[ISN] Paranoid Hollywood Wracked by Hack Attacks

From: InfoSec News (isnat_private)
Date: Thu Aug 09 2001 - 05:13:40 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, August 8, 2001"

    Wednesday August 8, 2001
    By Marc Graser
    HOLLYWOOD (Variety) - Over the past few weeks, a young Brit named
    James Sinclair sat at his computer and watched dailies from Steven
    Spielberg's upcoming ``Minority Report,'' pored over client files of a
    major talent agency and studied internal emails, deal memos and film
    slates from several major studios.
    All this information -- considered top secret -- was easily swiped
    from the companies via the Internet. And it's available to anyone with
    a computer and knowledge of which Web site to log onto or computer
    network to hack into.
    Forget about the occasional movie being leaked onto the Web or about
    the thousands of music files available on services like Napster.
    Hollywood is experiencing the revelation that everything it saves on a
    computer is available to prying eyes at any time. Nothing is safe.
    Paranoia is running rampant.
    Through legal (and freely accessible) software, anyone with a computer
    and an Internet connection can enter studio databases containing the
    most private information.
    Recent breaches have allowed hackers to exchange: rough cuts of Warner
    Bros.' ``Ocean's 11'' and Columbia Pictures' Jet Li actioner ``The
    One''; emails among executives at Warner Bros. TV; scripts transferred
    from production companies such as Bruckheimer Films; databases at
    agencies like Creative Artists Agency, Endeavor and William Morris;
    personal records at law corporations and accounting offices; and
    digitally stored media at New Line and VDI Multimedia.
    And those are just the few that have become public among the inner
    circle of Hollywood hackers. It's only a matter of time before the
    content that's stolen hits more public sites such as
    http://www.trackerfrog.com and other free-stuff online communities.
    Sinclair is part of that geek group. The 21-year-old president and
    chief technology officer of Global Network Security Services, along
    with his 24 staffers, are hired by entertainment companies to
    penetrate their computer networks and discover just how vulnerable
    their systems are.
    Sinclair and several other similar computer network security companies
    are looking to protect Hollywood's secrets. But hundreds of thousands
    of hackers across the world, not to mention studio and agency rivals,
    are not so benevolent.
    Showbiz is already paranoid about piracy, which costs companies in
    every business sector $1 trillion in damages annually. The film
    industry is losing $2.5 billion a year to piracy, the Motion Picture
    Assn. of America reports. The music industry is losing an additional
    $4.1 billion per year.
    Those numbers are expected to grow, as the entertainment industry
    expands into digital film projection and launches online music
    services and video-on-demand offerings.
    Showbiz is painfully aware of the world of institutionalized piracy:
    organized people who steal copyrighted material. But this new threat
    comes from freelancers, who are widening their scope. Hackers have
    discovered that they can earn valuable tradeoffs for a hot internal
    Hollywood memo or a movie. In exchange for their showbiz info, hackers
    often are given stolen credit card numbers to use. It's only a matter
    of time before content is sold for hard cash.
    Besides money, there are other motives. An agent, for example, can tap
    into the deal memos of a rival firm. Then he can call an actor and
    say, ``I know you got $3 million for your last film; we could have
    gotten you $4 million.''
    The biggest threat comes from money-hungry professionals. And company
    employees are increasingly to blame.
    Sinclair's company recently discovered that a new staffer at a large
    Hollywood lab, which processes and converts film footage to digital
    dailies, was taking footage home. His roommate was then uploading it
    to the Web.
    ``Most companies do not realize that 90% of the attacks performed on
    the systems they try so hard to protect are the result of inside
    jobs,'' Sinclair says.
    Naturally, no studio, agency, record label, law firm or post house
    wants to admit that its computers are vulnerable. And with hackers
    often leaving little to no trace that they ever infiltrated a network,
    few people even know they were victimized.
    ``This is a new problem,'' Sinclair says. ``It's only four years old.
    Companies don't think anything's wrong, so they're not taking the
    problem of piracy all that seriously.''
    The biz operates on a computer network that's shockingly easy to
    penetrate. That's because inhouse teams of IT staffers are using
    off-the-shelf software to set up ``firewalls,'' which protect a
    company's internal network from the Internet and outsiders -- but once
    the old codes are cracked, the software isn't updated. And firewalls
    don't protect a company from employees trying to distribute content
    from the inside.
    Companies like GNSS and several other startups on both coasts,
    including Atomic Tangerine, Vigilinx and iDefense, offer the security
    services that the internal IT gurus are opting not to provide -- the
    updates and patches to make sure firewalls remain secure, as well as
    individuals to monitor the activity on a network and locate intruders.
    Helping stave off Hollywood's hacking horror may be the fact that one
    movie still must be broken up into 12 segments that need to be
    downloaded two hours at a time. The industry's misconception is that
    much of the material is going straight to public Web sites or online
    ventures such as Napster. Not so.
    Instead, the material is traded on the Internet's underground
    collection of FTP computer servers. These are a series of
    file-swapping sites, ruled by an underworld of hackers and often never
    seen by the public. Would-be hackers can simply log on and get a list
    of what's available.
    Sinclair is a chatty Londoner who recently transplanted to Hollywood.
    He and his staff are housed in a wired warehouse near the Paramount
    lot -- a room full of freaks and geeks who are trying to battle the
    foreign digerati trying to invade the biz.
    Sinclair is assembling a coalition of industryites -- including Warner
    Bros., the William Morris Agency and MGM -- to create a set of
    standards that the MPAA and its member companies can adopt in order to
    speed up the tracking and to prevent the illegal distribution of
    copyrighted files over the Internet.
    Says Sinclair: ``Right now, the MPAA spends more time writing
    cease-and-desist letters than trying to recover the files being
    illegally distributed and stopping the distribution at the source. By
    the time they react, it's too late. The file that's been stolen is
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 08:15:11 PDT