Disney has confirmed it is investigating an apparent leak of internal messages by a hacking group, which claims it is “protecting artists’ rights”.
The group, Nullbulge, said it had gained access to thousands of communications from Disney employees and had downloaded “every file possible”.
It is not clear how commercially sensitive the information is for the media and theme park giant, but it is reported to include messages about upcoming projects the firm is working on.
“Disney is investigating this matter,” a company spokesperson told the BBC in an email.
Nullbulge’s website says the group targets anyone it believes is harming the creative industry by using content generated by artificial intelligence (AI), which it describes as “theft”.
The BBC has made contact with the hackers who claim to be in Russia and say they got into Disney’s internal Slack messaging system through an insider.
But when asked for a sample of the stolen data to verify its authenticity, the hackers did not respond – meaning the BBC has not been able to independently assess if the huge data trove is genuine.
“Disney was our target due to how it handles artist contracts, its approach to AI, and its pretty blatant disregard for the consumer,” the hackers claimed.
They said they released the data because they didn’t expect Disney to meet their demands to stop using AI.
It is unusual for hackers to claim they are “Russian hacktivists” with an ethical agenda – most cyber criminals, including those in Russia, aim to make money by extorting their victims.
Spread of AI
The leak was first reported in the gaming press and then picked up by the Wall Street Journal, which said some of the leaked material related to advertising campaigns and interview candidates, with some dating back as far as 2019.
There has been growing concern amongst performers, artists and other creatives that the rapid spread of generative AI will undermine their livelihoods and damage the creative environment.
Generative AI is trained on vast bodies of existing material – including texts, images, music and video. It is then able to produce new work of a standard that can be hard to distinguish from human-generated material.
Some artists and authors have claimed AI firms breached copyright by using their original work to train these AI tools.
Nullbulge describes itself as “a hacktivist group protecting artists’ rights and ensuring fair compensation for their work”.
“Our hacks are not those of malice, but to punish those caught stealing,” it says on its website.
“We will work tirelessly to develop and implement solutions that protect the rights and livelihoods of artists in the digital age.”
The Walt Disney company’s businesses range from film-making and streaming services Disney+ and Hulu, to video games and theme parks dotted across the globe. It owns the hugely successful Marvel and Star Wars franchises.
Former CNN anchor Don Lemon filed a lawsuit against Elon Musk on Thursday, months after a partnership with the X social media platform was scrapped claiming the X owner unfairly terminated their deal, refused to pay him and used the media personality’s name to attract advertisers.
The lawsuit was filed in California Superior Court in San Francisco, a legal filing showed.
X canceled its partnership with Lemon in March after he said Musk would be his first guest in an interview
“His approach was basically just ‘CNN, but on social media’, which doesn’t work,” Musk later said in a post on the platform, adding that Lemon was welcome to build viewership on the platform.
Lemon, a popular prime-time personality, was fired from CNN in April last year after 17 years at the cable television network following a short tenure as morning show co-host.
X, formerly Twitter, has struggled to retain advertisers amid a series of controversies ever since the billionaire bought the company in 2022.
The platform in January signed Lemon, former U.S. congresswoman Tulsi Gabbard and sports radio host Jim Rome, part of an effort to grow video content on the site and bring advertisers back to its platform.
The lawsuit claimed that X agreed to pay Lemon at least $1.5 million with additional payments as incentives and a part of the advertising revenue.
“This case is straightforward. X executives used Don to prop up their advertising sales pitch, then canceled their partnership and dragged Don’s name through the mud,” said Lemon’s attorney, Carney Shegerian.
In a world where a single point of failure can throw our machines into chaos, everything from sharks to authoritarian governments to old ladies have brought the web to its knees.
On Friday 19 July, 2024, the world woke up to what many have called the worst digital crisis of all time. A botched software update from cybersecurity giant CrowdStrike crashed some 8.5 million computers, smearing Microsoft’s dreaded “blue screen of death” across the globe. Airlines cancelled over 46,000 flights in a single day, according to the FlightAware. Hospitals called off surgeries. 911 emergency services faced disruptions in the US. Film Forum, an arthouse cinema in New York, switched to cash payments as its credit card system went down. Microsoft and CrowdStrike issued a solution, but the outages continue almost a week later. It’s a reminder, frustrated IT experts said, to never push updates out on a Friday.
