Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Television Windows Entertainment

How Hollywood Got Hacked: Studio at Center of Netflix Leak Breaks Silence (variety.com) 79

Earlier this year, hackers obtained and leaked the episodes of TV show Orange Is the New Black. In a candid interview, Larson Studios' chief engineer David Dondorf explained how the audio post-production business allowed the hacker group to gain access to the Netflix original content. Dandorf says the company hired private data security experts to find how it was breached. The investigation found that the hacker group had been searching the internet for PCs running older versions of Windows and stumbled across an old computer at Larson Studios still running Windows 7. From the report: Larson's employees just didn't know all that much about it. Having a computer running an ancient version of Windows on the network was clearly a terrible lack of oversight, as was not properly separating internal servers from the internet. "A lot of what went on was ignorance," admitted Rick Larson. "We are a small company. Did we even know what the content security departments were at our clients? Absolutely not. I couldn't have told you who to call. I can now." It's a fascinating story about how the hacker group first made contact and tried to threaten Larson Studios' president and his wife, and how they responded. Worth a read.
This discussion has been archived. No new comments can be posted.

How Hollywood Got Hacked: Studio at Center of Netflix Leak Breaks Silence

Comments Filter:
  • by w1zz4 ( 2943911 ) on Wednesday June 21, 2017 @03:43PM (#54664087)
    i call this bullshit
    • by omnichad ( 1198475 ) on Wednesday June 21, 2017 @03:46PM (#54664101) Homepage

      No kidding. Especially if you're trying to run commercial-grade audio production software. Windows 7 doesn't mean a thing for security unless it's the original release without updates.

      • No kidding. Especially if you're trying to run commercial-grade audio production software. Windows 7 doesn't mean a thing for security unless it's the original release without updates.

        Not only that, but it would have had to have been directly connected to the internet without a firewall for someone to "search the internet for computers running older versions of Windows"

        More fake news. Welcome to current_year.

    • by mjwx ( 966435 ) on Wednesday June 21, 2017 @04:01PM (#54664207)

      i call this bullshit

      Windows 7 is old, just not obsolete.

      Windows 7 was released in October 2009, which makes it almost 8. Windows XP was released in 2001 and didn't have a suitable successor until October 2009. By that time scale, Win7 is nearing the end of it's life. As long as M$ can create a decent OS after the abortion of Windows 8 and the ad-tastic Windows 10.

      In the terms of OS's, 8 is positively ancient. I remember using Android in 2009, anyone who didn't see the evolution of Android wouldn't believe it was the same OS compared to today. MS has kept it updated, but that doesn't change the fact that it was released many years ago.

      • Windows XP was released in 2001 and didn't have a suitable successor until October 2009.

        It's debatable whether it ever had one.

      • by Anonymous Coward

        Windows is old, and obsolete.

        FTFY :-D

      • Re: (Score:3, Informative)

        by Desler ( 1608317 )

        Windows 7 was released in October 2009, which makes it almost 8.

        Maybe if you've never updated it in those 8 years. On the other hand, my version of Windows 7 is running code that was just released probably only weeks ago.

        By that time scale, Win7 is nearing the end of it's life.

        Nope, it will continue to get security updates until 2020.

      • ...Windows 7 is old, just not obsolete....

        In spite of your failed attempt to justify the article, I still note that you've still not, and neither has the article, pointed to an underlying cause for Windows 7 being considered "insecure" in this instance. I still am of the opinion that there was another cause that allowed the break-in, one that is too embarrassing to reveal.

        • by mjwx ( 966435 )

          ...Windows 7 is old, just not obsolete....

          In spite of your failed attempt to justify the article, I still note that you've still not, and neither has the article, pointed to an underlying cause for Windows 7 being considered "insecure" in this instance. I still am of the opinion that there was another cause that allowed the break-in, one that is too embarrassing to reveal.

          In spite of your failed attempt to read my post, I wasn't, in fact I said MS were keeping Windows 7 updated.

          I never said Windows 7 was inherently insecure, I said it's been almost 8 years since it's release (RTM was Oct 09). The article implied the systems were insecure, but I read that as unpatched. And yes, a Win7 box that is not up to date is insecure. Same as a Win 10, Linux or Mac box that isn't kept up to date.

      • by arth1 ( 260657 ) on Wednesday June 21, 2017 @06:59PM (#54665087) Homepage Journal

        Windows 7 is old, just not obsolete.

        It's mature, not old.
        As of May this year, Windows 7 has 49.5% market share, with Windows 10 only having 26.8%. If anything, that tells you that Windows 10 is immature, not that Windows 7 is old.

        TFA makes absolutely no sense. If they meant MacOS 7, I can understand it. But Windows 7 is still what pretty much every business has as standard, and the 26.8% Windows 10 users being mostly home users who either gave up on the GWX barrage and installed the downgrade, or have bought a new PC where it is pre-installed.

        • by mjwx ( 966435 )

          Windows 7 is old, just not obsolete.

          It's mature, not old.

