How did HBO get hacked? A cyber security expert has two theories

game of thrones
Helen Sloan/HBO
Hackers recently absconded with 1.5 terabytes of data from HBO, and have since leaked unaired episodes of Ballers, Room 104, and Game of ThronesHBO says it has been looking into the hack since it was discovered, but few conclusive details are known. So Digital Trends sought answers; we asked a cybersecurity expert exactly how the HBO hack could have happened.

The answers aren’t pretty.

Roderick Jones is the founder of cybersecurity and privacy firm Rubica, and has been involved in cybersecurity for more than 15 years. Before he was helping Ashton Kutcher keep his data secure, he was a member of Scotland Yard’s Special Branch focusing on international counterterrorism. The cyberattacks he dealt with during his time on Special Branch are classified, but Jones does say he was involved with protecting a prominent British cabinet member.

hbo hack explained roderick jones cyber security expert
Roderick Jones

“The entertainment industry is probably five or six years behind where it needs to be,” Jones told us. He claims one movie studio had no cybersecurity before he helped out, following the massive Sony Pictures hack in 2014. The damage these hacks can cause are no joke — but the entertainment industry’s security is laughable.

Jones says hackers are usually in a system for months and believes the HBO situation may have followed the same pattern. Here’s how the biggest hack in HBO history probably happened.

H-B-Old

Jones’s primary theory: The entire hack was possible because HBO uses old tech to house its content. “The Wannacry attack, the ransomware that kind of shut down the health service in Britain? That was targeted at an old Windows system,” Jones said. “That has created a vulnerability for HBO. I would say that’s probably a certainty, because that’s where the weaknesses are.”

“The entertainment industry is probably five or six years behind where it needs to be.”

Windows has been a gateway for hackers to enter the entertainment industry’s computer systems as of late. The malware used in the infamous 2014 hack of Sony Pictures targeted and manipulated Windows management tools.

And Netflix lost 10 episodes from Orange Is The New Black‘s fifth season this year because the episodes were on servers running Windows 7. Larson Studios, the post-production company that was hacked, claims the perps weren’t even looking for the show, just computers running Windows.

After the first four episodes of Game of Thrones’ fifth season leaked before the season premiere in 2015, HBO announced it would have critics stream advance episodes online, instead of the company sending DVDs. Stopping opportunistic TV critics is one thing, but preventing sophisticated hackers from entering your system is more complicated for entertainment companies.

hbo hack explained international bbanks and businesses in bucharest

“People think you can just flick a switch and say ‘oh, I’ll have cybersecurity.’ It just doesn’t work like that, because the machines they have running all of this content are going to be legacy systems. You just can’t do it overnight,” said Jones.

This is when things could get personal.

If it wasn’t Windows, it was this

Jones’s secondary theory is the hackers targeted individual employees. Even if HBO keeps all of its files and internal documents behind heavily encrypted security, it likely doesn’t extend that level of security to each individual employee.

The damage these hacks can cause are no joke, yet the entertainment industry’s security is laughable.

“If you’re a senior executive at one of these companies you probably have some security when you’re sitting in the office at the company. But not when you go home,” Jones asserted. “The hackers understand, ‘I’ll just wait for you to go home. Or I’ll wait until you get a cup of coffee from around the corner of the movie studio.'”

This method of attack could be the culprit; Variety reported hackers appear to have accessed the personal info of an HBO senior executive. Some of the information stolen may have given the hackers access to the executive’s work email, according to reports.

Jones said that very access could do HBO exponentially worse damage than leaked Game of Thrones episodes. “The financial damage is not through leaked episodes of Games of Thrones. It’s through details, emails between staff, all of the mechanics of the business.”

Trouble ahead

Verizon acquired Yahoo earlier this year for $350 million less than originally reported, following a disclosure by Yahoo that 32 million email accounts were hacked. AT&T agreed to acquire HBO parent company Time Warner for $85.4 billion in October 2016. With a Department of Justice investigation slowing the deal’s finalization, this hack could lead to AT&T lowering its offer or even potentially walking away from the deal. Entertainment deals are big business, in other words — and hacking is having a big effect on them.

