Larson Studios: the history of hacking, which led to the leakage of American TV shows


Larson Studios President Rick Larson (Rick Larson) and his wife, part-time - a business partner, Jill Larson (Jill Larson) told the publication of Variety about how concessions to hackers and an irresponsible approach to security allowed the grouping Dark Overlord Hollywood studio blackmail.

In 2016, two days before the celebration of Catholic Christmas, Rick and Jill received an SMS with the threat of being hacked into their personal mobile phones, but did not attach much importance to this. On the eve of the holiday, another thing came: “Why do you ignore me? On email waiting for a letter that will change your life. " The Larsons were still not very worried, but that all changed when the next day a new letter arrived. A burglary group that calls itself Dark Overlord reported that it managed to penetrate the company's servers and threatened to leak all Larson Studios data.

Company Chief Engineer David Dondorf and digital systems chief Chris Unthank left their families on Christmas morning and rushed to the studio to assess the consequences of hacker actions. Dark Overlord stole from the server and deleted all the data, as promised in her messages, and demanded payments in bitcoins if the studio wants to return all data back. Then Untank and Dondorf disconnected all equipment from the network and called the FBI.

However, the authorities were not able to help anything on that Christmas morning: the FBI asked to fill out the forms, expressed its sympathy, and this was the end of the work of the bureau. The company understood that the forms would not tell you how to respond to harker ransom requests, and therefore Larson Studios hired private experts in the field of data security to find out what happened and what to do next.

In the end they managed to figure out how the hackers cranked the attack. Dark Overlord scanned public addresses and searched for computers running unprotected versions of Windows and accidentally stumbled upon an old computer at Larson Studios running Windows 7. Dondorf explained that the attack was not targeted - the hackers wanted to test their strength, would they be able to find a computer that get to hack.

When all the circumstances were clarified, the company strengthened the security measures and carefully studied what was stolen. Jill Larson notes that the team spent most of January on this. Before they paid the ransom, they wanted proof from hackers.

Larson Studios did not immediately decide to meet burglars, but Dark Overlord provided very little time to make a decision. The attackers threatened to release the new season of the Netflix series Orange - hit season before the New Year. Therefore, the company had to agree to cooperation, at least in order to gain time.

In the meantime, security experts hired by the Larsons have been studying Dark Overlord's previous attacks. In previous months, a burglar group has targeted medical institutions and other enterprises. The attackers managed to attack the American glue manufacturer Gorilla Glue in front of Larson Studios and a children's charity organization immediately after. Previous attacks showed that the ransom payment really worked - hackers returned materials to the company and destroyed copies of themselves.

When at the end of January, hackers proved that they had stolen the content of a dozen major studios, including Netflix, ABC, CBS and Disney, Larson did two things: he wrote a statement to the police and decided to pay the intruders. “Our clients have entrusted us with protecting their intellectual property, and the best way to confirm their trust is to pay hackers,” says Rick Larson. Hackers demanded 50 Bitcoins, which at that time was just over 50 thousand dollars.

On February 6, Jill Larson and Unthank met with special agent John Palmieri, a cybercrime expert. Palmeri advised not to pay or communicate with extortionists. But he also noted that the company probably knows best for itself which solution would be best for the business.

Buying and sending bitcoins caused difficulties. First, Jill Larson had to collect the necessary amount in Coinbase - a kind of online bank for Bitcoin transactions. The bank did not allow the entire operation to be carried out at once, and she spent about a week trying to transfer the entire amount of Dark Overlord - only 19 transactions. After that, Larson Studios received the last letter from cyber criminals, confirming the payment.

For a few weeks, there was a lull, and on March 31, the company received a call from the FBI and reported that the hackers used materials stolen in December to blackmail the studios in Hollywood. A few days later, Larson's phone was torn from calls from the security departments of these studios.

Up to this point, Larson Studios has not reported an attack to any of its clients. Silence is one of the conditions that hackers set. The Dark Overlord group even contacted some journalists and asked about a possible incident to ascertain whether the company would reveal a secret. Larson Studios was silent, and the hackers told Larson that this was the right decision.

Larson Company spent the amount with six zeros on new security measures, some of which were recommended by the studios. Now they keep audio and video files separately, so that attackers will not be able to steal them simultaneously. The output is encrypted, the networks are separated, and the computers in the room are blocked. Only now Larson Studios feels safe.

This does not mean that the company has not taken any precautions before. The staff of Larson Studios simply did not know about it. The presence of a computer with an un-upgraded operating system connected to the network is an oversight of the company.

This story prompted many studios to attend to security issues. Companies have already significantly increased the level of security since the attack on Sony Pictures in 2014 , which resulted in tens of thousands of emails leaked. However, security experts have long warned about the lack of adequate protection from outsourcers, which the studios have a lot of.

Studios outsource audio processing, color correction, 3D scaling and much more. Some middlemen are big players, but most of them are still small family businesses like Larson Studios. After the hacking of Dark Overlord there are rumors about the need for standardization of security systems for such enterprises.

Larson Studios still continues to strengthen security measures and is trying to restore its reputation. The latter is not particularly successful. When the news about the possible theft of Disney's Pirates of the Caribbean movie was released in May, many journalists referred to the Larson Studios case, despite the fact that the company has nothing to do with the film.


All Articles