Epic hacker fail: An exclusive look at the Netflix hack with ESET
This week news broke of a hacker’s bold attempts to extort Netflix for ransom, after they claimed to release several episodes of the popular TV series Orange is the New Black.
We had a quick chat with ESET’s senior research fellow Nick Fitzgerald for an expert's perspective on what the Netflix hack means for the future of streaming networks - will it see the downfall of some of the world’s most powerful legal streaming websites?
“Predicting the directions cybercriminals will turn next is a pretty thankless task, but whether we see this kind of thing happen more in future will depend on how victims react,” he says.
In the Netflix example, they didn’t pay the ransom - so at least the hackers didn’t get rich for their efforts. While promising, it doesn’t necessarily mean other streaming networks will do the same.
“The cybercriminals behind this leak claim to also have other unreleased content. If any of that is for release on more traditional broadcast media, the content owner or broadcaster may be more likely to pay up,” he explains.
He points out that the 2014 Sony Pictures hack is another example of how hackers try to control media releases - in that instance the hacker tried to prevent the release of ‘The Interview’ by threatening to release confidential data.
Both the Sony and Netflix hack are examples of what Fitzgerald calls ‘doxware’ - in which hackers hold sensitive data hostage until the victim pays the ransom. It’s similar to ransomware but it goes a step further by hacking and threatening to release confidential data.
“When potentially dox’ing a movie or TV studio, it might seem obvious to target unreleased content, but as this case shows, Netflix’s distribution model may mean that such content is not such an effective target,” he says.
The Sony hack used traditional doxing methods because the hacker released some of the information to prove they were serious.
“Sometimes, more material is released if the ransom demand is not met. This happened in the Sony Pictures case, as it did in the Ashley Madison hack, where the victim company also did not accede to the attacker’s demands and their entire user database was released,” he points out.
So with companies such as Netflix offering cheap and high-quality films and TV series against the deluge of torrent sites that distribute malware-filled copies, does this mean that a lack of interest in the leaked episodes be a good or a bad thing for piracy?
FitzGerald cites stats from Sandvine, which found that between 2011 and 2016 BitTorrent’s share of daily internet traffic in North America dropped from 23% to less than 5%.
“To me, Netflix’s unwillingness to pay the ransom, and the subsequent lack of outrage over the leak, cements the newfound power of streaming services over pirated content,” he says.
He adds that although 10 out of the 13 episodes of Orange Is The New Black have been leaked, Netflix will officially release the series in the next month.
Die-hard TV and movie pirates will no doubt be happy, but will novice pirates go to the trouble of locating and downloading this content? Given the reputation of torrented content as a hotbed of malware and other nasties, probably not,” he says.
He understands that the leaked episodes are only in 720p, have audio errors and image quality issues.
“Netflix will be releasing it in full 4K HDR – I know which I’d prefer to watch!”