Critical Infrastructure Security

Experts doubt authenticity of ‘Harry Potter hack’

Was the final book in the Harry Potter series really breached by hackers? Security experts today said they doubt it.

A hacker named "Gabriel" posted this week on insecure.org that he or she cracked the networks of (United Kingdom publisher) Bloomsbury Publishing to find out the ending of the best-selling series.

(Warning: This link contains potential spoilers.)

The series, which has sold more than 300 million copies worldwide, is set to end with its seventh book, "Harry Potter and the Deathly Harrows," due in bookstores on July 21.

Kyle Good, vice president of corporate communications at Scholastic, the series' U.S. distributor, told SCMagazine.com today that she had no comment on the reports, other than to say, "Anyone can post almost anything they want on the internet, and you can’t believe everything you see."

Gabriel claimed that hacking into the networks wasn’t difficult.

"The attack strategy was the easiest one. The usual milw0rm downloaded exploit delivered by email/click-on-the-link/open-browser/click-on-this-animated-icon/back-connect to some employee of Bloomsbury Publishing, the company that’s behind the Harry crap," the hacker said. "It’s amazing to see how much people inside the company have copies and drafts of this book."

The hacker said that he had religious motivations for revealing the end of the acclaimed series.

"We did it by following the previous words of the great Pope Benedict XVI when he still was Cardinal Joseph Ratzinger," he said. "He explained why Harry Potter brings the youngs (sic) of our earth to (the) neo-paganism faith."

Mark Loveless, a former hacker and now a security architect at Vernier Networks, told SCMagazine.com today that the report is almost certainly a hoax.

"I think it’s completely a hoax. I would rarely trust some odd claim like that from someone on Full Disclosure," he said. "If the person was smart, and they actually got that, they would’ve published a few paragraphs or a chapter."

John Thielens, vice president of technology at Tumbleweed Communications, told SCMagazine.com today that Scholastic's "no comment" means fans of the series aren’t likely to find out soon whether the hack was authentic.

"You just can’t know. It’s sort of an unauthenticatable premise. It reminds me of what other media producers have done when they will record two or three possible endings and one of them airs," he said. "So did it really happen? Personally I don’t want to know because I want to read the book."

Get more IT security news. Click here for SC Magazine Blogs.

Related

Novel tool leveraged by APT28 to exploit old Windows vulnerability

Data exfiltration and privilege escalation attacks leveraging the novel GooseEgg hacking tool to exploit an already addressed Windows Print Spooler flaw, tracked as CVE-2022-38028, have been deployed by Russian cyberespionage operation APT28, also known as Forest Blizzard, against government, education, transportation, and non-government organizations since April 2019, BleepingComputer reports.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.