As our infrastructure becomes ever more tangled with the internet, this won’t be the last catastrophic online outage. But CrowdStrike wasn’t the first, either. The history of computing is littered with examples of our digital fragility, and crashes of the past offer a glimpse of what it will feel like on the day the internet turns off.
“There’s a price to pay for the convenience we enjoy,” says Ritesh Kotak, a cybersecurity and technology analyst. “It will happen again, and from a technical standpoint, the fix for CrowdStrike was relatively easy. Next time, we might not be so lucky.”
A glitch in the matrix
One of the earliest major outages came in 1997 thanks to a glitch at the company Network Solutions Inc., one of the main registrars that issues domain names for websites. According to the New York Times, a misconfigured database crashed every single website ending in .com or .net. It took down around one million sites, which at that point in history was a huge portion of the web. Some people didn’t get their email. An untold number of web searches ended in frustration. Some businesses who couldn’t reach clients and customers lost business around the 1997 crash, but overall, the problems were minimal.
Yet with the internet now touching nearly every part of our daily lives, anything close to the Network Solutions outage has far greater consequences. Twenty-one years later, for example, a malware attack on the Alaskan community of Matanuska-Susitna took an array of digital services offline. The internet blackout sent 100,000 people back in time.
On some level, the internet really is just a series of tubes
“The cyber-attack, God help us, just about stopped everything, you know,” local Helen Munoz told the BBC in 2019. “In fact, the borough still [hasn’t sorted out] their computers.”
Employees were locked out of their workstations. Local libraries were ordered to turn off all their devices. In one government office, workers had to switch to typewriters to do their jobs. It was 10 weeks before the majority of the Matanuska-Susitna’s systems came back online.
We’re going to need a bigger cable
Sometimes the problems start in the physical world. For a while, the entire nation of Armenia’s internet connectivity depended on a single fibre-optic cable running through Georgia. If that sounds precarious, you’re right. In 2011, a 75-year-old woman took all 2.9 million Armenians offline when she sliced through that cable with a spade near the Georgian village of Ksani. The woman, who was scavenging for copper at the time, was arrested but reportedly let go soon after because of her advanced age. She later told reporters: “I have no idea what the internet is.”
Others felt its absence more keenly. “You can feel it when you don’t have access to the internet. You start going crazy,” says Vahan Hovsepyan, senior community and public policy advisor at RIPE NCC, the regional internet registry for Europe, the Middle East and Central Asia, who lives in Armenia. “There’s no way to ensure stability when you have a cable that’s thousands of kilometres long,” Hovsepyan says, which highlights the importance of building redundancies into digital infrastructure.
It’s proof positive that, on some level, the internet really is just a series of tubes. Pensioners aren’t the only threat to those tubes, either. In 2017, all of Zimbabwe lost its internet access for half a day. Local newspapers reported that a tractor had torn through a cable in South Africa.
The fibre-optic cables in our backyards need protection from human beings, but the thousands of kilometres worth of cables draped across the ocean floor face their own dangers. Sharks have a mysterious fondness for biting undersea cables, which has caused outages in the past. There’s a long history of teeth marks on these ocean cables, not just from sharks but other fish and barracudas. A tooth can penetrate the insulation and mix sea water to ground the power conductors. It’s been causing problems for phone and telegraph cables since at least 1964, according to a report from the United Nations Environment Programme. Today, Google reportedly wraps its underwater cables in a Kevlar-like material, in part to stop sharks and other ocean dwellers from biting through the internet. Videos posted online have captured the web-hating sharks in action.
Digital fallout
A quarter of Canada’s internet and phone service was knocked out in 2022 because of a failure at Rogers Communications, one of the country’s biggest telecom providers. It gave 11 million people a preview of last week’s CrowdStrike debacle. Emergency services couldn’t accept phone calls, hospitals cancelled appointments and businesses across the country couldn’t accept debit card transactions. Canadian R&B star the Weeknd was forced to postpone a concert.
Kotak, who lives in Toronto, says the Rogers outage didn’t have a major impact on his life, but others weren’t so lucky. “A friend of mine literally missed the bar exam,” he says. “Her whole family were Rogers customers, and she couldn’t get the exact address and room number for the test because she only had it written down in her email.”
