Game of Thrones was already the most pirated TV show of 2014. 2015 isn’t shaping up much better - but there’s a bigger security story here.
Game of Thrones has its share of pirates, illicit traders, and thieves. They make their way across the Narrow Sea and elsewhere with temerity throughout the series. But the show, unlike the books, has a different sort of piracy problem. And a problem with leaks worse than a Braavosi cog.
Season 4 of Game of Thrones was reportedly the most pirated television show of 2014 and one of the show’s producers, Greg Spence, recently talked to the Denver Post about his concerns for the 2015 season. As he explained to the Post,
"The cast is looping all over the world, sending files back and forth. Artists are working in special-effects houses all over the world. The files are watermarked, and editors have to confirm in writing that they've deleted them."
As HBO learned this week, though, all the written confirmations in the world won’t stop a determined hacker or a leaky source. Despite their best efforts, the first four episodes of Season 5 were leaked the day before the show premiered. Rumor has it that the volume of downloads took down the Pirate Bay this weekend. Most analysts aren’t calling this a hack, at least not in the traditional sense. Security analyst, Ken Westin, called it “an example of supply chain security in relation to data.” Which is a very precise way of saying it was a leak.
Leaks are no less security issues, though, than hacks. As we have seen with many of the high profile breaches that have made headlines recently, internal users have played a significant role in opening the door for hackers. Sometimes the role is passive with users falling victim to phishing schemes. In other cases, user actions have been more deliberate (or downright malicious). In the case of GoT, Ken Westin explained,
“In many respects the same risks that a movie may go through mirrors that of customer data or other forms of intellectual property, where multiple parties may use the data and it can be passed around and accessed by many different parties.”
This isn’t an issue that can be easily addressed. Piracy has fundamentally altered the way we think about media, GoT included. But at the core is the issue of security - How do you secure something that has so many hooks into it? So many stakeholders with potentially competing interests? Many other industries face similar issues. Consider healthcare, with everyone from consumers to insurance companies accessing health information systems or express shipping companies with Amazon, consumers, and logistics applications all leveraging package data. Software companies have developers worldwide, reviewers, beta testers, QA engineers and more. The list of industries with security challenges that are as much logistical as technical goes on and on.
Most likely, the leaked Game of Thrones episodes were advance copies that went to reviewers. Although these are all watermarked, the watermarks aren’t especially difficult to remove, making it nearly impossible to trace the leak back to its source. So what’s the solution? As with so many security problems, there is no silver bullet that takes care of every potential leak or security hole. Policies and documentation are useful in theory, but can fall apart in practice. DRM and document management applications can be adapted to certain types of media and software to limit their sharability, but nothing is foolproof.
Where there is bandwidth to support it, creating the most secure environment often means locking down files, data, and media behind thoughtfully deployed firewalls, judicious use of VPNs, and otherwise centralizing and securing digital assets with available network security tools. Pirating a centrally stored, DRM-protected digital file would be significantly more difficult than pirating a file on a DVD as most likely happened with the Game of Thrones episodes. While it’s true that DRM crackers are ubiquitous, file management and security mechanisms are fairly robust. More importantly, if the network was secure, access to the digital files could be carefully tracked and monitored. DVDs can change hands as easily as sellswords can change sides in a battle.