          Pretty much what I meant. However I think the article has been quoted out of context. When I read "old version of Windows" I usually read that as one that is not up to date with patches. Very few bad vulnerabilities hit with no warning. Wannacry for example, patches were out for months before that hit. Long enough for any semi-competent attempt at patch management to get it deployed to production at the very least.

          Most drive-by infections can be avoided simply by keeping your OS and software up to date (

    • by ark1 ( 873448 )
      We have to read between the lines. By old they mean "we installed it a few years ago and never bother with this patching thing". My question is why was a Windows 7 box exposed directly Internet? Was it acting as a server? Something like an FTP? Also this made me smile:

      "The company spent an estimated six figures on new security measures, some of which were recommended by the studios."

      Wow six figures. I guess they got a corporate Firewall?
      • by arth1 ( 260657 )

        "The company spent an estimated six figures on new security measures, some of which were recommended by the studios."

        Wow six figures. I guess they got a corporate Firewall?

        Six figures per year is what a security minded sysadmin costs. That's peanuts compared to what marketing and legal guys cost, and a much better investment.

      • by Cederic ( 9623 )

        why was a Windows 7 box exposed directly Internet

        Because it was supporting a business that doesn't have extensive expertise in IT security and was unaware of the business risks that this created.

        They're now aware.

        I'd still like the Dark Overlord to be tracked down and invited to retain that name in jail.

    • This is a "social engineering" article. The intent is to change perception. In this case, the idea is that you should be on Windows 10 so that there is no ability for you to escape having your internal dialogue be monitored as well as can be done through an operating system.

      In other words, the "content" of the article (what it is ostensibly about) is actually irrelevant. What is relevant is that the public's perception of Windows 7 is altered, even if just by a little. I see this a lot. There is a LOT of s

  • by viperidaenz ( 2515578 ) on Wednesday June 21, 2017 @03:46PM (#54664099)

    any by ancient, they mean supported until 2020

  • by SuperKendall ( 25149 ) on Wednesday June 21, 2017 @03:52PM (#54664137)

    I actually read through the whole thing, and what I got out of it was that while paying off the ransom in the past used to result in the outcome you were paying for, you can no longer rely on that to be true.

    So keep good backups and if you get hacked send the attackers the middle finger instead of bitcoin and just let them do whatever, but they can continue to do whatever fed by frozen 7-11 burritos instead of your hard-earned money.

    I do think even after the ransom was paid, they should have let clients know what happened immediately... that is the other big learning point I'd hope other companies take away from this. People understand computers get hacked, they will be sympathetic towards you as long as you are very open about what happened and when and tell everyone as soon as you know.

    • by Anonymous Coward
      I would find an ex-military type just out of prison without much money and offer him/her a bunch of money to find the blackmailers and make the problem 'disappear' ... no questions asked.

      If I was really lucky, it would be a group of 4 guys, one older grey haired leader dude who is a tactical genius, one crazy pilot, one huge black guy wearing tons of gold, and one con artist...
    • by Anonymous Coward

      Reminds me of the argument that double-crossers ironically are doing the most good possible in that segment of the underworld. Sure law enforcement can chase down ransomers but there are multitudes out there to replace them who think 'they won't be so stupid that they'll get caught'. And given their numbers it doesn't even matter if they are right or not.

      However double-crossers what they do is destroy that sordid ecosystem. First they take down vulnerable targets before they can get ransomed and get it thro

    • by dwywit ( 1109409 ) on Wednesday June 21, 2017 @04:40PM (#54664407)

      All good thoughts, but they weren't hit with file-encrypting ransomware, they were hit by people who illegally copied new episodes of a show and threatened to leak said shows if ransom wasn't paid.

      • Same difference really, I just put in the but about the backups in case it was the ransomware kind of attack - which it easily could have been.

        Even if it's not ransomeware though, after a hack like this you have to assume that the hackers may have well inserted some content just for the LOLs. SO you'd want to either inspect it super carefully or roll back (or both).

        • by lgw ( 121541 )

          No one has done anything for the LOLs, or even the lols, for 10+ years. You do it for the keks [youtube.com] these days. Do try to keep up with the kids on your lawn.

          • To the contrary; I am on the cutting edge of resurgence of the term. All things come around again in time.

            Also there are no kids on the lawn because I had long ago replaced it with xeriscaping... I sit in a pocket outside time itself, and the world keeps up with me.

    • by sl3xd ( 111641 )

      So keep good backups and if you get hacked send the attackers the middle finger instead of bitcoin and just let them do whatever

      Agreed. Because you have zero assurance that they'll do anything except take your money and release the data anyway.

      It's not unlike when kidnappers ransom somebody, take the money, and then kill the victim.

  • by QuietLagoon ( 813062 ) on Wednesday June 21, 2017 @03:54PM (#54664151)
    That alone puts the entirety of what the "private data security experts" say into question. Windows 7 is still fully supported with security patches. Until 2020. Now, if that had said that the computer was not up to date on patches, that would be a different story. So I have to ask, what problem is this security firm trying to divert attention away from with their apparently false diagnosis?
  • It is more human interest general interest piece. Other than the fact the hack happened via a Windows7 machine that was on the network unbeknownst to the company, there is no info about the technical details of the hack. The attack vector, whether anyone clicked on a spearphish etc. No details at all
    • It's in Variety. You expect an entertainment magazine to understand and report on the technical details? They'd get them wrong anyway.

