Authorities: 4 Insiders Leaked 'Game of Thrones' EpisodeExperts Discuss Insider Threat Mitigation
The recent online leak of an episode of HBO's Game of Thrones, which has been linked to four insiders at a company that handles data for Star India, has put the spotlight on strategies for mitigating insider threats.
While accidental leakages can be tackled with proper education, practitioners say that malicious intent of employees is a more difficult problem to handle. "We tend to trust our employees. An enemy within a house isn't easy to handle since you don't want to encourage an environment of distrust," says a forensic expert with the government of India, who asked not to be named.
The leakage has been linked to Prime Focus Technologies, the agency contracted by Star India to manage the data. Of the four suspected, three work for Prime Focus and the fourth is a former employee, according to the Cyber Crime Department of Maharashtra. Police have until August 21 to charge the men, who were arrested in Mumbai on Tuesday.
The latest leak of Game of Thrones is different from the one that happened earlier in the month when hackers had claimed to have stolen 1.5 terabytes of data, including full episodes of forthcoming TV shows and at least one script. Plus, another separate leak occurred on Tuesday in Europe, according to news reports.
Broadcaster Filed Complaint
The episode leaked in India earlier this month had a logo of Star India watermark, which prompted the broadcaster to file a complaint with the police, according to reports.
Officers of the Cyber, Government of Maharashtra, conducted a preliminary inquiry on the basis of electronic trail and other technical material.
Brijesh Singh, Special Inspector General of Police (Cyber & PAW), said in a statement that Hotstar - an application by Star India that enables watching certain TV content online - had approached the office of inspector general of police for Cyber after data leak was found. "Maharashtra cyber did the preliminary inquiry into it and zeroed down [the] accused who were related to Prime Focus Technologies. The case was handed over to Mumbai police for further investigation," Singh says.
"The material collected by the department was sent to the office of DCP (Cyber), BKC, Mumbai for further investigation and necessary penal action in accordance with law."
Prime Focus Technologies lodged a complaint against one of its employees, alleging that he along with others gained unauthorized access to the episode, Singh says.
As a security practice, in most cases, broadcasters do not load TV episodes on their servers before they are supposed to be aired, security experts say. "This is to prevent it from potential hackers," says Nitish Chandan, a cybersecurity practitioner. "Though investigations are still on, in this case it's clear that insiders have been involved."
The insider threat is a growing concern across all industries. "In this case, the insider seems to have a malicious intent," says one security practitioner, who asked not to be named. "In such cases, there is little that a company can do to contain such incidents."
But there are ways and means to minimize insider attacks. "One is having a data leakage protection solution where people can't share or copy any data," says Sapan Talwar, CEO at Aristi Ninja. "The second mechanism would be to block certain applications which could pick up required information from network. Only a certain specific business required applications should be allowed."
The forensic expert who asked not to be named believes that such attacks don't happen overnight. "Human resources should inform the security team about employees who are on notice period or are having a bad phase in the office," the expert says. "These employees should be closely watched."
Security in Media
The nature of the media industry makes it vulnerable to cyberattacks. "In the media industry, no due diligence [is] given to security," Talwar contends. "I haven't met any pure security professional from this industry. Though security roles are there, those are usually handled by IT people. I feel there is a huge talent gap."
An internal policy on access is a must, security practioners say. "It will not only fix roles and access but will also zone out the possible people who could be the source of a leak," Chandan says. "Even when a company is outsourcing, it must deploy its in-house security consultant to audit the entire data framework from time to time."