Hacker Posts Possible Harry Potter Spoiler, Illustrating Corporate Vulnerabilities
An anonymous hacker claims to have used computer magic to peer through the extreme secrecy surrounding the ending of the Harry Potter saga and posted online unverified details from the soon-to-be released final book in best-selling series.
The hacker, posting under the handle Gabriel, claims to have gotten a copy of the seventh and final installment of the blockbuster Harry Potter series that chronicles the adventures of a child magician by hacking into Bloomsbury, the series' London-based publisher.
Gabriel said he wanted to spoil the ending to Harry Potter and the Deathly Hallows to protect people from its "Neo Paganism" and was able to get into the publisher's computer network by convincing an Bloomsbury employee to open an email with malware attached.
"We make this spoiler to make reading of the upcoming book useless and boring," Gabriel wrote (Alert: Possible Spoiler Link)."It's amazing to see how much people inside the company have copies and drafts of this book."
In advance of the novel's July 21 publishing date, fans have been rabidly debating which characters the series' author J.K. Rowling might kill off.
The hacker made the claim and posted some plot details Tuesday to a security mailing list called Full Disclosure, which is re-posted on insecure.org, a website run by a white hat hacker known as Fyodor.
However, no portions of the novel were posted, casting doubt on the veracity of the claim.
Kyle Good, a spokeswoman for the book's U.S. publisher Scholastic, said she could not verify the plot details, saying there is a lot of material on the internet claiming to be from the book.
"Anyone can post anything on the internet and you can't always believe what you read," Good said. "The only way to know for sure is to read the book on July 21."
However, the claimed method of attack – known as spear phishing – is completely believable, according to Rick Wesson and Adam Waters, the top officers at the computer security firm Support Intelligence.
"This is being used against the State Department often," Wesson said. "This is how you steal any kind of intellectual property."
"We have so lost fundamental trust [in the security of networks] we can't tell if the story is true or not," Waters added. "Say it was a corporation's financial numbers for next month -- you could move a market with that information."
Even if the hack happened and the plot details are proven, the revelations are unlikely to affect the sales of the book, given the series' intensely loyal fan base.
But Wesson and Waters say the story illustrates that secrets – including copies of unreleased movies, policy statements by politicians and Federal Reserve announcements – are extremely vulnerable to targeted external attacks from hackers who can find their way into a corporate network as easily as sending an email to a summer intern.