MARINA DEL REY, Calif. — It may sound like lunacy to those who’ve experienced a cyber security breach, but according to famed “spy-catcher” Eric O’Neill, a cybersecurity expert and former FBI counter-terrorism and counterintelligence operative, there’s no such thing as a “hacker” today.
“There are no hackers,” he said Dec. 7, speaking during a keynote presentation at the eighth annual CDSA Content Protection Summit. “There are only spies. Hacking is nothing but the evolution of espionage.”
Best known for helping capture infamous FBI mole and Russian sky Robert Hanssen in 2001, O’Neill pointed to the late-2014 hack of Sony Pictures, where North Korean agents pulled off the biggest media and entertainment cyber-attack in history, stealing more than 100 TB of data, or “more [data] than every single book in the Library of Congress,” O’Neill said. That attack was done for political motivations, however whether it’s for money or for revenge, cyber-attacks are all essentially spy-craft, he argued.
“O’Neill was out first cyber spy … he was able to exploit a neophyte [FBI] computer system at the time,” O’Neill said. “And he was able to expedite it from the inside.”
Part of the problem facing individuals, businesses and the American government when it comes to cyber threats, if those attacking are usually several steps ahead, while those being attacked still aren’t taking the problem seriously enough. “[North Korea] thought of [Sony’s ‘The Interview’ film] as an act of war, and they went to war,” he said. “We didn’t. We still haven’t gotten around to thinking of a cyber-attack as the same thing as a [physical] attack. It’s about spies trying to disrupt your business.
“They’re always thinking of the next vector, and we’re always reacting. They think like spies.”
The solution? Lock down your business like you would a bouncer at an exclusive club: If you’re not on the list, you’re not getting in. Have visibility of your security protocols across the organization. And don’t be afraid to use analytics to determine weak spots, and see who’s accessing what.
Also at the Content Protection Summit (CPS), Kai Pradel, founder and CEO of video sharing platform company MediaSilo, opened the day with remarks about the state of security within the content business.
“No matter how well you implement a successful security protocol, at the end of the day it’s all about people,” he said. “[And] not everyone care about security.”
That can no longer stand, with the number of productions — and the number of money invested in productions — hitting all-time highs. It’s no longer feasible to pass on solid cyber security protocols in favor of making it easier for executives and those who don’t like the hassles.
“You can’t sacrifice security for usability and the user experience,” he said.
Additionally, Richard Atkinson, corporate senior director of Adobe’s global piracy conversion, shared that he has finished his term as the chairman of the board of the Content Delivery & Security Association (CDSA). “I’m proud of everything we’ve done at CDSA to move this industry along,” he said.
Taking the reins as chairman of the board for CDSA is Ben Stanbury, director of content security for The Walt Disney Studios, who said at CPS that his goals for the group going forward will be to accelerate the focus on cyber security threats, and expand community engagement initiatives.
The 2016 CDSA Content Protection Summit was presented by MediaSilo, with sponsorships by Box, Deluxe, the Digital Watermarking Alliance, Fortium, Microsoft Azure, NexGuard, Okta, PricewaterhouseCoopers and Western Digital. The event is produced each year by MESA, CDSA and the Hollywood IT Society (HITS).