Leaked email shows HBO negotiating with hackers

August 12, 2017 by Matt O'brien And Tali Arbel
This file image released by HBO shows Nikolaj Coster-Waldau as Jaime Lannister in an episode of "Game of Thrones," which aired Sunday, Aug. 6, 2017. Hackers released a July 27, 2017, email from HBO in which the company expressed willingness to pay them $250,000 as part of a negotiation over electronic data swiped from HBO's servers. The hacked HBO material included scripts from five "Game of Thrones" episodes. HBO declined to comment. A person close to the investigation confirmed the authenticity of the email, but said it was an attempt to buy time and assess the situation. (Macall B. Polay/HBO via AP, File)

Hackers released an email from HBO in which the company expressed willingness to pay them $250,000 as part of a negotiation over electronic data swiped from HBO's servers.

The July 27 email was sent by John Beyler, an HBO executive who thanked the hackers for "making us aware" of previously unknown security vulnerabilities. The executive asked for a 1-week delay and said HBO was willing to make a "good faith" payment of $250,000, calling it a "bug bounty" reward for IT professionals rather than a ransom.

HBO declined to comment. A person close to the investigation confirmed the authenticity of the email, but said it was an attempt to buy time and assess the situation.

The same hackers have subsequently released two dumps of HBO material and demanded a multi-million dollar ransom.

Whether or not HBO ever intended to follow through with its $250,000 offer, the email raised questions Friday among security professionals about the importance of the data as well as how it will affect future attacks.

"It's interesting that they're spinning it as a bug bounty program," said Pablo Garcia, CEO of FFRI North America, based in Aliso Viejo, California. "They're being extorted. If it was a bug bounty, it'd be on the up and up."

Beyler's email to the hackers said the company was working "very hard" to review all the material they provided, and also trying to figure out a way to make a large transaction in bitcoin, the hackers' preferred payment method.

"You have the advantage of having surprised us," Beyler wrote. "In the spirit of professional cooperation, we are asking you to extend your deadline for one week."

The first HBO hack became publicly known on July 31. Then, last week, hackers using the name "Mr. Smith" posted a fresh cache of stolen HBO files online, and demanded that the network pay a ransom of several million dollars to prevent further such releases.

The leaks included scripts from "Game of Thrones" episodes and a month's worth of email from the account of HBO's vice president for film programming. There were also internal documents, including a report of legal claims against the network and job offer letters to top executives.

HBO has said that it is working with law enforcement and cybersecurity firms to investigate the attack, which is the latest to hit a Hollywood business.

The leaks so far have fallen well short of the chaos inflicted on Sony in 2014. In April, a hacker claimed to have released episodes of Netflix's "Orange is the New Black" ahead of their official launch date.

But paying ransoms to hackers can be dangerous because it shows that being a bad-guy is a good business, said cybersecurity expert Oren Falkowitz, CEO of Redwood City, California-based Area 1 Security. Companies would be better off investing in preventing spear-fishing attempts and other hacking techniques, he said.

"The reason they got in this scenario is they didn't have the right pre-emption strategy," Falkowitz said. "The next company, whether it's Showtime or Death Row Records or whomever, needs to see that they're going to wake up one day to this reality unless they confront it."

Explore further: Hackers demand millions in ransom for stolen HBO data

Related Stories

Hackers demand millions in ransom for stolen HBO data

August 8, 2017

A group of hackers posted a fresh cache of stolen HBO files online Monday, and demanded a multimillion-dollar ransom from the network to prevent the release of entire television series and other sensitive proprietary files.

HBO offered 'bounty' to hackers: report

August 11, 2017

HBO offered a reward of $250,000 in response to a data breach at the television group that produces "Game of Thrones," according to a report from a leaked memo.

HBO plays down threat of hacked internal emails

August 2, 2017

HBO, which acknowledged Monday that hackers had broken into its systems and stolen "proprietary information," now says the attackers likely haven't breached the network's entire email system.

Recommended for you

Automated safety systems are preventing car crashes

August 23, 2017

Safety systems to prevent cars from drifting into another lane or that warn drivers of vehicles in their blind spots are beginning to live up to their potential to significantly reduce crashes, according to two studies released ...

Newest solar cells underperform in cloudy countries

August 22, 2017

To determine how efficient new solar cells convert sunlight into electricity, small sample cells are tested under ideal conditions. However, the reported efficiency is not very representative of the actual annual yield when ...

Google to serve next version of Android as 'Oreo"

August 22, 2017

An upcoming update to Google's Android software finally has a delectable name. The next version will be known as Oreo, extending Google's tradition of naming each version after a sweet treat.

Forget oil, Russia goes crazy for cryptocurrency

August 16, 2017

Standing in a warehouse in a Moscow suburb, Dmitry Marinichev tries to speak over the deafening hum of hundreds of computers stacked on shelves hard at work mining for crypto money.

Researchers clarify mystery about proposed battery material

August 15, 2017

Battery researchers agree that one of the most promising possibilities for future battery technology is the lithium-air (or lithium-oxygen) battery, which could provide three times as much power for a given weight as today's ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.