Tag Archives: Netflix

News Bites for the Week Ending March 27, 2020

Hacker Sells 538 Million Weibo Accounts

Karma is a B**tch.

With all of the Chinese hacking efforts, someone is hacking back.  Is it us?  Not clear.  In any case, the data includes information like real names, site names, location, etc. and 172 million of the 538 million records include users’ phone numbers, but not passwords.  The data is available for $250.  Given China’s iron grip on the Internet, they should be able to catch this guy.  Unless he is not in China.  Source: ZDNet

Pentagon Increases Progress Payments to Primes

The Pentagon is trying to keep the Defense Industrial Base afloat during these trying times by increasing so-called progress payments to primes and other measures.  Whether it will be enough to keep small subs in business is not clear, but what we have seen is that the bankruptcy courts have seen that these companies’ intellectual property as an asset and sells it off during liquidation – even selling defense information to the Chinese.  In theory, CFIUS should allow the government to stop these (and it absolutely can if it moves fast enough) and FIRRMA (aka CFIUS 2.0) gives the government even more power to stop it but the bankruptcy courts have, for the most part, thumbed their noses at it, possibly (kindly) because they are clueless about the risk.  Source: National Defense Magazine

Experts See Over 600 Percent Spike in Malicious Emails During Covid-19

Barracuda Networks researchers saw a 667% spike in malicious emails using Coronavirus.  The goal is to get you to click on malicious links or download attachments that include viruses.  They saw almost 10,000 coronavirus linked emails attacks in the last three weeks compared to 1,800 in February and less in January.  Phishing attacks are nothing if not tied to current events. Source: The Hill

Netflix Reduces Video Quality in Europe Over Bandwidth Crunch

According to Variety, Netflix uses one out of every eight bits traversing the Internet (12%).  As general  Internet usage goes up, Europe has asked Netflix and other streaming video providers to reduce their video quality from HD to SD.

“As a result of social distancing measures put in place across Europe to fight the Coronavirus pandemic, the demand for Internet capacity has increased, be it for teleworking, e-learning or entertainment purposes. This could put networks under strain at a moment when they need to be operational at the best possible level. In order to prevent congestion and to ensure the open Internet, Internal Market Commissioner Thierry Breton has called on the responsibility of streaming services, operators and users. Streaming platforms are advised to offer standard rather than high definition and to cooperate with telecom operators.”

Netflix has agreed to reduce its video stream bitrate by 25% for the next month.  Source: Bleeping Computer

Why Paying Ransomware May Not Be A Great Idea

You may recall that a hacking group called the Dark Overlord hacked into Larson Studios, a third party provider to Netflix and other studios.  They stole the unreleased copies of the whole season of Orange as well as about 36 other series and movies.

Now we are beginning to hear the back story and it points out that paying ransomers is dicey business.

Larson’s owners tried to protect their customers.  The did this by paying the ransomers $50,000 in bitcoin.  The theory was that they would not release any of the titles if they did.

Investigators discovered that ground zero for the attack was a Windows 7 PC.  Whether it was patched current or not is unclear, but as we are seeing with the Wikileaks releases of CIA and NSA exploits, being patched does not mean being secure.  The CIA and NSA do not have an “exclusive” on exploits.

When Larson’s IT guy looked at the server and found the shows were gone, they called the FBI.  They did not tell their clients because the group said not to and at that point they were still hoping to contain the damage.

They paid the ransom.  It took a while to work through the system to buy $50,000 in bitcoin.  About a week in total.

The Dark Overlord got a bit greedy and contacted Netflix and the other studios trying to get them to pay a ransom also.  Those studios opted not to pay.  So, even through Larson paid the ransom, they released the titles.

It is a bit of a crap-shoot as to whether hackers will keep their word, even though not keeping their word should, in theory, destroy their business model.

In many cases, having a backup will protect you from having to pay the ransom.  Not in this and any number of cases where the hackers can steal intellectual property.  Like at law firms or accountants, for example.

Once they have your intellectual property, it is a new game.

They could sell it or publicly release it.  Depending on the model, they might want to embarrass the company, destroy it or make money.

Your best bet is to keep the hackers out.  That is not always so easy.

After the fact, Larson upgraded security.  Files are encrypted.  The network is segmented so that if an attacker gets in they don’t have free range to the whole company.  They no longer keep the audio files and video files together to make it harder for an attacker to get something useful.

Larson lost some customers over this, but they learned a lesson.  An expensive lesson.  Lost customers PLUS ransom PLUS reputational damage PLUS the cost of re-engineering the network EQUALS an expensive lesson.

You can spend the money before an attack or spend a lot more money after the attack.  It is your choice.  But there is no free lunch.

Information for this post came from Data Breach Today.