      From the sounds of it, the hacker group was simply port scanning and got lucky in finding that Windows 7 box that had a hole. Once on that machine, they had complete access to the internal network.

      • They had a win7 machine exposed to the net? And it took the hackers this long to find it? Back when I was playing apache server at home, I exposed one port to the net, UDP, nothing standard, some random port I wanted to test. It was hit by probes within 10 minutes. That was 8 years ago.

        It is not simply having a win7. Someone did something dumb. Click on something or opened a booby trapped file.

  • by sexconker ( 1179573 ) on Wednesday June 21, 2017 @03:58PM (#54664179)

    This "article" is horseshit. Windows 7 is still supported and still receiving patches, despite Microsoft's efforts. It is not ancient.
    Fuck you MS, and fuck Windows 10. Windows 10 has had nearly as many vulnerabilities as Windows 7 in recent months, and far more issues with the actual patches, driver updates, and the update process.

    • by phorm ( 591458 )

      "Windows 7 is still supported and still receiving patches"

      I do question the latter on a lot of win7 systems, as there seems to be a bug with the updater where at some point it just chokes and refuses to install further updates without manual installation of certain intermediate patches. I've seen this on longer-running win7 systems as well as a fresh-from-disc install, where the updater can sit overnight and still not manage to install a single patch.

      Now this might not be the case with corporate hosts using

      • Windows Update on Windows 7 simply doesn't work if you don't have enough RAM. There's a hotfix for it.
        Even with the hotfix and plenty of RAM, typical behavior is for Windows Update on a fresh install is to fail or just hang on "checking for updates". At that point you can shutdown the service and start it up again, or just reboot, and then check for updates again. I don't remember the last time I had to deal with it (probably around 2 years ago), but the update service eventually completes. The detectio

      • by wbo ( 1172247 )
        That typically only occurs if the machine hasn't been updated in quite some time or is far behind on updates for some reason (such as a fresh install). There are updates to the Windows Update service that attempt to address most of these but the client still requires a large amount of memory and CPU time when processing a large number of pending updates.

        The best thing to do when you encounter such a system is to manually download and install the latest convince rollup which includes most updates up to t
  • by paravis ( 4999401 ) on Wednesday June 21, 2017 @04:00PM (#54664193)
    Instead of blaming it on an "ancient" version of Windows (by who's standards, I really don't know), they should probably just acknowledge the fact that one of their employees was more than likely surfing the net for porn and clicked a bad link. Of course, that would be totally embarrassing and would probably devalue the company or push away possible new clients. But come on ... Making the "president and his wife" out to be victims ... They put themselves in that situation by allowing the employees on their payroll to compromise their entire network through uncontrolled and insecure internet access. This has ABSOLUTELY NOTHING to do with Windows 7! My goodness ... How the heck is Windows 7 a "lack of oversight" ... Wouldn't a more appropriate attribute for lack of oversight be allowing their employees to compromise invaluable data? Ha. Blame it on the inanimate object ... Of course!
  • Article says "on premise" when they meant "on premises."
    I had to stop reading right there..
    • Yeah, because that's what's wrong with this article.

    • by Cederic ( 9623 )

      No, they meant 'on premise'. It's a valid term in common usage and helps immediately in classifying IT infrastructure.

      Some people shorten it to 'on prem', if you really want to twang your knicker elastic.

  • by un1nsp1red ( 2503532 ) on Wednesday June 21, 2017 @07:05PM (#54665129) Homepage
    Worked at a post-production facility in LA until last year. There's SO much specialized software still currently in use that just can't handle certain operating systems (or the company who made it has since disappeared and is no longer updating the software). We had several NT 4 machines still in use (again, this was in 2016). It wasn't about patching the OS -- there was no way to do it and keep certain necessary software working. Some of it was niche (mastering DVD images [yes, they're still making them]), but if it brings in a few hundred thousand a year, they're going to keep using it until the machines die and can't be resuscitated.
    • Realistically, there are many, many companies running industrial control systems on Windows PCs older than Windows 7. The issue with this group's management is that they made a decision, whether conscious or unconscious, to not spend an appropriate amount of resources on their network's security. When I refer to resources, I mean security software/hardware and either a cybersecurity consultant or a dedicated staff member with appropriate experience and credentials. Their bid to produce the show to Netflix s
      • Our shop was going the route of 'calculated risk.' We actually had annual security audits by the MPAA and a couple other certification organizations and they would lie and cheat their way through it. For example, every workstation had to have an 'email machine' which had internet access, but could not access internal resources. The other was their 'work machine' that was supposed to have access to the SAN, but *not* the internet. On the day of the audit, they'd just put a bogus proxy address in Safari (wa
  • ...someone at Microsoft's marketing department saw an opportunity here?

Be sociable. Speak to the person next to you in the unemployment line tomorrow.

Working...