How Do Leaks Like the 'Avengers: Age of Ultron' Trailer Happen? A Security Expert Explains

Just how did the ‘Avengers: Age of Ultron’ trailer get loose?

On Wednesday night, the hotly anticipated trailer for Marvel’s The Avengers: Age of Ultron leaked onto the Web, a full six days before it was set to debut during an episode of ABC’s Agents of S.H.I.E.L.D. The Disney-owned studio responded with a cheeky tweet and released the higher quality version of the trailer. The swift reaction salvaged the situation and earned goodwill from fans, but the leak still represented a significant setback in Hollywood’s ongoing — and increasingly more complicated — fight against intellectual property theft.

In the wake of high-profile mistakes like the Ultron trailer and this summer’s Expendables 3 fiasco, the industry is scrambling to plug the tiny holes that can lead to costly leaks. How can things like this still happen to billion-dollar franchises at major corporations? Yahoo Movies spoke with Steve Cronan, the founder and CEO of Hollywood database management company 5th Kind, which works closely with Marvel (Ed. note: Cronan did not work on the Age of Ultron trailer, and had no involvement with its leak). Cronan couldn’t speak to the Age of Ultron situation directly, but he was able to explain more generally about how leaks occur. (Marvel did not respond to our requests for comment.)

“At the end of the day, when you’re working on a film production, there are hundreds, if not thousands, of partners and vendors,” says Cronan. “The amount of products globally that they create — you go into a toy store, you go into 7-Eleven — every one of them is receiving some sort of material ahead of time.” The sprawling nature of today’s franchises, with marketing campaigns that feature seemingly endless corporate tie-ins (fast food, games, toys, etc.) means that a huge number of people have access to some part of a movie’s material, including video footage, photos, storyboards, and concept art, among other sensitive items.

That’s where 5th Kind and other companies like it, including DAX film studio, come in. Cronan first started working for 5th Kind — then known as OTC Productions — while working on the sequels to The Matrix, when the success of the original film created a rabid desire for information about the two sequels. Today, 5th Kind’s software allows people working on all aspects of a movie production to view files and share information with the stringent security that’s required, including watermarks both visible and invisible.

“All the videos and the documents have [the viewer’s] name on them — all sorts of tracking so you can know who viewed what and when,” Cronan says. “You can tell someone, ‘You can view a script for 24 hours,’ and as you look at that script, it’s going to have your name on it in various templates, based on your role. So if you’re a producer, it might be something really light, and if you’re a production assistant and lower down the rung, it might have your name all over it.”

5th Kind has worked with Marvel Studios since the first Iron Man film. The studio is known throughout the industry as the most focused on security, which makes sense, given the obsessive interest and near-constant speculation about its films. Back in 2012, when published information about a weird little movie called Guardians of the Galaxy before the media was supposed to have it, a company vice president actually contacted the site to trace the source of the leak.

“Typically, it’s not the senior people,” says Cronan of folks doing the leaking. “It’s the junior people who may not fully respect or understand the impact of what it means to show this script to a friend. There’s been plenty of those stories, where someone’s reading a script and their flatmate’s gotten ahold of it.”

Cronan says that there are “constantly people banging on the door,” trying to hack into 5th Kind’s system, which now services 12,000 users, 2,500 companies, and 3.5 million files per year, coordinating all sorts of data and communication. Just think of all the special effects firms working on a single blockbuster, and you can imagine how elaborate an effort it becomes to keep information secure and organized. Like many companies, 5th Kind actually hires hackers to try to break into its databases and zero in on the system’s vulnerabilities.

As for the less-well-meaning hackers who are trying to raid the digital goldmine where the photos and videos of our favorite superheroes and space warriors reside? Cronan says that it’s more likely to be your younger brother than a nefarious bootlegger. “Typically, there’s no monetary value in doing this,” he says. “It’s purely a cred thing. It’s a young kid’s game — a more mature person isn’t going to want to risk getting sued. Fanboys want to get in there and get it out.”

Watch the trailer for Age of Ultron below: