In April this year, DarkOverLord a Dark Web hacking group stole and held season 5 of popular TV show Orange Is the New Black (which was yet-to-be-released at that time ) to ransom but ended up leaking it on the Internet after failed negotiations with Netflix and Hollywood-based Larson Studios.
Now, details have emerged highlighting how the hackers were able to steal the show from Larson Studios. It turns out that the group took advantage of a vulnerability in Window 7 operating system allowing them to access the original content account of Netflix.
This was discovered after Larson Studios hired a cyber security company to detect the point of breach. Upon investigating, the security researchers found that the studio was still using Windows 7 which does not match the latest security protocols.
Although it is unclear what kind of vulnerability the hackers exploited, the chief engineer of Larson Studios Mr. David Dondorf told Variety in an interview that the hackers were looking for random computers using Windows 7 and ended up breaching the one with the unreleased Season 5 of Orange Is the New Black TV show.
“They were basically just trolling around to see if they could find a computer that they could open,” Dondorf explained. “It wasn’t aimed at us,” said Dondorf.
Furthermore, Dondorf revealed that the studio paid a sum of 50 Bitcoins to the hackers which were around $50,000 at that time (now equivalent to $136,505) to prevent them deleting and leaking the data, however not only did they end up leaking the TV show online but they also deleted all the data from the targeted computer because the studio contacted the FBI regarding the incident.
The DarkOverLord hackers have also confirmed to Variety that they were indeed paid, 50 Bitcoin but due to the breach of contract, the group was forced to punish the studio. The group works in a way that after targeting its victim, it sends them a written agreement for signature to agree to the terms of the agreement which involves not contacting the law enforcement authorities.
“We found Larson Studios was in great delinquency of the agreement after sources confirmed law enforcement cooperation.” “Our agreement provides us the right to execute a harmful action against any client who defrauds our agreement.”
Is is unclear if the group had access to other unreleased TV shows, however, a couple of weeks ago the same group also released first eight episodes of Steve Harvey’s “Funderdome” TV Show on ThePirateBay website. Therefore worse can be expected from the group in the coming days.
Remember, the Dark Over Lord is the same hacker who hacked WestPark Capital investment bank last year and demanded ransom from the authorities. He was also responsible for hacking healthcare database of 34,000 patients in the US and selling them on DarkWeb BTC 20 ($29020).
Also, for Windows 7 users, maybe it’s time for an upgrade or moving to another operating system to secure their systems from such breaches and avoid situations which try to force them to pay a large amount of ransom payment. Remember, just last month a critical SMB vulnerability was exploited by hackers to carry out WannaCry ransomware campaign, one of the largest cyber attacks ever.