Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Hackers Steal, Release New Netflix ‘Orange Is the New Black’ Episodes

    By
    Sean Michael Kerner
    -
    May 1, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Data breaches

      A hacker group known as “The Dark Overlord” leaked 10 upcoming episodes of Netflix’s original series Orange Is the New Black after allegedly breaching a third-party partner. The hacker group claimed that Netflix refused to pay a ransom before leaking the episodes online on April 29, warning that other media outlets will be next.

      In a statement sent to multiple media outlets on April 29, Netflix stated that it was aware of the situation.

      “A production vendor used by several major TV studios had its security compromised and the appropriate law enforcement authorities are involved,” Netflix stated.

      The New York Times reported that Larson Studios was the source of the breach. Larson Studios promotes itself as a full-service audio post-production company and works on many well-known Hollywood shows, including ABC’s Designated Survivor and CBS’ NCIS: Los Angeles. 

      Although the hacker group has claimed that Netflix did not pay the ransom, it’s not clear at this point if Netflix or its third-party audio production studio was the victim of a ransomware attack or just a simple attempt at extortion. In a ransomware attack, a hacker, after gaining access to a victim’s content, encrypts the data and demands a ransom in order to decrypt the content. Ransomware attacks have been a growing threat in recent years according to multiple vendor reports, including the recent 2017 Verizon Data Breach Investigations Report (DBIR), which identified a 50 percent year-over-year increase in attacks.

      Netflix isn’t the first media company to be attacked with some form of ransom demand. Sony was the victim of a ransomware attack in 2014 that led to the leak of the movie The Interview. In February 2015, Sony estimated the losses due to the ransomware cyber-attack at $35 million. The Sony attack, however, is substantively different from the one against Netflix, as it was a direct attack and not one made indirectly against a third-party partner.

      Netflix is somewhat different from Sony in other respects as well. Most notably, Netflix is a cloud-first organization, with nearly all of its technology and content delivered from the public cloud, as opposed to using its own data center assets.

      Netflix, however, isn’t just a user of the public cloud; it is also a cloud innovator, developing and releasing all manner of open-source software projects to help improve cloud deployments. Among Netflix’s open-source project’s is Security Monkey, which monitors Amazon Web Services (AWS) and Google Cloud Platform (GCP) accounts for policy changes and insecure configurations.

      Yet despite Netflix’s diligence in its own cloud security, it is now apparent that it wasn’t enough to stop hackers from stealing content. What must now be painfully obvious to Netflix (if it wasn’t before) is the simple truth that its security is only as strong as the weakest link—in this case, a third-party post-production audio mixing company.

      Although content development doesn’t follow the exact same model as software development, there are similar security concerns, as well as similar approaches that can be used to reduce risk. The idea that it is necessary to understand the risk of a distributed software supply chain is not a new one, with multiple vendors, including SecurityScorecard, in the market today with services to help rate the security of third-party vendors. There is also a broad open-source effort called in-toto that aims to enable a more secure software supply chain model that builds on security of The Update Framework (TUF) for secure software updates. 

      While the Orange Is the New Black leak is the latest high-profile example of risk in the distributed online development model, it likely won’t be the last.

      No one vendor or studio is an isolated island, and hackers will always find and target the weakest link to exploit victims. Security is a shared responsibility, with vendors, partners, end users and law enforcement all having a role to play. Hopefully in the weeks ahead, Hollywood studios big and small will be talking with their partners to take the necessary steps to limit risk.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×