Disney has become the latest company to come under threat from hackers over an early release of one of their movies, but it’s the response to the potential leak that’s most interesting. Mainly because it’s eerily similar to the response that Netflix gave to hackers when the fifth season of Orange is the New Black came under attack.
Disney CEO Bob Iger told press on Monday that Disney wasn’t going to cooperate with hackers and would not give in to any kind of demand. He added the company was working with federal authorities, but wouldn’t go into much more detail about the investigation. Again, what’s most interesting about Iger’s words is what wasn’t said: Disney wasn’t interested in stopping the early release of its film, which is Pirates of the Caribbean: Dead Men Tell No Tales, according to the Los Angeles Times.
When Netflix was hit with a similar threat from a hacker, who goes by the name thedarkoverlord, the company issued a statement confirming it was adamant it wasn’t going to give in to their demands. Like Disney, the company said it was going to work with federal investigators, but made no attempt to try and stop the leak beyond that.
“We are aware of the situation,” a statement from Netflix read. “A production vendor used by several major TV studios had its security compromised and the appropriate law enforcement authorities are involved.”
The almost public-facing, laissez-faire attitude Iger and Netflix CEO Reed Hastings have toward the hacks is notable for a couple of reasons. One, people have to assume that things are not as calm behind closed doors. Pirates of the Caribbean and Orange is the New Black are two massive properties for the companies. Disney is going to want to make as much money at the box office as possible, while Netflix isn’t going to want to have to compete with The Pirate Bay for viewers. Secondly, and perhaps most important, both Hastings and Iger have come out in the past against piracy and have commented on how it’s the most destructive force facing their industry.
So again, why does it not matter this time around?
The type of hack
It’s important to examine the type of hack that is most likely at play in these scenarios. Both Netflix and Disney fell victim to a third-party post-production vendor hack, according to Sam Elliott, director of security product management at Bomgar, a security firm based in Atlanta. These have become increasingly popular over the years, as seen in the 2017 Secure Access Threat Report released by the firm this week. What the entertainment industry is seeing, Elliott explained in the report, is that the number of privileged users who have access to top-secret information is increasing and hackers are becoming better at “impersonating legitimate individuals with authentic credentials.”
To put it simply, those who have access to the shows or film in question are increasing. Hackers. meanwhile, are using holes within the lack of security surrounding those positions to penetrate the company and gain access to the footage.
“These individuals are one of the most treasured targets for hackers looking to infiltrate sensitive information because of their elevated level of access,” Elliott wrote.
How does this relate to Disney and Netflix? Both companies use third-party vendors to outsource some of their work. Netflix, for example, works with a company in New York that helps with dubbing sound for actors in post-production. That means there is an entire company of privileged users who have access to some of Netflix’s top series, including Orange is the New Black and House of Cards that don’t work directly for Netflix.
It’s these types of organizations that often slip through the cracks when coming up with ways to increase security, according to Bomgar’s report.
“Service desks and managed service providers, for example, could be considered a vulnerability for many businesses,” the report reads. “They are usually high turnover organizations with a less mature approach to security, but they have extraordinary access to business systems. With these kind of outsourcing arrangements becoming larger and more common, the way that privilege is managed for them needs to evolve.”
To some extent, this is out of Netflix and Disney’s hands. The projects they’re working on are time sensitive and they have to outsource some of that work. Although security needs to be increased, as hackers adapt and learn to overcome the obstacles put in their way, this isn’t a direct leak from an employee.
All of which is not to imply that Disney and Netflix don’t care about their movies and series being put on Pirate Bay weeks before they’re supposed to be released. Piracy is a major issue for both companies and, although Hastings and Iger have talked about it at-length, it’s become a facet of the industry that companies have learned to co-exist with.
Piracy is an issue, but a manageable one
Piracy isn’t going to just disappear, but it’s not as big of an issue as it’s been in the past.
According to a report put out by Muso, a marketing company known for its annual anti-piracy report, piracy as seen through still-popular torrenting is actually on the decline.
“Torrents have seen an overall decrease by 18.98 percent from the first 6 months visits to the last 6 months visits in 2015,” the report read. “Torrent activity has heavily relied on desktop users (77.1 percent), yet has seen a trend change throughout 2015 of -18.96 percent. Mobile activity has seen a similar decrease by 19.02 percent.”
At the same time, the movie business has never been stronger and Netflix is continuing to build its audience. Theaters saw more than $11 billion in revenue at the box office last year thanks in large part to Disney and the release of Rogue One: A Star Wars Story, Captain America: Civil War, Finding Dory and others.
“We’re very pleased with our performance for the year, delivering the highest revenue, net income and earnings per share in Disney’s history,” Iger said during an earnings call in November. “We remain confident that Disney will continue to deliver strong growth over the long-term as we further strengthen our brands and franchises, our technological capabilities, and our international presence.”
A report from Box Office Mojo in March confirmed that more people were headed to the theater than in the past decade, with numbers confirming that domestic grosses and ticket sales were up 5.5 percent from last year. Even more impressively, it marked the highest level at that specific point in the year since 2004.
Netflix also saw an increase in its subscriber base. The company confirmed last month in an earnings report that it added 1.42 million U.S. subscribers and 3.53 million internationally. It marked the first time that the company crossed the 100-million subscriber mark, making it one of the biggest streaming services online.
Still, Hastings has spoken about how piracy is an issue the company wants to tackle, but with growing numbers it has become less of a concern over the years.
Disney and Netflix are working with investigators, but at this point there’s nothing to stop hackers from releasing the footage they have. If the companies want to try and keep their content as secure as possible, the next step is figuring out how to increase security with third-party vendors. Piracy is always going to be an issue, but with increased security measures, companies may be able to stop major hacks like these happening.
Polygon has reached out to both Netflix and Disney for comment on the status of the affected titles and will update when more information becomes available.