
Hacker Leaks Episodes from Netflix Show and Threatens Other Networks - pcl
https://www.nytimes.com/2017/04/29/business/media/netflix-hack-orange-is-the-new-black.html
======
jtchang
I actually don't think this will hurt Netflix at all. Part of the value
Netflix provides is ease of use. It's just there ready to go. Maybe if you are
a hardcore fan you'll download the new season but most people will just wait.
Why? Because people are _lazy_ and are willing to pay for convenience. If the
hacker somehow put up all the episodes on a site and it was just one click to
stream then maybe I'd go for it. But overall I'd say it might actually be a
net positive for Netflix (more press!)

~~~
rorykoehler
As long as you don't unsubscribe from Netflix they actually save money (not
taking into account the minimal new subs lost due to people watching the
pirated version and hence not signing up).

~~~
gregmac
I doubt anyone was waiting to sign up to get non-first season of a single
show, and now wouldn't sign up. Especially with the type of show where you'd
be lost or at least miss half the context by not watching the earlier seasons.

At best, this person would be signing up for a month then cancelling after
finishing the season, and Netflix had a one month free trial, so I'm having a
hard time seeing how Netflix is materially impacted here at all.

------
KaiserPro
This is mildly surprising, because if your company wants to work in post
production you need to pass a quarterly marvel/MPAA audit.

Amongst the things specified are: o air gapped network

o All internet through a RDP/VDI service (no copy and paste..)

o all devices to be physically locked away

o all mass storage drivers to be removed

o Physical segmentation of all workspaces

o many other things

[http://www.mpaa.org/content-security-program/](http://www.mpaa.org/content-
security-program/)

The other thing to note is that this is an audio facility, which is usually
the last, or second to last point before release. It also by default has the
whole film/show in one place, which outside of finishing and distribution is
quite rare.

~~~
dawnerd
Not necessarily post production but the security at Discovery Channel was
pretty poor when I worked there. Massive open directory where everyone tossed
files. Didn't want to snoop around and get in trouble but I heard from some
people there it's pretty laughable. It didn't even require a login...

~~~
golergka
IANAL, but I would never leave such a comment under a nickname that is tied to
my real name - you are kind of disclosing their internal security procedures
or lack thereof in a public forum.

~~~
ianai
Bah it's the Internet. Someone somewhere on the internet said something that
could or could not be true. Because no one ever lied on the internet for fake
credibility. I think that should be suitable defense enough.

~~~
user5994461
It's not a suitable defence if it's attached to your real name and you did
work in the company you named.

~~~
dawnerd
My employment contract was fairly bare bones. If they'd rather come after me
for saying their security from years ago was weak so be it.

------
seanalltogether
> “It didn’t have to be this way, Netflix,” the message said. “You’re going to
> lose a lot more money in all of this than what our modest offer was.”

The only money netflix could potentially lose here is the small cross section
of people who only subscribe for a single month to watch this show along with
people who know how to use bittorrent.

~~~
glenstein
If anything, they'd stand to lose a lot more over the long term by creating a
precedent of caving to ransom demands.

------
user5994461
That guy is living an another planet. All this blackmailing and threat
messages are crazy. No one is gonna pay money to a shady character for a
video.

They always end up on torrent around the release, sometimes before. It's fact
of life. Videos are simply not valuable.

P.S. Apparently, that guy used to deface hospitals and ask for a ransom to
restore their files.

~~~
r3bl
Your P.S. is at the bottom of the article.

------
robzyb
This is a criminal act, and of course I don't condone it, but at the same time
I do hope that some good comes out of it - particularly with regards to the
attention which all organisations given to IT security.

Most organisations wouldn't feel comfortable with:

a) Not having locks on their buildings

b) Having known-defective locks on their building

c) Not doing regular audits of the locks their using vs. what criminals can
crack

d) Not having reasonable organisation-wide policies to make sure the locks are
used properly and kept secure

Yet I don't think that there is quite enough attention given to IT security.
It still seems like primarily a "box ticking" exercise, or a case of throwing
rules and regulations at the problem which make sense at face value, but are
inherently flawed.

