By Chris Tribbey
Nearly 80% of businessmen and 67% of businesswomen every day use mobile apps that pose security risks, beating out Millennials (65%) and every other notable group when it comes to clicking malicious links and downloading infected files, according to a new report.
Looking at the mobile data records of 500,000 mobile users (including Android, iOS and Windows Phone operating systems) during a week-long period, security software company Kaspersky Lab and IP service optimization company Allot Communications found that, overall, one in every 30 mobile browsing transactions presents a security risk, along with one in every seven mobile app sessions.
In short, every time you browse the Internet or use an app on your smartphone, you better be wary.
By Chris Ortman, VP Communications & Corporate Affairs, CreativeFuture
Piracy is a problem that affects the creative communities: major studios and networks, mini-majors and independents, distributors and exhibitors, book publishers, major and independent record labels, businesses that service the industry (caterers, florists, stylists, travel agents, etc.), as well as producers, directors, actors, writers, musicians, composers, recording artists, songwriters, authors, set builders, and every individual creative professional. Independent films are especially vulnerable to piracy’s impact because their production budgets are smaller. When pirates profit from stolen creative works, creatives lose their fundamental right to be compensated for their work.
So how do pirate sites make money?: Illegal pirate sites make millions of dollars from advertising or by selling monthly “premium” subscriptions that are processed by major credit cards. The statistics are astounding—a recent study looked at a sample of nearly 600 for-profit pirate sites and estimated $227 million in annual advertising revenue, a significant portion coming from major brands. Read more
By Chris Tribbey
The U.S. Department of Commerce’s Internet Policy Task Force has released a set of copyright reform proposals, calling for more flexibility for courts when it comes to awarding statutory damages in copyright cases.
The report recommends that the Copyright Act be updated to include a list of factors for courts and juries to consider when determining how much to award in terms of statutory damages, calling for more caution against “excessively high statutory damages.” Currently, juries can award up to $150,000 in statutory damages per infringement.
While the task force isn’t recommending that the $150,000 figure be lowered, it does want juries to avoid excessive damages when it’s an individual file sharer at work, vs. large-scale, file-sharing infringement. The report also recommends that Congress establish a small claims tribunal, to set caps on damages awarded.
“Ensuring that our copyright policy continues to provide incentives for creativity while keeping up with the world’s technology advancements has been a critical priority for the Internet Policy Task Force” said Michelle K. Lee, under secretary for intellectual property and director of the United States Patent and Trademark Office, in a statement. “These new policy recommendations are the culmination of many sessions hearing from stakeholders — from publishers and producers to artists to digital entrepreneurs and consumers — and will help the United States’ creative sectors continue to unleash new works and technologies that spur our competitive economic growth.”
Disney execs may now be sitting on the highest-grossing movie of all time (“Star Wars: The Force Awakens,” if you haven’t heard of it), but pity the folks who had to keep the film from falling into the hands of the dark side before its release. Like all movie, TV, music and video game content, the film was under assault from prying eyes and greedy pockets from the day it was announced.
Miraculously, the film made it to release with no major online leaks nor any significant spoilers — proof that at least someone knows what they’re doing in the world of digital media security these days.
Cyber attacks aren’t going to stop, and judging from recent headlines, they’re getting worse. Media and gaming companies — whose business revolves around heavily hyped mainstream content that everyone’s dying to get their hands on — have become prime targets. But, says Walter O’Brien, executive producer of CBS’s “Scorpion” and the real-world hacker upon whom the show is based, “Like most people in cybersecurity, most studios think it will never happen to them because they’re not a bank.”
What’s being done to stem the tide? Here are four major threats impacting entertainment and media companies —and what the industry is doing about them.
When developing iOS applications, there are several ways to secure sensitive data that an application may handle. These measures may or may not be secure when the device is lost or stolen, which could lead to the loss in integrity of the sensitive data. Even when utilizing Apple’s provided security controls (e.g., keychain) for secure storage, data is still at risk for exposure.
iOS applications have their own sandboxed folders, which cannot be accessed by any other application. Although every iOS application has its own sandboxed folder, the data within those folders could be accessible by readily available free applications. While Apple’s security model is a comprehensive one, it relies on the fact that users do not have file system root-level access. Developers must take extra steps to ensure sensitive data is secure from adversaries even when they have root access to the file system.
