Paranoid Hollywood Wracked by Hack Attacks

[InfoSec News <isn () c4i org>]

http://dailynews.yahoo.com/h/nm/20010808/re/industry_hacker_dc_1.html

Wednesday August 8, 2001

By Marc Graser

HOLLYWOOD (Variety) - Over the past few weeks, a young Brit named
James Sinclair sat at his computer and watched dailies from Steven
Spielberg's upcoming ``Minority Report,'' pored over client files of a
major talent agency and studied internal emails, deal memos and film
slates from several major studios.

All this information -- considered top secret -- was easily swiped
from the companies via the Internet. And it's available to anyone with
a computer and knowledge of which Web site to log onto or computer
network to hack into.

Forget about the occasional movie being leaked onto the Web or about
the thousands of music files available on services like Napster.
Hollywood is experiencing the revelation that everything it saves on a
computer is available to prying eyes at any time. Nothing is safe.
Paranoia is running rampant.

Through legal (and freely accessible) software, anyone with a computer
and an Internet connection can enter studio databases containing the
most private information.

Recent breaches have allowed hackers to exchange: rough cuts of Warner
Bros.' ``Ocean's 11'' and Columbia Pictures' Jet Li actioner ``The
One''; emails among executives at Warner Bros. TV; scripts transferred
from production companies such as Bruckheimer Films; databases at
agencies like Creative Artists Agency, Endeavor and William Morris;
personal records at law corporations and accounting offices; and
digitally stored media at New Line and VDI Multimedia.

And those are just the few that have become public among the inner
circle of Hollywood hackers. It's only a matter of time before the
content that's stolen hits more public sites such as
http://www.trackerfrog.com and other free-stuff online communities.

Sinclair is part of that geek group. The 21-year-old president and
chief technology officer of Global Network Security Services, along
with his 24 staffers, are hired by entertainment companies to
penetrate their computer networks and discover just how vulnerable
their systems are.

Sinclair and several other similar computer network security companies
are looking to protect Hollywood's secrets. But hundreds of thousands
of hackers across the world, not to mention studio and agency rivals,
are not so benevolent.

Showbiz is already paranoid about piracy, which costs companies in
every business sector $1 trillion in damages annually. The film
industry is losing $2.5 billion a year to piracy, the Motion Picture
Assn. of America reports. The music industry is losing an additional
$4.1 billion per year.

Those numbers are expected to grow, as the entertainment industry
expands into digital film projection and launches online music
services and video-on-demand offerings.

Showbiz is painfully aware of the world of institutionalized piracy:
organized people who steal copyrighted material. But this new threat
comes from freelancers, who are widening their scope. Hackers have
discovered that they can earn valuable tradeoffs for a hot internal
Hollywood memo or a movie. In exchange for their showbiz info, hackers
often are given stolen credit card numbers to use. It's only a matter
of time before content is sold for hard cash.

Besides money, there are other motives. An agent, for example, can tap
into the deal memos of a rival firm. Then he can call an actor and
say, ``I know you got $3 million for your last film; we could have
gotten you $4 million.''

The biggest threat comes from money-hungry professionals. And company
employees are increasingly to blame.

Sinclair's company recently discovered that a new staffer at a large
Hollywood lab, which processes and converts film footage to digital
dailies, was taking footage home. His roommate was then uploading it
to the Web.

``Most companies do not realize that 90% of the attacks performed on
the systems they try so hard to protect are the result of inside
jobs,'' Sinclair says.

Naturally, no studio, agency, record label, law firm or post house
wants to admit that its computers are vulnerable. And with hackers
often leaving little to no trace that they ever infiltrated a network,
few people even know they were victimized.

``This is a new problem,'' Sinclair says. ``It's only four years old.
Companies don't think anything's wrong, so they're not taking the
problem of piracy all that seriously.''

The biz operates on a computer network that's shockingly easy to
penetrate. That's because inhouse teams of IT staffers are using
off-the-shelf software to set up ``firewalls,'' which protect a
company's internal network from the Internet and outsiders -- but once
the old codes are cracked, the software isn't updated. And firewalls
don't protect a company from employees trying to distribute content
from the inside.

Companies like GNSS and several other startups on both coasts,
including Atomic Tangerine, Vigilinx and iDefense, offer the security
services that the internal IT gurus are opting not to provide -- the
updates and patches to make sure firewalls remain secure, as well as
individuals to monitor the activity on a network and locate intruders.

Helping stave off Hollywood's hacking horror may be the fact that one
movie still must be broken up into 12 segments that need to be
downloaded two hours at a time. The industry's misconception is that
much of the material is going straight to public Web sites or online
ventures such as Napster. Not so.

Instead, the material is traded on the Internet's underground
collection of FTP computer servers. These are a series of
file-swapping sites, ruled by an underworld of hackers and often never
seen by the public. Would-be hackers can simply log on and get a list
of what's available.

Sinclair is a chatty Londoner who recently transplanted to Hollywood.
He and his staff are housed in a wired warehouse near the Paramount
lot -- a room full of freaks and geeks who are trying to battle the
foreign digerati trying to invade the biz.

Sinclair is assembling a coalition of industryites -- including Warner
Bros., the William Morris Agency and MGM -- to create a set of
standards that the MPAA and its member companies can adopt in order to
speed up the tracking and to prevent the illegal distribution of
copyrighted files over the Internet.

Says Sinclair: ``Right now, the MPAA spends more time writing
cease-and-desist letters than trying to recover the files being
illegally distributed and stopping the distribution at the source. By
the time they react, it's too late. The file that's been stolen is
everywhere.''




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.