What is it going to take for the world to take hackers seriously?
Hackers have chosen to target HBO, and more specifically its immensely popular series Game of Thrones, as a tool to acquire substantial ransom money. The hacker or hackers, under the screen name ‘Mr. Smith’, acquired the scripts for highly anticipated episodes as well as emails and sensitive information such as financial balance sheets and legal correspondences pertaining to ongoing court matters involving HBO.
The hackers released a video sent to HBO CEO Richard Plepler which read, in part:
“We successfully breached into your huge network. … HBO was one of our difficult targets to deal with but we succeeded (it took about 6 months).”
By the hackers’ own admission, HBO had substantial firewalls to prevent such a breach, but within a matter of six months the hackers had managed to bypass HBO’s security measures, attaining the valuable script to HBO’s most popular program. They then demanded the equivalent of $6 million in Bitcoin, payment of which they promised would prevent the script’s leak. Hackers already released entire seasons of the HBO shows ‘Ballers,’ ‘Insecure,' and ‘Room 104,’ but the targeting of Game of Thrones– a show for which many pay HBO solely to watch– represents a more strategic attack by the hackers.
And, according to the Guardian, HBO has promised to pay at least a portion of the ransom as they search for an alternate solution. Should Game of Thrones episodes continue to be leaked, the drop-off in subscribers to HBO could prove substantial.
While Game of Thrones represents the pinnacle of hackers’ targeting of popular culture as a means to financial gain, the greater implications of such seemingly unchecked hacking capabilities go far beyond television, or even corporate America.
Many cybersecurity experts have posited that the next major step for hackers is the targeting of universally coveted resources, such as electricity, water, and communications systems. While the obvious target is increasingly popular smart homes, which incorporate wireless systems in the control of lights, thermostats, and other critical features, the capabilities of hackers should not be underestimated nor confined to smart home technology.
In their attacks, hackers have become increasingly fond of “ransomware,” which, according to Trend Micro, “prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid.” In many cases, the ransomware has no unlock code, meaning that even when the ransom is paid the victim is unable to recover or access affected files and information.
This has, in many cases, been known to affect operations such as shipping, invoicing, and manufacturing, which all are dependent on the information systems targeted by the ransomware. In other words, it is not only the target company which is affected by hacking-related file locking and the payment of ransom. In many cases, the consumer is directly affected as well.
FedEx was the recent target of ‘NotPetya,' a hacker or group of hackers known for its use of ransomware with irreversible effects. On July 17th, FedEx reported a cyber-attack to the Securities and Exchange Commission, stating that its European subsidiary, TNT Express, was experiencing continuing service delays as a result of infected data from a ransomware virus. Ultimately, FedEx would report revenue losses as a result, showing the direct impact such hacking can have on even the most entrenched private sector giants and its investors.
But the nature of these hackers is callous, and even hospitals are not spared from the effects of their ransomware, which include postponed surgeries and the complete shutdown of operations:
‘One rural hospital in West Virginia had its systems so badly infected by NotPetya that it is being forced to replace its entire information-technology infrastructure. A hospital system in Pennsylvania canceled surgeries due to NotPetya. Past ransomware attacks have forced hospitals across the U.S. and U.K. to close down. In those attacks, ambulances had to be turned away until the hospitals expunged the computer virus or paid the hackers for the decryption key.’
This development– the targeting of hospitals and their patients– is reminiscent of terror attacks in terms of the cold-blooded implications. Such a disregard for the lives affected, and potentially lost, as a result of ransomware viruses illuminates why so many cybersecurity experts fear for the next wave of cyber-attacks.
Targeting a private sector company such as HBO, stealing show scripts and episodes, is one thing. Profits are the primary victim of such an attack.
But if hospitals, chosen presumably for the volatility of their systems, are not off limits to hackers, then all bets are off in terms of the damage these anarchists are willing to inflict. We aren’t talking profits in this respect; we are talking the potential loss of countless lives should medical operations be materially interrupted.
NotPetya represents the face of modern hacking. Like all the issues facing our collective societies, assuming a de-escalation of these hacks is naïve.
If we already see hospitals targeted by cyber-hackers, it is tough to imagine just what they have in store for their next heist.