How Hollywood Got Hacked: Studio at Center of Netflix Leak Breaks Silence (variety.com)

← Back to Stories (view on slashdot.org)

How Hollywood Got Hacked: Studio at Center of Netflix Leak Breaks Silence (variety.com)

Posted by msmash on Wednesday June 21, 2017 @08:40AM from the how-it-all-unfolded dept.

Earlier this year, hackers obtained and leaked the episodes of TV show Orange Is the New Black. In a candid interview, Larson Studios' chief engineer David Dondorf explained how the audio post-production business allowed the hacker group to gain access to the Netflix original content. Dandorf says the company hired private data security experts to find how it was breached. The investigation found that the hacker group had been searching the internet for PCs running older versions of Windows and stumbled across an old computer at Larson Studios still running Windows 7. From the report: Larson's employees just didn't know all that much about it. Having a computer running an ancient version of Windows on the network was clearly a terrible lack of oversight, as was not properly separating internal servers from the internet. "A lot of what went on was ignorance," admitted Rick Larson. "We are a small company. Did we even know what the content security departments were at our clients? Absolutely not. I couldn't have told you who to call. I can now." It's a fascinating story about how the hacker group first made contact and tried to threaten Larson Studios' president and his wife, and how they responded. Worth a read.

16 of 79 comments (clear)

Min score:

Reason:

Sort:

Windows 7 is now considered old? by w1zz4 · 2017-06-21 08:43 · Score: 5, Insightful

i call this bullshit
1. Re:Windows 7 is now considered old? by omnichad · 2017-06-21 08:46 · Score: 5, Insightful
  
  No kidding. Especially if you're trying to run commercial-grade audio production software. Windows 7 doesn't mean a thing for security unless it's the original release without updates.
2. Re:Windows 7 is now considered old? by mjwx · 2017-06-21 09:01 · Score: 3, Insightful
  
  i call this bullshit
  Windows 7 is old, just not obsolete.
  
  Windows 7 was released in October 2009, which makes it almost 8. Windows XP was released in 2001 and didn't have a suitable successor until October 2009. By that time scale, Win7 is nearing the end of it's life. As long as M$ can create a decent OS after the abortion of Windows 8 and the ad-tastic Windows 10.
  
  In the terms of OS's, 8 is positively ancient. I remember using Android in 2009, anyone who didn't see the evolution of Android wouldn't believe it was the same OS compared to today. MS has kept it updated, but that doesn't change the fact that it was released many years ago.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
3. Re:Windows 7 is now considered old? by Hognoxious · 2017-06-21 09:08 · Score: 2
  
  Windows XP was released in 2001 and didn't have a suitable successor until October 2009.
  It's debatable whether it ever had one.
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
4. Re:Windows 7 is now considered old? by Desler · 2017-06-21 09:34 · Score: 3, Informative
  
  Windows 7 was released in October 2009, which makes it almost 8.
  Maybe if you've never updated it in those 8 years. On the other hand, my version of Windows 7 is running code that was just released probably only weeks ago.
  
  By that time scale, Win7 is nearing the end of it's life.
  
  Nope, it will continue to get security updates until 2020.
5. Re:Windows 7 is now considered old? by mea_culpa · 2017-06-21 09:45 · Score: 2
  
  No kidding. Especially if you're trying to run commercial-grade audio production software. Windows 7 doesn't mean a thing for security unless it's the original release without updates.
  Not only that, but it would have had to have been directly connected to the internet without a firewall for someone to "search the internet for computers running older versions of Windows"
  More fake news. Welcome to current_year.
6. Re:Windows 7 is now considered old? by arth1 · 2017-06-21 11:59 · Score: 3, Insightful
  
  Windows 7 is old, just not obsolete.
  It's mature, not old.
  As of May this year, Windows 7 has 49.5% market share, with Windows 10 only having 26.8%. If anything, that tells you that Windows 10 is immature, not that Windows 7 is old.
  TFA makes absolutely no sense. If they meant MacOS 7, I can understand it. But Windows 7 is still what pretty much every business has as standard, and the 26.8% Windows 10 users being mostly home users who either gave up on the GWX barrage and installed the downgrade, or have bought a new PC where it is pre-installed.
7. Re:Windows 7 is now considered old? by arth1 · 2017-06-21 12:04 · Score: 2
  
