Spy vs. Spy: Turn the Tables on Social Hackers Trying to Steal Your Data
By Nik Bars and Emily Winters
The term “hacking” usually brings to mind computers, lines of code, spies and dark trench coats. Outside of this popular image, however, hacking is much more simple — and destructive — than you might think.
“Social hacking” is textbook spying technique, used to coerce someone into providing confidential information by means of psychological manipulation. It can be done over a phone call, email, or even in person, and more often than not the victim won’t even realize that they are involved in a hack until it is too late.
You’ve seen it done a million times in movies or TV and this clip from Friends is actually a perfect example.
We know the entertainment industry can be a high-pressure environment and you don’t want to upset the wrong people, which makes it even more susceptible to social hacking. Thankfully, the expert sleuths at SetKeeper have put together steps you can take to make sure your information doesn’t fall into the wrong hands.
Brief your team: Establish — and enforce — protocols for how information should be shared on your production
A critical step for any production office during prep is to establish how they will be distributing documents and exchanging information across the show. If a studio has established protocols you need to follow, make sure those are enforced. If those aren’t available, it is highly recommended you use a secure document distribution system, like SetKeeper.
Determine your administrators (those who have access to all files and add users to the platform) as well as those who can manage various departments. Who should be distributing sides and scripts? Who has access to the personal information of your crew? Assign these roles clearly and early in your production and stick to them throughout the show.
Also, remember to employ the Principle of Least Privilege and grant access to information to only the people who should have it. The more people who can access and distribute sensitive information, the less secure it becomes. You can read more about this in our previous article on Security Tips.
Use mental Jiu-Jitsu: Ask questions, pay attention and don’t let anyone rush you
In the example from Friends, Phoebe created the illusion that she was someone of authority and used small bits of information she was privy to (i.e. the name of an assistant) to convince the casting director to book another appointment for Joey. The exact same tactic could be used to ask for a script, call sheet, or other confidential information.
No matter what happens, always remember your position, your responsibility and the information you hold at your fingertips. Just because someone is irate and demands a script or appointment be made ASAP doesn’t mean you need to give into their request; you need to confirm that this person is indeed who they say they are.
Double-check that the caller has tried other methods of receiving a script or document — such as through SetKeeper or another document distribution platform. Never, ever simply email your production’s sensitive documents to a recipient’s personal email account without any security measures employed.
At the end of the day, shouldn’t this executive be happy that you are doing your job by protecting their sensitive information — even if it requires them to have a little bit of patience?
Dust for fingerprints: Study your emails for anything suspicious
Social hacking attempts are often disguised as emails from reputable companies. The emails could include graphics from familiar vendors and may be signed with the name of someone who works for that company.
As we all know, the amount of information available online is staggering even if you try to keep your project as confidential as possible. And, much can be inferred from news in the Hollywood trades, IMDb, LinkedIn and so forth. A hacker can easily find information about your production and use it to their advantage.
If the content of an email causes you concern (look for typos, oddly phrased questions, requests for confidential information), take a closer look at the email address of the sender. If it is not the typical email address they use, send a new message to their regular email — or even better, call them — and ask if the suspicious message did, indeed, come from them.
You can also take a moment to remind them of the information safety protocols on your show — just to be safe.
TOP SECRET (but don’t boast about it): Employ security measures on all of your personal accounts, devices, and in your brains.
In an ideal world, personal and work devices would be separate, but on a production we know this isn’t always the case. With that in mind, consider where else you are bringing your personal devices; your cell phone, your laptop…
A hacker could approach you in a coffee shop and snoop on your laptop (or even steal it) as you step away to get your coffee. Or, they could distract you while you are talking to them at a bar and take your cell phone. Always make sure you activate security measures for all of your personal devices and accounts, and lock them if you leave them unattended. In the rare chance they do steal one of your devices, the additional security will make it useless if they can’t get into it, right?
Beyond physical devices, you should also take note of social communication outside of work hours. If someone asks you about your work, even in “harmless” social settings, remember the protocols of your production. If your show has strict protocols in place (did you sign an NDA?), make sure you adhere to them. A reasonable person will understand the need for secrecy around your project (plus, it is kind of fun to play “spy” and keep your friends guessing). Even letting minor details about your show slip can snowball into something much more significant.
We hope you these tips will help keep your sets safer than they already are, and should you have any feedback or questions please don’t hesitate to reach out to us at firstname.lastname@example.org