Skip to main content
  1. Home
  2. Entertainment
  3. Computing
  4. Features

How did HBO get hacked? A cyber security expert has two theories

Add as a preferred source on Google

Hackers recently absconded with 1.5 terabytes of data from HBO, and have since leaked unaired episodes of Ballers, Room 104, and Game of ThronesHBO says it has been looking into the hack since it was discovered, but few conclusive details are known. So Digital Trends sought answers; we asked a cybersecurity expert exactly how the HBO hack could have happened.

The answers aren’t pretty.

Recommended Videos

Roderick Jones is the founder of cybersecurity and privacy firm Rubica, and has been involved in cybersecurity for more than 15 years. Before he was helping Ashton Kutcher keep his data secure, he was a member of Scotland Yard’s Special Branch focusing on international counterterrorism. The cyberattacks he dealt with during his time on Special Branch are classified, but Jones does say he was involved with protecting a prominent British cabinet member.

Roderick Jones Image used with permission by copyright holder

“The entertainment industry is probably five or six years behind where it needs to be,” Jones told us. He claims one movie studio had no cybersecurity before he helped out, following the massive Sony Pictures hack in 2014. The damage these hacks can cause are no joke — but the entertainment industry’s security is laughable.

Jones says hackers are usually in a system for months and believes the HBO situation may have followed the same pattern. Here’s how the biggest hack in HBO history probably happened.

H-B-Old

Jones’s primary theory: The entire hack was possible because HBO uses old tech to house its content. “The Wannacry attack, the ransomware that kind of shut down the health service in Britain? That was targeted at an old Windows system,” Jones said. “That has created a vulnerability for HBO. I would say that’s probably a certainty, because that’s where the weaknesses are.”

“The entertainment industry is probably five or six years behind where it needs to be.”

Windows has been a gateway for hackers to enter the entertainment industry’s computer systems as of late. The malware used in the infamous 2014 hack of Sony Pictures targeted and manipulated Windows management tools.

And Netflix lost 10 episodes from Orange Is The New Black‘s fifth season this year because the episodes were on servers running Windows 7. Larson Studios, the post-production company that was hacked, claims the perps weren’t even looking for the show, just computers running Windows.

After the first four episodes of Game of Thrones’ fifth season leaked before the season premiere in 2015, HBO announced it would have critics stream advance episodes online, instead of the company sending DVDs. Stopping opportunistic TV critics is one thing, but preventing sophisticated hackers from entering your system is more complicated for entertainment companies.

Image used with permission by copyright holder

“People think you can just flick a switch and say ‘oh, I’ll have cybersecurity.’ It just doesn’t work like that, because the machines they have running all of this content are going to be legacy systems. You just can’t do it overnight,” said Jones.

This is when things could get personal.

If it wasn’t Windows, it was this

Jones’s secondary theory is the hackers targeted individual employees. Even if HBO keeps all of its files and internal documents behind heavily encrypted security, it likely doesn’t extend that level of security to each individual employee.

The damage these hacks can cause are no joke, yet the entertainment industry’s security is laughable.

“If you’re a senior executive at one of these companies you probably have some security when you’re sitting in the office at the company. But not when you go home,” Jones asserted. “The hackers understand, ‘I’ll just wait for you to go home. Or I’ll wait until you get a cup of coffee from around the corner of the movie studio.'”

This method of attack could be the culprit; Variety reported hackers appear to have accessed the personal info of an HBO senior executive. Some of the information stolen may have given the hackers access to the executive’s work email, according to reports.

Jones said that very access could do HBO exponentially worse damage than leaked Game of Thrones episodes. “The financial damage is not through leaked episodes of Games of Thrones. It’s through details, emails between staff, all of the mechanics of the business.”

Trouble ahead

Verizon acquired Yahoo earlier this year for $350 million less than originally reported, following a disclosure by Yahoo that 32 million email accounts were hacked. AT&T agreed to acquire HBO parent company Time Warner for $85.4 billion in October 2016. With a Department of Justice investigation slowing the deal’s finalization, this hack could lead to AT&T lowering its offer or even potentially walking away from the deal. Entertainment deals are big business, in other words — and hacking is having a big effect on them.

Sony had 200 gigabytes of data stolen in 2014, and thousands of incriminating emails were released, including racially insensitive messages from Amy Pascal, co-chair of Sony Pictures Entertainment. Pascal resigned as head of Sony Pictures shortly after the emails became public. This time, hackers have obtained nearly six times as much data from HBO and are preparing to leak information every week.

If history repeats itself, HBO may never be the same again. Winter really is here.

Keith Nelson Jr.
Former Staff Writer, Entertainment
Keith Nelson Jr is a music/tech journalist making big pictures by connecting dots. Born and raised in Brooklyn, NY he…
Spotify’s new conversational AI can play tracks you request and answer your music questions
A ChatGPT-like AI feature is coming to Spotify for music requests and listening-history questions
spotify

Spotify is rolling out a new AI-powered conversational feature that lets Premium users talk directly to the app about what they want to hear. Users can type or speak a request and refine the results through follow-up questions instead of manually searching for a song, podcast, or audiobook.

The feature is available from Spotify’s Home and Now Playing screens and works much like a personal audio assistant. It can choose what plays, answer questions about the current track or album, recommend something new, and look through your listening history to provide more personalized responses.

Read more
Christopher Nolan’s personal take on smartphones is surprisingly practical
Christopher Nolan says not owning a smartphone helps him think better
Christopher Nolan sits in front of an IMAX camera.

Christopher Nolan has spent his career embracing cutting-edge filmmaking technology while resisting one of the most common gadgets on the planet: the smartphone. The Oscar-winning director behind Oppenheimer, Inception, and the upcoming The Odyssey says his decision isn't about rejecting technology altogether. It's about protecting something he believes has become increasingly rare - time to think.

In an interview with The Telegraph ahead of the premiere of The Odyssey, Nolan explained that he still doesn't own a smartphone, despite living in a world where QR codes, digital tickets, and messaging apps have become everyday necessities. His reasoning, however, is far more practical than philosophical.

Read more
Letterboxd could find a new home at Netflix, but Sony is fighting for it, too
Netflix wants Letterboxd, but Hollywood isn't letting it go without a fight
Letterboxd

Letterboxd, the fast-growing social network for film lovers, could soon have a new owner. According to a report by Puck News, the New Zealand-based platform has been exploring a potential sale, attracting interest from several major entertainment companies, including Netflix, Sony Pictures Entertainment, and Paramount Skydance.

While no deal has been confirmed, the discussions highlight how valuable online fan communities have become as streaming platforms compete not just for viewers, but also for the audiences that influence what people watch next.

Read more