Legislators can prevent these kinds of problems by mandating safety measures in the technology and telecom industries, Kotak says. But sometimes, governments are responsible for internet shutdowns in the first place.
Disabling the internet is also a go-to method for government censorship, both for authoritarian governments and stable democracies. “It’s a pretty massive problem,” says Zach Rosson, a data analyst at Access Now, a digital rights advocacy group. “By our definition, there have been over 1,500 internet shutdowns since 2016”, by governments, militaries and police forces.
In fact, the CrowdStrike disaster shadowed an example that began the same day. For the last week, Bangladesh has face near total internet blackout after a government shutdown in response to violent clashes between protesting stuidents and police. The online cutoff has been accompanied by a curfew and reporters say the lack of internet access makes accurate information harder to come by. At least 150 people have been killed in the clashes, with some local media putting the figure much higher.
There’s a growing push to understand internet access as a human right. “Think about all the things it gives you access to: employment, healthcare, education, communication, business and just understanding the world around you. We’ve found that internet shutdowns actually impede humanitarian delivery and prevent the documentation of atrocities,” Rosson says.
India is probably the world leader in using internet shutdowns to quell unrest, but it’s a widespread tactic that’s been deployed in at least 83 countries including Iran, Russia, Algeria, Senegal, Tanzania, Cameroon and Venezuela, according to Access Now.
The big one
In places where the internet connection depends on one fibre-optic cable, it makes for a glaring Achilles heel. After decades of the internet worming its way into every corner of our lives through wires and WiFi connections, you might think there would be more built-in fail-safes to keep the world churning. But largely the opposite is true, according to Casey Oppenheim, chief executive at Disconnect, a cybersecurity company.
“To me this is the real lesson of the CrowdStrike event,” Oppenheim says. CrowdStrike holds a massive market share in its corner of the security business, serving more than half the companies on the Fortune 500 list. “The less diversity you have in any ecosystem, the more vulnerable you become, and there’s zero diversity at the top of the internet supply chain. You can pick any core area of the internet and you’ll find a very short list of companies in control.”
In other words, Oppenheim says, the potential for catastrophic internet failures is yet another consequence of “monopolistic forces” in the tech business. When so much depends on a single company, one wrong move can bring it all tumbling down. “As governments take on antitrust issues, it’s something we may want to think about,” he says.
The most famous internet failure in history is one that didn’t really happen. Twenty-five years ago, the public went into a frenzy over the Y2K Bug. Many predicted that the dawn of the new millennium in the year 2000 would come with a global computer failure. Thanks to short-sighted engineers, many computer programmes relied on calendars that used two digits for the year instead of four. That meant 2000 would be indistinguishable from 1900 on New Year’s Day. Forecasts about the resulting computer crashes were nothing short of apocalyptic, with stories about failing governments, riots in the streets and total societal collapse. The world was just starting to comprehend the power of the tech industry, and for many, the Y2K bug was as terrifying as it was obscure. Some people stocked up on food, water and weapons.
Elevators didn’t stop running, as some building managers were reported to fear. Years of warnings about a collapse of the global financial system were for naught. Prison doors did not fling open and let convicts free, despite some warnings. And unlike the early days of the Covid-19 pandemic, the recommended toilet paper stock piles weren’t necessary. The problems could have been far more severe, though the most dramatic prophecies were always overblown.
CrowdStrike is the closest we’ve come to a full-blown internet shutdown. Even with its unprecedented scale, however, the consequences lasted just a few days. CrowdStrike was a taste of what’s possible. Security experts are still bracing for the big one.
“I’m very aware that I could wake up tomorrow and my job could be gone,” says Jess Hyland.
The video game artist says the industry she’s spent almost 15 years working in is on “shaky” ground at the moment.
A boom in players and profits during the pandemic sparked a flurry of investments, expansions and acquisitions that, in hindsight, now look short-sighted.
Gaming remains profitable, but thousands of workers worldwide have lost their jobs, and successful studios have been shut down over the past two years.
More closures and cuts are feared.
“Everyone knows someone who’s been laid off. There’s lots of worry about the future,” says Jess.
Some bosses are talking up the potential of generative AI – the tech behind tools such as ChatGPT – as a potential saviour.