~~~
johncolanduoni
In the US at least a lot of organizations and most homes have piss-poor locks
that are a lot easier to pick than their IT security is to crack. I'm not
saying you're wrong, but it's not the best analogy.

~~~
noir_lord
We lost the key for the bedroom window the GF seemed positively shocked when I
took a small flat-headed screwdriver and 'picked' (I use quotes because it
wasn't really picking since I only had to push in two places and the lock
popped) it in under 90s.

A lot of security is visual deterrent and to make legal clarity in the
instance of "Did you enter the room or break the lock _then_ enter the room?"
since former doesn't imply criminal intent, the latter does.

~~~
ams6110
A person can still be guilty of "breaking and entering" if a house is
unlocked. But breaking/picking a lock definitely is a stronger case.

------
rdiddly
The whole Dr. Evil routine is a hoot. So over the top! He thinks the whole
world is totally crapping their drawers at the sound of his fearsome words!

------
steve_musk
I don't think this will hurt Netflix too much, if anything it might lessen the
load on their servers...

~~~
amartya916
I would tend to agree with you, especially because the season is supposed to
have more than 10 episodes (13 or so). Also, probably a very tiny fraction of
people already paying for Netflix would choose to go the pirating route.

~~~
lovemenot
Not that I am necessarily disagreeing with your conclusion, but wouldn't
Netflix be more concerned about failing to sign up non-customers who would
have otherwise signed up, had it not been not for the leak?

~~~
notfried
Who would sign up just to watch the fifth season? If someone was swayed by the
marketing he'd probably want to watch from season one.

We are left with a minority that has watched the first four seasons but left
Netflix sometime in the last year and were planning to come before season 5
but with the leak would decide to pirate it instead.

------
mxuribe
Isn't odd that: "The Federal Bureau of Investigation learned of the episode at
Larson Studios in January but did not start notifying the content companies
until a month ago."?? As one other poster here noted about companies like
netflix staggering their releases for more evenly distributing their content
throughout the year, I can not see why the fbi would want to stagger the
release of their notifications and other such "releases". Doesn't make sense.

------
digitalzombie
Netflix will be fine I guess.

I think the reason for Netflix to release Orange is the New Black in June is
to have fresh new contents space out for the year.

Seeing how Netflix pivoting into a content creator and content provider is
second (gonna be distant second because of Hulu). I think the spacing/pacing
between contents is a good think for them.

Hulu is own by several production companies btw so they're eating into Netflix
as a content provider.

Also Amazon and HBO is adding pressure to Netflix.

It's interesting because Netflix is always on that tight path and one misstep
will cost them very big.

------
m3kw9
If they pay, it gives them more reasons to come back next year to another
studio and go for another round, thus it becomes part of a yearly recurring
expense every studio must account for in their balance sheets lol

------
tobyhinloopen
Good thing we stopped paying digital terrorists

------
red023
The NTY calls it "theft" when it in fact is just copying ;)

[https://www.youtube.com/watch?v=IeTybKL1pM4](https://www.youtube.com/watch?v=IeTybKL1pM4)

------
mirimir
> This specific breach highlights a risk posed by the weak security practices
> in the postproduction studios that manage the release of proprietary
> entertainment content. While companies like Netflix and Fox might invest in
> state-of-the-art cybersecurity defense technology, they must also rely on an
> ecosystem of postproduction vendors, ranging from mom-and-pop shops to more
> sophisticated outfits like Dolby and Technicolor, which may not deploy the
> same level of cybersecurity and threat intelligence.

I'm guessing that "they must also rely on" means that they outsource to non-
union shops to cut expenses.

~~~
KaiserPro
Even non-union shops have to be audited.....

~~~
mirimir
Well, Larson Studios apparently wasn't. Or at least, not very carefully.

~~~
AdamJacobMuller
Audits are hardly perfect, nor are they intended to be.

One could argue that the fact that a leak of this scope and scale hasn't
happened before (OITNB is just one of possibly dozens of shows leaked) is
evidence supporting that the policies and audits are working.