The Damn Vulnerable iOS Application1 (DVIA) will be used to simulate common mistakes that developers make. This application was developed to provide people with an application to gain or test iOS application reverse engineering skills.
This whitepaper is geared toward those who want to gain knowledge about assessing iOS applications and/or developers who want to know how to develop more security sound applications.
By Chris Tribbey
Between drones, connected cars, 4K Ultra High-Def TVs and virtual reality, there won’t be a shortage of upbeat headlines coming out of this week’s Consumer Electronics Show (CES) in Las Vegas.
But after a year that saw an almost unprecedented number of cyber attacks against both businesses and government agencies, this year’s CES will also see a major focus on the new security risks posed by all this new tech-based connectivity.
“The growth in connected devices creates new opportunities to change and save lives, but also creates new options for bad guys,” said Gary Shapiro, president and CEO of the Consumer Technology Association (CTA). “Cyber security technologies help block, detect and isolate cyber-attacks. Cyber security companies are using CES to launch and demo the next generation of innovation that is going to keep us safe and protected.”
This year’s CES sees the return of the Cyber and Personal Security Marketplace, a specific zone in the Las Vegas Convention Center (LVCC, South Hall 1) dedicated to cyber security technologies. Secure messaging, private Internet access, safe payment apps and more will be on display from exhibitors in the dedicated area.
By Chris Tribbey
Leading up to Christmas, Hollywood was already reeling from the online leak of The Hateful Eight and Revenant, both via high-quality DVD screeners and both ahead of the films’ Christmas Day theatrical debut.
Peer-to-peer sharing group Hive-CM8 claimed responsibility for the leaks, promised to release as many as 40 advanced screeners of new theatrical content, and quickly followed through on its threat: via the group, screeners of Joy, Steve Jobs, Bridge of Spies, Creed, Spotlight, Legend, In The Heart of The Sea, The Danish Girl, Concussion and — on Christmas Day — the new James Bond film Spectre, have all been leaked online, all tracked to Hive-CM8, according to Bit Torrent news service TorrentFreak.
“While little is known about Hive-CM8, sources inform TorrentFreak that less than a handful of people are involved,” the site reported after Spectre hit Torrent sites. “A relatively small operation, but one that has managed to ruin Christmas for a billion dollar industry. Through its sources Hive-CM8 got their hands on many screener copies, of which it has published 11 so far, with Spectre being the most recent.” Read more
By Larry Jaffee
Organizations are best served with the mindset that they’ve already been hacked, instead of relying on technologies in place to ward off attacks. That was the message delivered by Joel Sloss, program manager of security, privacy and compliance for Microsoft Azure, at the recent Content Protection Summit (CPS) in Los Angeles.
“If you haven’t been hacked yet, it’s because you don’t know you’ve been hacked,” Sloss said.
Microsoft itself is in “an environment under constant attack,” he said, and the company takes a proactive approach on how it views IT security. For example, Microsoft runs regularly “war games,” in which its own operatives act as hackers, utilizing the same tactics that criminals use in their attacks.
But these are not run-of-the-mill drills. The “red” team attacks live Microsoft sites without giving the defensive “blue team” advance warning, therefore providing a better sense of how well it will fare against real threats aimed to inflict harm.
“They [blue team] don’t know it’s a game; they think it’s a real attack,” Sloss said, noting the major difference between a simulated attack and a real one “is that we get to sit down and talk about it afterward” (this Azure video explains how their red-blue games work). Read more
Content Security Association Now Represents Major Studios, Independents and Tech Leaders
LOS ANGELES — Celebrating its 45th year, the Content Delivery & Security Association (CDSA) has announced the election of new members of the board of directors, selected to lead the non-profit trade group into its next half-century of industry service.
“Over the past five years CDSA has exclusively focused its efforts on providing content protection and security services to companies throughout the international media supply chain,” said CDSA chairman Richard Atkinson, corporate director of the global piracy conversion team at Adobe Systems. “Our new elections to the Board reflect this emphasis and expand on our activities within the global entertainment, technology and software communities.” Read more
By Chris Tribbey
MARINA DEL REY, Calif. — For a very long time, producers haven’t paid much attention to security on the set, according to John Canning, new media council board member for the Producers Guild of America. It just always seemed like someone else’s problem to deal with.
