Paranoid H'wood wracked by hack attacks
Over the past few weeks, a young Brit named James Sinclair sat at his computer and watched dailies from Steven Spielberg’s upcoming “Minority Report,” pored over client files of a major tenpercentery and studied internal emails, deal memos and film slates from several major studios.
All this information — considered top secret — was easily swiped from the companies via the Internet. And it’s available to anyone with a computer and knowledge of which Web site to log onto or computer network to hack into.
Forget about the occasional movie being leaked onto the Web or about the thousands of music files available on services like Napster. Hollywood is experiencing the revelation that everything it saves on a computer is available to prying eyes at any time. Nothing is safe. Paranoia is running rampant.
Through legal (and freely accessible) software, anyone with a computer and an Internet connection can enter studio databases containing the most private information.
Recent breaches have allowed hackers to exchange: rough cuts of Warner Bros.’ “Ocean’s Eleven” and Columbia Pictures’ Jet Li actioner “The One”; emails among executives at Warner Bros. TV; scripts transferred from production companies such as Bruckheimer Films; databases at agencies like CAA, Endeavor and William Morris; personal records at law corporations and accounting offices; and digitally stored media at New Line and VDI Multimedia.
And those are just the few that have become public among the inner circle of Hollywood hackers. It’s only a matter of time before the content that’s stolen hits more public sites such as http://www.trackerfrog.com and other free-stuff online communities.
Sinclair is part of that geek group. The 21-year-old president and chief technology officer of Global Network Security Services, along with his 24 staffers, are hired by entertainment companies to penetrate their computer networks and discover just how vulnerable their systems are.
Sinclair and several other similar computer network security companies are looking to protect Hollywood’s secrets. But hundreds of thousands of hackers across the world, not to mention studio and agency rivals, are not so benevolent.
Showbiz is already paranoid about piracy, which costs companies in every business sector $1 trillion in damages annually. The film industry is losing $2.5 billion a year to piracy, the Motion Picture Assn. of America reports. The music industry is losing an additional $4.1 billion per year.
Those numbers are expected to grow, as the entertainment industry expands into digital film projection and launches online music services and video-on-demand offerings.
Showbiz is painfully aware of the world of institutionalized piracy: organized people who steal copyrighted material. But this new threat comes from freelancers, who are widening their scope. Hackers have discovered that they can earn valuable tradeoffs for a hot internal Hollywood memo or a movie. In exchange for their showbiz info, hackers often are given stolen credit card numbers to use. It’s only a matter of time before content is sold for hard cash.
Besides money, there are other motives. An agent, for example, can tap into the deal memos of a rival tenpercentery. Then he can call an actor and say, “I know you got $3 million for your last film; we could have gotten you $4 million.”
The biggest threat comes from money-hungry professionals. And company employees are increasingly to blame.
Sinclair’s company recently discovered that a new staffer at a large Hollywood lab, which processes and converts film footage to digital dailies, was taking footage home. His roommate was then uploading it to the Web.
“Most companies do not realize that 90% of the attacks performed on the systems they try so hard to protect are the result of inside jobs,” Sinclair says.
Naturally, no studio, agency, record label, law firm or post house wants to admit that its computers are vulnerable. And with hackers often leaving little to no trace that they ever infiltrated a network, few people even know they were victimized.
“This is a new problem,” Sinclair says. “It’s only four years old. Companies don’t think anything’s wrong, so they’re not taking the problem of piracy all that seriously.”
The biz operates on a computer network that’s shockingly easy to penetrate. That’s because inhouse teams of IT staffers are using off-the-shelf software to set up “firewalls,” which protect a company’s internal network from the Internet and outsiders — but once the old codes are cracked, the software isn’t updated. And firewalls don’t protect a company from employees trying to distribute content from the inside.
Companies like GNSS and several other startups on both coasts, including Atomic Tangerine, Vigilinx and iDefense, offer the security services that the internal IT gurus are opting not to provide — the updates and patches to make sure firewalls remain secure, as well as individuals to monitor the activity on a network and locate intruders.
Helping stave off Hollywood’s hacking horror may be the fact that one movie still must be broken up into 12 segments that need to be downloaded two hours at a time. The industry’s misconception is that much of the material is going straight to public Web sites or online ventures such as Napster. Not so.
Instead, the material is traded on the Internet’s underground collection of FTP computer servers. These are a series of file-swapping sites, ruled by an underworld of hackers and often never seen by the public. Would-be hackers can simply log on and get a list of what’s available.
Sinclair is a chatty Londoner who recently transplanted to Hollywood. He and his staff are housed in a wired warehouse near the Paramount lot — a room full of freaks and geeks who are trying to battle the foreign digerati trying to invade the biz.
Sinclair is assembling a coalition of industryites — including Warner Bros., the William Morris Agency and MGM — to create a set of standards that the MPAA and its member companies can adopt in order to speed up the tracking and to prevent the illegal distribution of copyrighted files over the Internet.
Says Sinclair: “Right now, the MPAA spends more time writing cease-and-desist letters than trying to recover the files being illegally distributed and stopping the distribution at the source. By the time they react, it’s too late. The file that’s been stolen is everywhere.”