  "The company spent an estimated six figures on new security measures, some of which were recommended by the studios."
  Wow six figures. I guess they got a corporate Firewall?
  Six figures per year is what a security minded sysadmin costs. That's peanuts compared to what marketing and legal guys cost, and a much better investment.
Ancient version of Windows by viperidaenz · 2017-06-21 08:46 · Score: 5, Insightful

any by ancient, they mean supported until 2020
Takeaway: Blackmailers no longer reliable by SuperKendall · 2017-06-21 08:52 · Score: 4, Insightful

I actually read through the whole thing, and what I got out of it was that while paying off the ransom in the past used to result in the outcome you were paying for, you can no longer rely on that to be true.
So keep good backups and if you get hacked send the attackers the middle finger instead of bitcoin and just let them do whatever, but they can continue to do whatever fed by frozen 7-11 burritos instead of your hard-earned money.
I do think even after the ransom was paid, they should have let clients know what happened immediately... that is the other big learning point I'd hope other companies take away from this. People understand computers get hacked, they will be sympathetic towards you as long as you are very open about what happened and when and tell everyone as soon as you know.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:Takeaway: Blackmailers no longer reliable by dwywit · 2017-06-21 09:40 · Score: 3, Insightful
  
  All good thoughts, but they weren't hit with file-encrypting ransomware, they were hit by people who illegally copied new episodes of a show and threatened to leak said shows if ransom wasn't paid.
  
  --
  They sentenced me to twenty years of boredom
Ancient version of Windows? by QuietLagoon · 2017-06-21 08:54 · Score: 2

That alone puts the entirety of what the "private data security experts" say into question. Windows 7 is still fully supported with security patches. Until 2020. Now, if that had said that the computer was not up to date on patches, that would be a different story. So I have to ask, what problem is this security firm trying to divert attention away from with their apparently false diagnosis?
Fuck Windows 10 by sexconker · 2017-06-21 08:58 · Score: 2

This "article" is horseshit. Windows 7 is still supported and still receiving patches, despite Microsoft's efforts. It is not ancient.
Fuck you MS, and fuck Windows 10. Windows 10 has had nearly as many vulnerabilities as Windows 7 in recent months, and far more issues with the actual patches, driver updates, and the update process.
Ok, probably just say you took it up the ... by paravis · 2017-06-21 09:00 · Score: 3, Insightful

Instead of blaming it on an "ancient" version of Windows (by who's standards, I really don't know), they should probably just acknowledge the fact that one of their employees was more than likely surfing the net for porn and clicked a bad link. Of course, that would be totally embarrassing and would probably devalue the company or push away possible new clients. But come on ... Making the "president and his wife" out to be victims ... They put themselves in that situation by allowing the employees on their payroll to compromise their entire network through uncontrolled and insecure internet access. This has ABSOLUTELY NOTHING to do with Windows 7! My goodness ... How the heck is Windows 7 a "lack of oversight" ... Wouldn't a more appropriate attribute for lack of oversight be allowing their employees to compromise invaluable data? Ha. Blame it on the inanimate object ... Of course!
Post Production Studios Run Much Older Than 7 by un1nsp1red · 2017-06-21 12:05 · Score: 4, Interesting

Worked at a post-production facility in LA until last year. There's SO much specialized software still currently in use that just can't handle certain operating systems (or the company who made it has since disappeared and is no longer updating the software). We had several NT 4 machines still in use (again, this was in 2016). It wasn't about patching the OS -- there was no way to do it and keep certain necessary software working. Some of it was niche (mastering DVD images [yes, they're still making them]), but if it brings in a few hundred thousand a year, they're going to keep using it until the machines die and can't be resuscitated.
So? by BitztreamNotARealNam · 2017-06-22 15:35 · Score: 2

How's life in the hypocrite lane?