But recently he’s has seen a major shift in thinking among major producers, a growing awareness of just how important production security — physical and digital — actually. “They’re realizing, ‘Wait, this is impacting me, it isn’t just something the studio keeps harping about,’” he said, speaking during a panel at the sixth annual Content Protection Summit (CPS). “Now they start seeing it impact their bottom line, start seeing things showing up on YouTube.”
Today, the Producers Guild is putting more emphasis on security education than ever before, helping producers realize that if they don’t respect and understand the best practices in place, they can’t expect the rest of the crew to do so either. Read more
By Chris Tribbey
The third quarter saw a record 1,510 distributed denial of service (DDoS) attacks recorded on Akamai’s routed network, an increase of 180% over the third quarter of 2014 and a 23% increase quarter to quarter, according to the company’s third quarter State of the Internet report.
Especially troubling for media and entertainment companies: the industry was the most frequently targeted by mega DDoS attacks (those measuring 100 Gbps or more) and accounted for 5% of all DDoS attacks. During the quarter, one media and entertainment company was the target of the largest million packets per second (Mpps) DDoS attack ever recorded, at 222 Mpps.
The online gaming sector was heavily targeted during the quarter, accounting for 50% of all DDoS attacks, with software and technology second at 25%. The Internet and telecom sector was hit by 5% of attacks, down from 13% in the second quarter. Retail suffered the vast majority of Web application attacks, accounting for 55%, according to the report. Read more
By Chris Tribbey
MARINA DEL REY, Calif. — During a presentation on production in the cloud at the recent Content Protection Summit (CPS), a central analogy quickly emerged: is your cloud a house or a hotel?
A private data center can be locked away pretty tightly, with more control over who has the leys and who comes and goes. A public cloud on the other hand is just that: a public space.
The Future is Coming at Us Faster Than Ever. Futurist P.W. Singer Grapples with the Consequences (CDSA)
By Paul Sweeting
It’s not news that the pace of technology change today is orders of magnitude greater than it was 100 years ago, or even 50 years ago. So, too, the speed at which new technology spreads around the world and its impact is felt by individuals and societies.
It took the steam engine more than 100 years, for instance, to reach the level of global penetration and social, economic and political impact that cellular technology and internet connectivity have achieved in a matter of decades.
Yet what hasn’t accelerated nearly as much since the invention of the steam engine, according to futurist and best-selling author P.W. Singer, is the capacity of humans and societies to come to grips with the social, economic and political effects wrought by technology change.
“While technology moves at an exponential pace, our social, legal and political institutions move at a glacial pace,” Singer told Cyber Security News in an interview. “The gap between the question of what’s possible and the issue of what’s proper is growing.”
The military is looking to the storytellers of Hollywood, video games and fiction for clues about the future of war, security and geopolitics, according to futurist and best-selling author P.W. Singer who will be presenting the Luncheon Keynote at the 6th Annual Content Protection Summit at the Marina Del Rey Marriott on Wednesday, Dec. 2.
According to Singer, the keynote, entitled “Next War: The Science Fiction and Reality of Future Tech and Geopolitics,” will address how “the 21st century is being shaped by a range of exciting, and scary, new trends and technologies that seem like they are right out of the entertainment world — in part because they are.” His address will delve into the impact of robots, artificial intelligence, cyberwar, 3D printing, bio-enhancements, and the risks of World War III.
Recently described by the Wall Street Journal as “one of Washington’s pre-eminent futurists,” Singer is a consultant for groups that range from the US military to Hollywood whose recent novel Ghost Fleet (ghostfleetbook.com) blends the style of a technothriller with nonfiction style research, leading to a learning experience that is “a wild book, a real page turner” (The Economist) and “a modern-day successor to tomes such as The Hunt For Red October from the late Tom Clancy” (USA Today). Since its publication last June, Singer has been invited to brief lessons from the book to groups that range from the Chairman of the Joint Chiefs to Congress and CEO summits. Read more
By Chris Tribbey
A series of well-publicized security incidents over the past twelve months have put the media and entertainment industry on notice that its operations and content are prime targets for cyberattacks.
