong message: The company doesn’t give in to extortion.

That didn’t deter hackers from going after other networks. In the lead up to leaking the Orange is the New Black episodes, “thedarkoverlord” promised to go after other major networks and studios.

What may have seemed like a Twitter threat at the time has turned into a scary reality for networks. Then The Dark Overlord released the first eight episodes of ABC’s new, at the time unaired series Steve Harvey’s Funderdome through Pastebin, creating a backup file on The Pirate Bay in preparation for when the first batch of episodes were inevitably taken down.

Based on the information the group has been feeding people through their Twitter account and in occasional ransom notes, this wasn’t a quick thing. It’s not like they gained access to the series and decided to post it overnight. When The Dark Overlord first threatened Netflix, they also claimed to have episodes of series from the networks listed in the above tweet. It was just a matter of time, they said, until all of the episodes were leaked online — unless their demands were met.

On Pastebin, The Dark Overlord returned with another message — this time directed at the studios that ignored them the first time around.

“Time to play another round,” the group wrote. “We’re following through on our threats as we always do. We firmly believe that honesty and determination are the two most important factors of any business.

“If you prefer your meat bloody, we’re serving it bloody as can be.”

In just a little over a month, The Dark Overlord has become one of the biggest threats to entertainment. But who are they and where did they come from?

It didn’t start with entertainment

The Dark Overlord has been around for quite some time. Prior to targeting the entertainment industry, The Dark Overlord made a name for themselves by hacking into three American health care providers and stealing data on hundreds of thousands of patients. They later tried to sell the data for close to $100,000 on “the dark web,” according to the New York Times.

These type of attacks continued into 2017. The hacker took responsibility for an attack on the Little Red Door Cancer Services of East Central Indiana. Much like Netflix, the hackers demanded ransom for the data they collected — $47,000 worth of Bitcoin — but the company refused to pay.

Since then, The Dark Overlord hasn’t given up on the medical sector. Between threats to various networks and studios, they have also targeted other health databases and insurance companies, but their main focus for the time being seems to be on the entertainment industry.

The response, or lack thereof, from studio heads and network executives has sent a very clear message that they’re not going to play games with The Dark Overlord. In a statement from Netflix, CEO Reed Hastings said the company was aware of the situation, but wasn’t going to get involved.

“A production vendor used by several major TV studios had its security compromised and the appropriate law enforcement authorities are involved,” Hastings said.

Disney, who became the target of another threat unrelated to The Dark Overlord, had a similar response when it was rumored that one of its upcoming films had landed in the hands of hackers. Bob Iger, CEO of Disney, told employees in an internal memo that they were working with investigators but refused to pay, according to The Hollywood Reporter.

It’s clear that Hollywood isn’t going to waste time negotiating with The Dark Overlord, but the big question is still how they managed to gain access to the episodes in the first place.

Here’s how they may have done it

Based on what The Dark Overlord has leaked, all evidence points to Larson Studios Inc., an audio post-production studio in Hollywood. These types of third-party companies are used quite often by major studios. By the time the audio is laid over the video, the series or film is essentially finished, making it a prime target for hacking collectives like The Dark Overlord.

This has been an issue for quite time some. In the 2017 Secure Access Threat Report released a couple of months ago by American internet security firm, Bogmar, Sam Elliott, director of security product management, explained why these types of attacks are increasing.

It all comes down to oversight. These types of companies tend to use contractors and part-time employees who have access to highly sensitive materials. With people going in and out, often times using insecure passwords and portals for saving projects, it’s a goldmine for those who know how to breach a company’s security, specifically hacking collectives like The Dark Overlord.

“These individuals are one of the most treasured targets for hackers looking to infiltrate sensitive information because of their elevated level of access,” Elliot wrote.

Third-party editing studios, like Larson Studios Inc., are used around the country and studios have known for quite some time that they are vulnerable to digital piracy.

Vishal Gupta, CEO of data security form Seclore, said that although this kind of intellectual theft isn’t new, it’s interesting that The Dark Overlord is trying to get ransom from the networks themselves instead of offering up the data to the highest bidder — something the collective did with previous hacks.

“While it is unclear whether hacks of this nature will persist, considering studios have been reluctant to pay the ransom demanded, all organizations must keep the security of their intellectual property top of mind,” Gupta said. “Whether you’re a Hollywood production house, a defense contractor, or a research institute, having the correct data-centric security controls is essential to preventing yourself from becoming the next victim.”

The Dark Overlord is one of the more known collectives using these breaches to gain access to popular, unaired episodes from shows, but they’re not the only one. The rumored attack on Disney didn’t come from The Dark Overlord, but similar methods were reportedly used to gain access to those episodes.

What’s next?

Twitter has since suspended The Dark Lord, but that’s not where it ends.

Whether or not the networks want to admit it, they have a big problem on their hands. It all comes down to imposing more security and figuring out how to keep sensitive material behind better locked doors. In terms of what the affected networks are going to do, that remains to be seen.

Steve Harvey’s Funderdome premiered on June 11 on ABC.