On July 31, news broke of a major cyber incident affecting HBO. According to reports, the network experienced a major cyberattack. The hackers behind it are currently demanding the equivalent of about $6 million in bitcoin, and claim that if they don’t get paid they will release 1.5 terabytes of data they stole from the network.
Reportedly, this includes scripts and other content from the hit series Game of Thrones, as well as sensitive information stored on folders dubbed “Budget,” “Legal”, “Licensing & Retail”, and more.
To prove they really did hack HBO, the hackers released about 3-4 gigabytes of data, that included a list of network administrator passwords, as well as a month’s worth of emails taken from the account of the network’s vice president for film programming, Leslie Cohen.
The hacker(s), dubbed “Mr. Smith” made their demands through a five-minute video that was included in the data dump. With white text scrolling over a black background, they delivered their message that told HBO to pay up, or see 1.5 terabytes of sensitive data – including entire series – get dumped online.
The hackers demanded “6 months worth of salary in bitcoin” which, according to them, means about $6 million. They claim to make between $12 million to $15 million per year blackmailing organizations whose networks they manage to compromise. The hackers claimed they will only deal directly with HBO CEO Richard Plepler, and that they will only send payment details once.
HBO has already recognized that “proprietary information” has been stolen, and stated that it is currently investigating the attack along with cybersecurity experts and police. However, the network doesn’t believe its email system has been compromised.
Hackers Claim to Use Zero-Day Exploits
According to the AP, the text in the video was written in often flawed, fluent English that used a lot of pop culture references. In it, the hackers claimed that it took them six months to breach HBO’s network. Their biggest threat is to superimpose “HBO is Failing” on stolen shows they dump online, effectively disrupting the network’s business.
In the 3-4 gigabytes of dumped data, alleged confidential documents were leaked, including a spreadsheet of legal claims against the network and job offer letters to top HBO executives.
The video further adds that the hackers spend half a million dollars per year on “zero-day” exploits that allow them to break into networks by taking advantage of flaws Microsoft and other companies haven’t fixed yet. It claims HBO is the 17th victim, and that only three targets refused to pay so far.
According to Variety, Internet security company IP Echelon has been hired to hide the leaked files from Internet search results so that the damage is minimized. The company has reportedly sent a DMCA takedown notice to Google, as according to reports the leak included “thousands of Home Box Office (HBO) internal company documents.”