The result has been an unprecedented focus on security processes and solutions among the Hollywood studios, record labels, game companies and publishers, according to security experts speaking during a panel at last week’s Hollywood IT Society (HITS) Broadcast IT Summit in New York.
Tom Darlington, strategic services executive for global media and entertainment at IBM, pointed to a recent executive-level IBM cyber security survey, which saw 88% of chief information security officers saying their security budgets have increased. But more than that, what the IBM study found, for the first time for many companies, was that security is being viewed as essentially strategic to the overall enterprise.
By Larry Jaffee
Entertainment and media companies lag far behind other industries tracked by the Ponemon Institute, a cyber security think tank based in Traverse City, Mich.
Over the past 11 years, Ponemon has released about 1,600 case studies of data breaches, examining what steps they take before and after an attack. It’s newly released report, the 2015 Cost of Data Breach Study, examined 350 companies in 11 countries covering 16 industry sectors.
Among respondents to the current study were movie studios, though Larry Ponemon, chairman and founder of the institute, said this year only 10 media and entertainment organizations were included in the report. However, he anticipates next year’s report to focus more on that space.
By Chris Tribbey
For a long time now, illegal downloading and illegal streaming of copyright-protected content have been treated very differently, with the former earning offenders a felony, and the latter garnering only a misdemeanor slap on the wrist.
The Directors Guild of America (DGA) and the International Alliance of Theatrical Stage Employees (IATSE) are asking the federal government to start treating streaming of illegal content just as harshly as downloading, and fast.
In a letter to the United States Intellectual Property Enforcement Coordinator Office of Management and Budget, the two groups call for legislation that would make illegal streaming a felony, something that was attempted several years ago with the Commercial Felony Streaming Act, but has yet to become law.
By Chris Tribbey
On Oct. 21 in Boston, senior level executives, cyber security solution providers and information security experts will all be on hand at the Cyber Security Summit, a C-Suite conference that will tackle everything from the Sony Pictures hack to the government’s cyber security problems with China.
The annual summit will bring see solution providers show off tools for protecting businesses, see government intelligence officials share their insights, and offer an overview of current and emerging cyber threats that threaten both businesses and consumers. Read more
By Chris Tribbey
The Motion Picture Association of America (MPAA) has singled out the online piracy sites causing the entertainment industry the most trouble nowadays, with Russia and The Netherlands among the countries hosting the most offending digital outlets.
In its annual report to the Office of the U.S. Trade Representative (USTR), identifying the world’s “most notorious markets” for distributing infringing content, the MPAA listed the cyberlockers, streaming and linking sites, peer-to-peer networks and BitTorrent portals that are most damaging to Hollywood.
Joanna McIntosh, EVP of global policy and external affairs for MPAA, said the American motion picture and TV industry supported nearly 2 million jobs and $113 billion in wages in 2013, and that there are now more than 450 unique online (legitimate) services for Hollywood content worldwide.
“But despite the growing legal online marketplace that benefits both consumers and creators, a wide range of complex and sophisticated illegitimate marketplaces operate around the world, distributing infringing content and profiting off others’ hard work,” she said in a statement. “These notorious markets weaken America’s global competitiveness by discouraging investment and undermining the growth of legitimate services. They also threaten consumer safety by spreading malware.
By Chris Tribbey
Hackers are more patient than ever, spending more time inside company systems and stealing more data than ever before, according to a recent survey from HP and private U.S. security company SANS Institute.
The longer a hacker is able to go undetected, the more costly the breach, and the results from more than 500 security experts to the SANS 2015 Incident Response Survey yielded some troublesome results: 37% said their the average dwell time (the time from the attacker’s initial entry into a network to the time of detection) was less than 24 hours, while 36% said it took 24 hours or less to find and fix breaches. However, a full 50% said it took two or more days to detect a breach. Six percent didn’t see they had been breached for months.
The results are up a bit from 2014, though there are still a few problematic areas companies continue to face. More than 60% said malware was the cause of their breach, down from 82% in 2014, and data breaches were down to 39%, compared to 64% a year ago. The bad news: companies are still lagging on having the right skills and tools to fight security breaches.