Sony had 200 gigabytes of data stolen in 2014, and thousands of incriminating emails were released, including racially insensitive messages from Amy Pascal, co-chair of Sony Pictures Entertainment. Pascal resigned as head of Sony Pictures shortly after the emails became public. This time, hackers have obtained nearly six times as much data from HBO and are preparing to leak information every week.

If history repeats itself, HBO may never be the same again. Winter really is here.

Cars

Tesla Model 3 vulnerability exposed at Pwn2Own; hackers take home the car

A Tesla Model 3 vulnerability was exposed at the Pwn2Own hacking competition. The hackers, who were able to display a message on the electric vehicle's internet browser, won $35,000 and took home the car.
Podcasts

Stranger Things 3 trailer, Deadwood movie, Bill and Ted return

On this week's show, we've got a ton of new trailers to discuss, from HBO's Deadwood revival to the first look at Tarantino's Once Upon a Time in Hollywood. We'll also discuss Netflix's interactive TV show starring Bear Grylls and more!
Movies & TV

HBO’s Deadwood movie rustles up a trailer and a release date

This spring, HBO's long-awaited Deadwood movie will explore what happened 10 years after the events of HBO's award-winning drama, giving the series a finale 13 years after the show was canceled.
Home Theater

Here’s what’s new on HBO and what’s leaving in April 2019

Whether you're a cable lifer or a staunch cord cutter, there's never been a better time to get down with premium TV. April 2019 brings Game of Thrones season 8, BlacKkKlansman, and Crazy Rich Asians to HBO.
Movies & TV

The best new movie trailers: Deadwood, John Wick 3, Shazam, and more

Everyone loves a good trailer, but keeping up with what's new isn't easy. That's why we round up the best ones for you. This week, it's new trailers for John Wick: Chapter 3, Deadwood, Shazam!, and Once Upon a Time in Hollywood.
Movies & TV

Best new shows and movies to stream: Cold War, Shoplifters, and more

Need something to watch this weekend? Check out our list of the best new shows and movies to stream right now. On the list this week: Cold War follows a tragic romance, The Inventor examines a famous fraud case, and more.
Business

Jordan Peele’s Us knocks off Captain Marvel with record-breaking opening weekend

Oscar-winning filmmaker Jordan Peele's horror movie Us crushed early estimates for its opening weekend with a $70.2 million premiere that made it one of the highest-grossing original, live-action movies of all time.
Movies & TV

Apple teases Monday’s big event with an early look into Steve Jobs Theater

Apple is gearing up for a big event on Monday where it's expected to unveil a video-streaming service. But more than 12 hours before it starts, the company has apparently already cranked up the event's livestream ...
Movies & TV

Apple’s next big event is minutes away: Here’s what you can expect

Apple's next big event takes place on March 25 in Cupertino, California. The company is expected to make several announcements related to its services, including Apple TV, so follow our guide to get ready for the big event.
Apple

Apple’s Netflix competitor Apple TV Plus headlines a barrage of new services

Apple's It's Show Time event in Cupertino, California, is officially over, with the tech giant announcing a new video-streaming service to compete with Netflix and Amazon, a new way to subscribe to paid news outlets, and more.
Movies & TV

Apple TV Plus streaming service recruits Hollywood A-listers to take on Netflix

Apple has an ambitious slate of original programming it has been developing, and now we know where we'll be able to see it. Apple confirmed its new subscription service, Apple TV Plus, and revealed some of the projects it will air.
Home Theater

Apple’s new TV app: All of your shows, on (almost) every device you own

Apple is updating its TV App into a truly cross-platform one-stop shop for all of your movies and TV shows. It will appear on smart TVs and devices from Roku and Amazon, but there are still questions about features and price.
Home Theater

From the Roku Ultra to the Fire TV Cube, these are the best streaming devices

There are more options for media streamers than ever, so it’s more difficult to pick the best option. But that’s why we're here. Our curated list of the best streaming devices will get you online in no time.
Home Theater

Yesterday’s Apple event was a whiplash-inducing parade of copycat services

Apple showed off a massive barrage of news, streaming, and gaming bundles at its Showtime event aimed at boosting its services and adding more revenue. But while the services are big on celebrities, they appear short on innovation.