Tech giant Nvidia has shown off impressive development tool prototypes, and gaming industry heavyweights such as Electronic Arts and Ubisoft are investing in the tech.
With budgets at the blockbuster end of the industry spiralling as audience expectations rise with them, it sounds like a perfect solution.
But not to everyone.
‘Jobs are going to change’
“The people who are most excited about AI enabling creativity aren’t creatives,” says Jess, a member of the Independent Workers Union of Great Britain’s game workers branch. She sits on its artificial intelligence working group.
Against the backdrop of widespread layoffs, Jess says the suspicion among workers is that bosses see AI as a path to cutting costs when labour is their biggest expense.
Jess says she knows one person who’s lost work due to AI, and has heard of it happening to others.
There are also dozens of accounts online suggesting that jobs in concept art and other traditionally entry-level roles have been affected.
Most firms making AI tools insist they’re not designed to replace humans, and there’s broad agreement that the technology is a long way from being able to do so.
Jess says the bigger worry is that “jobs are going to change, but not in a good way”.
Rather than creating their own material, says Jess, artists worry they could end up supplementing AI’s efforts, rather than the other way around.
Publicly available AI image generators, for example, can quickly output impressive-looking results from simple text prompts, but are famously poor at rendering hands. They can also struggle with chairs.
“The stuff that AI generates, you become the person whose job is fixing it,” says Jess. “It’s not why I got into making games.”
Gaming is a multibillion-dollar business but it’s also an artistic medium that brings together artists, musicians, writers, programmers and actors, to name just some.
A frequent concern is that AI will serve to minimise, rather than enable, the work of those creatives.
Copycat fears
It’s a view echoed by Chris Knowles, a former senior engine developer at UK gaming firm Jagex, known for its Runescape title.
“If you’re going to have to hire actual human artists to fix the output, why not harness their creativity and make something new that connects with players?” he says.
Chris, who now runs UK indie studio Sidequest Ninja, says that in his experience smaller developers are generally unenthusiastic about using generative AI.
One of his concerns is around cloned games.
Online game stores – where indie developers make most of their sales – are rife with imitations of original titles.
This is especially true of mobile games, says Chris, and there are studios set up “entirely to churn out clones”.
It’s not yet possible to rip off a whole game using AI, he says, but copying assets such as artwork is easily done.
“Anything that makes the clone studios’ business model even cheaper and quicker makes the difficult task of running a financially sustainable indie studio even harder,” says Chris.
Copyright concerns over generative AI – currently the subject of several ongoing legal cases – are one of the biggest barriers to its wider use in gaming right now.
Tools are trained on vast quantities of text and pictures scraped from the internet and, like many artists, Jess believes it amounts to “mass copyright infringement”.
Some studios are exploring systems trained on internal data, and third parties advertising ethical tools that claim to work off authorised sources are springing up.
Even then, the fear is that AI will be used to turn out assets such as artwork and 3D models at scale, and the expectation on workers will be to produce more output.
“The more content you can make, the more money you can make,” says Jess.
Some in the industry are more positive about AI.
Composer Borislav Slavov, who won a Bafta Games Award for his work on Baldur’s Gate 3, told the BBC he was “excited about what AI could bring to the table for music in the near future”.
Speaking at the recent Games Music Festival in London, he said he believed it would enable composers to “explore music directions faster” and push them out of their comfort zones.
“This would allow the composers to focus way more on the essence – getting inspired and composing deeply emotional and strong themes,” he said.
However, he did agree that AI could not “replace the human soul and spirit”.
While she has serious personal reservations about using the tech to “automate creativity”, Jess says she wouldn’t be against using it to bear the burden of some of the more repetitive admin tasks that are a feature of most projects.
It will also have to work hard to win over another group – gamers.
Online shooter The Finals received a backlash over its use of synthesised voice lines, and developer Square Enix was criticised for the limited use of generated art in its multiplayer game Foamstars.
Jess believes growing talk about AI has made gamers “think about what they love about games and what’s special about that – sharing experiences crafted by other humans”.
“I’m still putting something of myself into it and I think there’s a growing recognition of that.”
Indie developer Chris adds: “If you train a generative model on nothing but cave paintings, all it’ll ever give you will be cave paintings.
“It takes humans to get from there to the Sistene Chapel.”