A movie studio has revealed crucial details about how the Dark Overlord hacking group leaked multiple episodes of “Orange Is the New Black” online.
On 23 December, Rick and Jill Larson of Larson Studios, an audio post-production movie studio located in Hollywood, received text messages from an unknown sender reading “Hello Rick” and “Hello Jill”. The married couple/business partners ignored the texts.
But then on Christmas Eve, they both received a follow-up text from the same sender urging them to check their inbox. When they did, they saw an email explaining that a hacker group known as the Dark Overlord had hacked into their servers, deleted all of its data including audio and video footage, and issued a demand of 50 Bitcoins (approximately US $50,000) for the return of what they had stolen.
Larson Studios’ director of digital systems Chris Unthank couldn’t believe it. As he told Variety in an interview:
“Once I was able to look at our server, my hands started shaking, and I almost threw up.”
After receiving the email, Larson Studios contacted the FBI and hired private digital security experts. The latter determined that the hackers had not targeted the studio specifically but had discovered one of its computers running Windows 7 while scanning the internet for vulnerable machines.
Consistent with a series of previous attacks, the Dark Overlord then stole data and presented Larson Studios with their demands.
Ultimately, the movie studio filed a police report and paid the attackers. In doing so, they thought the hackers would honor their agreement that they wouldn’t tell anyone about the breach. They thought the ordeal was over.
But a criminal’s word only goes so far.
Apparently, Larson Studios had violated the “agreement” by contacting the FBI. So the Dark Overlord decided to punish them by contacting movie studios with which the Larsons had worked and leveraging the stolen files for ransom. That’s what led the hackers to leak ten episodes of “Orange Is the New Black” after Netflix refused the attackers’ demands.
Affected studios began contacting the Larsons shortly thereafter.
Some severed ties with the studio. Others questioned Larson Studios about other security incidents involving movies it had nothing to do with. Many others stayed on and recommended security upgrades.
Since the initial breach, Larson Studios has spent six figures on improved security measures, including keeping audio and video files separate as well as encrypting all data that leaves the studio by default.
Rick Larson told Variety that the studio is still working to re-establish trust with its clients. As such, the recovery process is still ongoing:
“It’s not over by any means. However, the light at the end of the tunnel may actually not be a train. We actually may be heading toward something really good. And it hasn’t felt that way over the last six months.”
Groups like Dark Overlord will always be looking to take advantage of companies’ inadequate security measures. With that said, now is the time for organizations to review their security posture and make some changes.
Encryption can go a long way… as can making sure a machine running a vulnerable Windows version isn’t connected to the web. We all know what can happen if organizations fail to take these basic steps.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.