Ken Westin, senior security analyst with Tripwire commented on the news that nearly half of ‘Game of Thrones‘ upcoming season has leaked online and explains why this isn’t a traditional hack:
Ken Westin, senior security analyst at Tripwire (www.tripwire.com):
After the Sony breach many are wondering if HBO may have been hacked and believe that could be the source of the leaked episodes. However, I believe this is not a traditional hack where HBO’s network was compromised, but an example of supply chain security in relation to data. There is a great deal of demand for Game of Thrones episodes as it has an incredible fan base so there is a great deal of motive to find and leak the material. The motion picture industry is compromised of multiple partnerships, no one studio does everything from beginning to end, things like effects, audio mastering, translation and subtitles and a whole host of other work may be farmed out to other entities.
The marketing process as well requires that “Screeners” be provided which are discs provided for people to review the movie or episodes before they are provided to the general public, either for awards considerations or other purposes. These screeners are watermarked and require a legal agreement not to share the material, however these watermarks can be found and blurred so they cannot be identified when movies are then leaked.
In many respects the same risks that a movie may go through mirrors that of customer data or other forms of intellectual property, where multiple parties may use the data and it can be passed around and accessed by many different parties. The more demand there is for a given type of data and the more people involved who have access to it the more likely it is to be compromised by a trusted insider.
Duo Security RSAC 2015 – Register to win a free Quadcopter
BIO : Ken is a Senior Security Analyst at Tripwire Inc, with 15 years of experience building and breaking things through the use/misuse of technology. His technology exploits and endeavors have been featured in Forbes, Good Morning America, Dateline, New York Times, The Economist and has won awards from MIT, CTIA, Oregon Technology Awards, SXSW, Entrepreneur and named in Portland Business Journal’s 2013 “40 Under 40”. He has worked with law enforcement and journalists utilizing various technologies to unveil organized crime rings, recover stolen cars, even a car jacking amongst other crimes.
About Tripwire
Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.