Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response
OK Computer: Did Radiohead Get Hacked?The Story of the Stolen Minidiscs Is Nuanced
Hacking and extortion attempts against organizations have unfortunately become all too commonplace. On Tuesday, an unlikely victim went public: the British band Radiohead. But was the band really a hacking and extortion victim?
See Also: Attack Surface Management: Improve Your Attack Surface Visibility
Radiohead guitarist Jonny Greenwood announced on Twitter on Tuesday the theft of 18 minidiscs worth of material from his bandmate, Thom Yorke. On the discs is 18 hours of Radiohead demos made in the late 1990s as the group was working on the album "OK Computer."
Greenwood writes that the band "got hacked last week," with the perpetrator reportedly demanding $150,000 in exchange for the material. Unfortunately, Greenwood doesn't provide details about the hack or more information about the alleged ransom attempt.
https://t.co/iTcF2VjYRdhttps://t.co/6Pao0hThbU pic.twitter.com/OepiMlEL73— Jonny Greenwood (@JnnyG) June 11, 2019
In response, Radiohead decided to release the material, called MINIDISCS [HACKED], with a humorous undersell. "It's not v [very] interesting," deadpanned Yorke on the Bandcamp release page. "There's a lot of it."
The trove, which Greenwood describes as never intended for public consumption, is for sale for 18 days for £18 (US$29). During that period, fans can also stream the material for free. The proceeds will go to Extinction Rebellion, a British group that raises awareness about environmental damage.
But was Radiohead really hacked and extorted? As a Radiohead fan, this story was too good not to dig further. I'm not confident that I'm that much closer to the truth. That said, there does appear to be a more plausible scenario for how the files leaked, and the band may not have actually been ransomed.
The Leaker: 'Zimbra'
First stop: Twitter. I reached out to John in New Jersey, who tweets under the handle @goodbyetheband. He tweeted this directly to the band:
there was no blackmail attempt. the leaker attempted to sell the files to fans for an exorbitant amount of money; the fans rebelled against the leaker by posting all of the info they had on the leaker in a successful attempt to outmaneuver the leaker's bid at profiting off this— goodbye the band (@goodbyetheband) June 11, 2019
John, who didn't want his last name used, is part of WASTE, which is a Discord chat group for Radiohead fans. John shared with me the inside story of how he believes the files appeared. It started with someone going by the nickname "Zimbra."
Zimbra is a known bootlegger who shares mostly hip-hop, John says. Zimbra began reaching out to Radiohead fans on a website called leakth.is, John told me.
Zimbra posted around June 3 that he'd come across 18 hours of unreleased Radiohead music. He offered to sell the live tracks for $50 each and other track between $500 and $800 each, John says.
Zimbra's post attracted a lot of attention, and the situation eventually migrated to Reddit. Radiohead fans were excited, but wary, John says. On one hand, the allure of so much unheard material was strong. But at the same time, fans were concerned about trading in pirated material and wanted to alert the band.
The Reddit post is where the $150,000 figure surfaced. As opposed to what Greenwood tweeted, it doesn't appear to be the price of the ransom but rather an imprecise calculation of what Zimbra wanted for the files from Radiohead fans.
John says Zimbra subsequently seemed spooked by all of the attention and was "very agitated that info about the potential sale had come out."
Zimbra "seemed very concerned about having too much pressure on him from the band's management team, and simply gave the files away - which of course just increased the amount of attention in the end," John says.
The files were posted on leakth.is, John says, which were then downloaded and traded by fans. The files, John says, were "badly transcoded MP3s."
Zimbra has since disappeared and deleted his or her posts, John says.
An Inside Job?
So how did Zimbra get the files? It's unknown, but John has a theory.
"We're pretty sure Zimbra is not that actual thief based on his reputation in the hip-hop community, and that he actually did get the files through a trade," John says.
There's an idea of how the files may have originally been leaked. Two years ago this month, Radiohead released an anniversary box set of OK Computer-era songs called OKNOTOK. The original "OK Computer" tracks were remastered, and it included b-sides and a bevy of other unreleased material.
Leading up to that release, Thom York's cache of minidiscs may have been pulled out of the archives and copied, John says.
"So it's unlikely the band got 'hacked' either - it just seems like the files got out years ago, and didn't make it out until this very unprofessional leaker named Zimbra let the cat out of the bag," John says.
I flicked Greenwood a question on Twitter asking if perhaps a studio insider pinched the files leading up to the OKNOTOK release. I'll admit I found it fun to tweet one of my guitar heroes and call it work.
Sadly, there's been no response from Greenwood yet, but I'll update this story if he does reply. In the meantime, I'm going to dig into the 11-minute version of "Paranoid Android" on mindisc #5.