In this series of blogs we examine all topics under the information security umbrella. From corporate blunders to rogue state attacks to the occasional celebrity hack, we believe there is something for businesses and individuals to learn from any cyber security event. We also believe that, while experience is the best teacher, it’s even better to let other people make the mistakes for you.
Winter is Here
If there has ever been a conundrum for a tech observer and avid fan of the HBO series, Game of Thrones, this is it. As you may have heard, the premium cable provider was recently hacked and is currently being extorted for safe return of its content. Yes, that means that the hackers are in possession of some of the company’s most profitable and valuable content. The conundrum for me is that, I’m equal parts fascinated by the size of the hack (more on that later) as I am about how it occurred. However, following the trail of evidence here isn’t as straight forward as it normally is because these hackers are leaving spoilers in their wake while attempting to extort more from HBO. And as any fan of the graphic depictions of the rise and fall of the families of Westeros can tell you, not even the Night King is more frightening than the risk of ruining an episode. That’s why we’ve assembled this totally spoiler free Game of Thrones edition of Protect ya Neck. Because, you know, inquiring minds want to know.
What Was Hacked
The studio is understandably not keen to divulge exactly what was taken by the hackers, but an individual going by the name “Kind Mr Smith” appears to represent the perpetrators, and he claims to have a lot. How much exactly? It’s being reported now that the HBO hack consisted of 1.5 terabytes of information, making it over 7 times larger than the massive Sony hack that took around 200 gigabytes. And if you recall from the Sony debacle, 200 gigs was more than enough to release multiple full-length movies and catalogs of financial and personal information. If this amount is accurate, Mr. Smith is positioned to be a regular Lord Varys when it comes to having dirt on people in power. And while there are likely some Cersei Lannisters over at HBO looking to exact a chilling and albeit entertaining revenge, it’s my assertion that the best thing would be to determine exactly how this even happened, first.
”Night gathers, and now my watch begins…”
When Grenn’s actor said these words about living that Knight’s Watch life and the general purpose of The Wall, it would have behooved the folks on the set to pass that sentiment along up to the folks in charge at HBO. This is going to sound a bit frustrating to anyone who is, like me, keen on preventing the preventable. By that I mean, cybersecurity expert Roderick Jones, believes the path these hackers took to get at all that lovely GoT goodness is all too familiar. Jones asserts that the exact same vulnerability that made the Wanna Cry ransomware attack possible, specifically outdated and possibly not-updated legacy Windows-based hardware, was likely to be the main access point for this hack. Alternatively, or perhaps in conjunction with the vulnerabilities of the aging HBO network, there was an additional access point involved, as well. The human element is always going to be the most difficult variable for any cybersecurity effort to account for, and this studio may have been uniquely vulnerable. In an effort to stem the risks of producing physical DVD’s that can be lost or stolen for critics’ advanced access to HBO content, the studio began doing direct streaming. This, combined with the remote work of its own employees, is likely where HBO (and any company, for that matter) has the greatest risk of being compromised.
There’s No Safety North of The Wall
For thousands of years, Westeros had enjoyed relative safety thanks to the imposing presence of The Wall. However, beyond the hundred of feet of stone and ice and the diligent men of the Knight’s Watch, there is no assurance of protection. This is the most accurate Game of Thrones comparison that can possibly be made for what a company’s firewall and intranet represents. Even more than just in the imagery of a defensive wall, too, in that the area between The Wall and the undead army (or in earlier times, the Wildling armies of Mance Rayder) very similarly represent the Demilitarized Zone (DMZ) of network security. Businesses build themselves a formidable fortress around their operations and, though employees will wander north of that border equipped with the skills and training to protect themselves as best they can, there are still casualties outside of its protection. The things to remember here that will protect employees from hackers, and by extension their employers, are so common they would make a person blue in the face to repeat them each time there’s a big hack. However, that’s exactly what I’m going to do now.
- Public WiFi is Public If you’re working on your computer away from your work or home, remember that even the most rudimentary of bad actors can effectively share all of your information once you begin working on a public wifi network.
- Password Strength Is Serious Business This means that adding a “123” to the word “password” and perhaps an exclamation point to the end of your cat’s name probably won’t do the trick. If you really can’t make lengthy, complex passwords for each site, try using one of these top password managers to help out, but you definitely want to mix it up.
- Update, Update, Update Whenever you get a note from either your mobile or desktop operating system to update, DO NOT IGNORE IT. I’m sorry for yelling, but updating your hardware will keep your devices protected from the latest detected security threats and, plus, they’ll all probably run faster, too.
- Keep Backups Whenever Possible In the event that things do go sideways for you or your company, you’ll want to have a plan of action in place. Without any exception, the most cost effective ways to rebuild your network all begin with having a backup on hand. Keeping an external hard drive or cloud backup for all of your devices (applications and files alike) won’t seem like a hassle after the first time you have to conduct a total system reboot. Trust me.
- Keep Generals of the DMZ The analogy here is fun but the risk is less playful. The long and the short of this, though, is that if you have sensitive, proprietary information that you need to work on, it’s best only to do so within the confines of your office’s most secure perimeter and not out in the exposure of the DMZ.
Hold the Line
Admittedly, that’s more of a Braveheart reference then GoT but much of the battle sequences from the Battle of the Bastards episode are best to not be reprinted in this blog. We’re a family company, after all. Suffice to say, though, the concept I want to convey here is steadfastness in practicing these five simple precautions above. There’s a reason that we keep reinforcing them each time we talk about cybersecurity, and that’s because these are the things people who become victims of cyber crime typically tend to overlook. With that said, remember that we typically post the latest in tech, cybercrime, security, and general telephony news on Twitter and Facebook, so you can always find what you need to know to stay safe there.
Hopefully you’ll never need to worry about seeing your name here in a future hacking related post, but if you do, make sure to let me know which GoT character you want to be likened to. Obviously, this was no fun to write at all. Remember, too, it’s a jungle out there, so make sure to Protect ya Neck!