HBO Hackers Leak Senior Exec Emails, Demand Ransom

Written by

The HBO hackers have upped the ante on their cyber-activities, dropping a ransom note on the premium cable network and leaking executive emails and more Game of Thrones tidbits.

The criminals sent in the goods to The Hollywood Reporter, in the form of nine confidential files with screenshots of the stolen materials. They included a month’s worth of emails from the inbox of a senior executive, plus a screenshot of a file directory with folders for various shows, including unreleased episodes of upcoming shows like Room 104, Insecure and Curb Your Enthusiasm, and an untitled show by Silicon Valley director Mike Judge. On the Game of Thrones front, the materials include plot summary for this week’s upcoming episode, marketing spreadsheets and media plans—and contact information for stars of the hit series.

This is the latest escalation of the breach that came to light last week. The attackers say they have 1.5 terabytes of information in all—seven times the volume of the 2014 Sony breach.

The hackers also delivered a video letter to HBO CEO Richard Plepler saying the network was their 17th target: "We successfully breached into your huge network. … HBO was one of our difficult targets to deal with but we succeeded (it took about six months)."

As the video continues, set to the Game of Thrones theme music, a ransom demand is laid out (the ransom amount is unknown—it’s been redacted in all published versions of the letter): "Our demand is clear and Non-Negotiable: We want [redacted] dollars to stop leaking your Data. HBO spends 12 million for Market Research and five million for GOT7 advertisements. So consider us another budget for your advertisements!"

The letter added, "Its a game for us. Money isn’t our main purpose," the ransom note reads. "We don’t want to endanger HBO’s situation nor cause it to lose its reputation. We want to be your partner in a tiny part of HBO’s huge income."

And finally: "Leakage will be your worst nightmare. So make a wise decision!"

The deadline for payment is three days from when the letter was sent.

HBO thinks the attackers could be overstating things, according to its latest media statement: "HBO believed that further leaks might emerge from this cyber incident when we confirmed it last week. As we said, the forensic review is ongoing. While it has been reported that a number of emails have been made public, the review to date has not given us a reason to believe that our email system as a whole has been compromised."

Ross Rustici, senior director, intelligence services, at Cybereason, told Infosecurity via email that what happens now will depend on HBO’s ability to gather more information.

“If we take the new reports at face value that this is an extortion attempt then the decision to pay or not hinges on a couple of key points of information,” he said. “If [the hackers] were really good and managed to hide their traces well, the forensic effort is going to be a very long and ultimately incomplete job. HBO will never know the totality of the breach. Without knowing the totality of the breach, HBO executives will have to make a decision about how valuable the claimed information is to them (both from an actual investment perspective and a brand damage perspective), without having any real confidence in the data that is missing.”

He added, “An audit of senior emails and other documents that may have damaging or embarrassing information will help inform the risk calculation of whether it makes more sense to pay and pray or hold firm and weather the storm of the media should the worst-case scenario of leaks happen.”

Paying a ransom of course would require significant trust that the hackers wouldn't take the money and then release the information anyway or resell it to a competitor.

“The longer HBO can draw out the negotiating process the more likely it is that they will be able to make a more informed decision,” Rustici said. “The hackers are likely aware of this scenario as well, so it is likely that if the hackers are being honest about the ransom demand and monetary motivation we will see dumps that are increasing in frequency and availability as a way to put pressure on HBO.”

What’s hot on Infosecurity Magazine?