I Am Henry the Eighth I Am (Not)

Many of us can be forgiven if the recent HBO hack has us recalling the Sony Pictures incident, singing ‘Second verse, same as the first.’ Pub culture aside, the HBO hack actually has little in common with the Sony incident. But HBO’s handling of the incident might make for an interesting business school case on cybersecurity and business models.

HBO Now

Henry the Eighth I Am

Many of us can be forgiven if the recent HBO hack has us recalling the Sony Pictures incident, dismissing it as nothing more than ‘second verse, same as the first.’  The line is from Henry The Eighth I Am, a British drinking song penned over a hundred years ago. Many may remember Patrick Swayze tormenting Whoopi Goldberg with it in the 1990 hit film Ghost.

Pub culture aside, the HBO hack actually has little in common with the Sony incident.  They were different targets hit for completely different reasons, by very different hackers, and with decidedly different outcomes.  HBO’s handling of the incident might make for an interesting business school case on cybersecurity and business models (feel free to run with that).

The Sony incident was the result of a nation-state hit by North Korea, angry over the release of an unflattering film about Kim Jong Un.  On November 24, 2014, Sony employees were locked out of the computers, the company’s entire network having been seized by hackers.  To prove their validity, the Guardians Of Peace group released embarrassing emails Sony execs had written about actress Angelina Jolie and President Barak Obama, forcing the execs to apologize.  The hackers also posted three unreleased Sony films online.

On December 16, the Guardians of Peace threatened 9/11 style attacks on movie theaters that featured the film.  Such a threat might have rung hollow a few years ago, but after theater attacks in Colorado and Florida, corporate owners took no chances.  Several large theater chains cancelled plans to show the movie at all, and even the New York premiere was cancelled. 

Sony capitulated the following day, announcing the film’s Christmas Day release would be postponed.  At 10:00pm Christmas Eve the movie was quietly released online through Google, Xbox Video, YouTube, and a dedicated website.  Around three hundred indie theaters went ahead with the Christmas Day features, but the damage was done.  Sony lost millions in revenue, faced a growing array of lawsuits, and co-chairman Amy Pascal was fired.

Hackers: 1.  Hollywood:  0.

Fast forward three years

Hackers made their way into HBO’s network, capturing unreleased episodes of Game of Thrones, email communications between execs, and personal data on various actors and crew.  They demanded HBO pay a ransom.  HBO declined.  The threat appears the same, and perhaps the hackers thought HBO would capitulate to avoid a Sony-style debacle.  But appearances can be deceiving.

Sony Pictures depends on retail ticket sales – HBO’s business is based on a subscription model.  HBO distributes through a cable-tv network and via online streaming through their software application HBO Now.   Sony’s fortunes rise and fall with each blockbuster hit (Skyfall) and each dud (Pixels). HBO's revenues are nice and steady, reliable even. 

So what real damage did HBO endure due to the hack?  Very little it appears.  Yes, some of the actors had their personal email addresses and phone numbers leaked.  I agree, that’s bad.  But it doesn’t appear there was any consumer information taken.  Will there be lawsuits?  Perhaps, but it doesn’t seem (thus far) that HBO was in any way negligent.

Bottom line:  Posting a few TV episode scripts online isn’t damaging.  Even if the hackers post an entire episode online, would anyone really care?  Yes, there would be spoilers - no doubt Hollywood news outlets and social media would spoil the surprise for quite a few people.  But most, really all, would still watch just like they normally do. 

That’s the difference between these two business models.  HBO’s customers have already spent the money – their monthly subscription fees.  They are going to watch the next episode of Game of Thrones.  Or Veep.  Or Silicon Valley.  The availability of one or two episodes elsewhere  doesn’t change the overall value of HBO’s business model.

The hack doesn’t provide all of each show’s previous seasons.  It doesn’t let customers see how this year’s season will end for their favorite characters.  Customers are going to keep their subscriptions going.  To the best of my knowledge, not one person has cancelled their subscription due to the HBO hack.  That’s the benefit of an on-demand subscription model.

Advantage: Home Box Office

HBO allegedly offered the hackers $250K to not release anything more.  That’s a pretty easy out for both sides, and I imagine that with the FBI now involved, some of the perpetrators might well have wished they had taken it.  Future hacker groups will have to be a bit more discriminating in their target selection.

HBO is a forty year old cable channel that transformed its business model for a digital future in ways other firms can only envy.  It used to be simple to coerce a company into paying up on a ransom threat.  Now there is doubt about whether a future hacking victim will even acknowledge the hackers at all!

Perhaps hackers didn’t realize the subtle differences between Sony and HBO’s business models.  But every hacker group will now stop and re-evaluate if they are hitting the best possible target in the most appropriate way.  If they can’t box in a company’s options, they are certainly not going to want another defiant HBO-like ‘victim’ continuing as if nothing happened at all.

“Winter is coming,” as they say on Game of Thrones.  But in this case, it’s the hackers that have been left out in the cold.

Copyright © 2017 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.