As viewers await the much anticipated penultimate season finale of “Game of Thrones” this Sunday, HBO officials have been dealing with their share of off-screen drama.
Earlier this month, as Westeros braced itself for winter coming onscreen, HBO announced a massive data breach. Hackers calling themselves “Mr. Smith” stole an estimated 1.5 terabytes of data, which allegedly included email and internal communication including scripts, episode summaries and marketing materials. It may also have included episodes of “Game of Thrones” as well as other shows including “Curb Your Enthusiasm,” “Insecure,” “Ballers” and more.
“Mr. Smith” released a ransom note demanding millions, but the company refused to bend the knee – to stick with “Game of Thrones” references.
Not long after, spoilers and episodes of “Game of Thrones” made their way onto fan sites and mainstream web scape. Even though actors and network officials said that they did not expect any impact on viewership, many fans were upset.
To make matters worse, just last week a hacker group called “OurMine” hijacked HBO’s Twitter account as well as individual shows’ accounts. The group caused minimal damage, and HBO regained control of the accounts within an hour.
HBO’s bad month in cyber security offers important lessons for other companies: safeguarding your digital information is vital.
“It has been said, if you haven’t been hacked yet, either you just don’t know it or it will be happening soon,” said Ken Dewey, head of the cyber security program at Rose State College in Midwest City.
Besides HBO, Netflix and Sony also experienced significant breaches in recent memory. Hackers favor these targets perhaps due to their high-profile nature, perhaps for the money, but maybe because there are so many companies involved in production, post-production and distribution, including special effects specialists and marketing agencies.
For people like Dewey who deal with this type of crime for a living these hacks intrigue.
“It also seems HBO has been broken into a while ago, and it makes me wonder if the hacker isn’t still inside,” Dewey speculated.
High profile data breaches are full of lessons and underscore that all companies must be proactive with security.
“Don’t become complacent,” Dewey said. “Operating systems and software are often updated weekly; these updates need to be evaluated and implemented across the entire organization. One system not kept current could open the door to an attack.”
“It’s been speculated that HBO has been using some old and outdated systems to house their content,” Dewey said. “If these systems aren’t current and updated, it leaves the door open to hackers.”
Cyber attacks are a widespread problem.
“I ran a small ISP for years out of my house and I would get hundreds of thousands of hits on my network daily. Large companies get much more,” Dewey said. “It was quoted to me that a local energy company was being hit hundreds of thousands of hits per minute. Larger corporations are being hit on the order of millions of hits per month.”
Tracking down the criminal is tough.
“Many hackers cover their tracks,” Dewey said. “If they break into a system and have internal access, they are smart enough to delete logs so there is no trace. Another reason is the internet is worldwide, they could be using a VPN, and although they could be in the US, the VPN could have them connecting through Australia or Italy.”
Dewey and his colleagues train Oklahoma students to be cyber security defense force for companies.
“One way we train for this is by teaching about threats both internal and external,” Dewey said. “We also teach what is called ‘ethical hacking.’ We teach how it is done so they can be more prepared to stop it. If you don’t know how things are done, you will never understand how it happened.”
In Rose State College’s Cyber Security and Digital Forensics program, students learn the tools and tactics that can prevent hackers, spies or thieves from breaking into computer systems and networks. They walk away with specialized skills such as reverse engineering, network exploitation and threat analysis.
“Rose State’s Cyber Security program focuses on updated, real world content,” Dewey said. “Our projects are always changing to meet the current needs and current threats in the industry. This program provides students with hands on experience using real world projects, techniques and tools in real world scenarios.”
The degrees transfer smoothly to OSU IT’s cyber security program in Okmulgee, as well as to the University of Tulsa, which the National Security Agency (NSA) named as one of four national centers of academic excellence in cyber-operations.
Rose State is one of only a handful of two-year colleges in the country to partner with the NSF for the Cybercorps: Scholarship for Service (SFS), which funds a grant program that works with the University of Tulsa. Once educational requirements are completed at Rose State, students can then transfer to the University of Tulsa where they will receive their B.S. degree in Computer Science or Information Technology. Upon graduation students will serve with a federal agency for three years.
Students seamlessly transition into careers straight from Rose State or after finishing a four-year program, joining the ranks of cybersecurity warriors at the FBI, CIA, the Pentagon – or perhaps even the entertainment industry- defending company’s systems.
For more information, visit www.rose.edu.