Leaked email shows HBO of­fer­ing $250,000

The Denver Post - - BUSINESS - By Matt O’Brien and Tali Arbel

BOS­TON» Hack­ers re­leased an email from HBO in which the com­pany ex­pressed will­ing­ness to pay them $250,000 as part of a ne­go­ti­a­tion over elec­tronic data swiped from HBO’s servers.

The July 27 email was sent by John Beyler, an HBO ex­ec­u­tive who thanked the hack­ers for “mak­ing us aware” of pre­vi­ously unknown se­cu­rity vul­ner­a­bil­i­ties. The ex­ec­u­tive asked for a 1week de­lay and said HBO was will­ing to make a “good faith” pay­ment of $250,000, call­ing it a “bug bounty” re­ward for IT pro­fes­sion­als rather than a ran­som.

HBO de­clined to com­ment. A per­son close to the in­ves­ti­ga­tion con­firmed the au­then­tic­ity of the email, but said it was an at­tempt to buy time and as­sess the sit­u­a­tion.

The same hack­ers have sub­se­quently re­leased two dumps of HBO ma­te­rial and de­manded a multi-mil­lion dol­lar ran­som.

Whether or not HBO ever in­tended to fol­low through with its $250,000 of­fer, the email raised ques­tions Fri­day among se­cu­rity pro­fes­sion­als about the im­por­tance of the data as well as how it will af­fect fu­ture at­tacks.

“It’s in­ter­est­ing that they’re spin­ning it as a bug bounty pro­gram,” said Pablo Gar­cia, CEO of FFRI North Amer­ica, based in Aliso Viejo, Calif. “They’re be­ing ex­torted. If it was a bug bounty, it’d

be on the up and up.”

Beyler’s email to the hack­ers said the com­pany was work­ing “very hard” to review all the ma­te­rial they pro­vided, and also try­ing to fig­ure out a way to make a large trans­ac­tion in bit­coin, the hack­ers’ pre­ferred pay­ment method.

“You have the ad­van­tage of hav­ing sur­prised us,” Beyler wrote. “In the spirit of pro­fes­sional co­op­er­a­tion, we are ask­ing you to ex­tend your dead­line for one week.”

The first HBO hack be­came pub­licly known on July 31. Beyler’s email, sent sev­eral days ear­lier, might have been an at­tempt to make the prob­lem go away with­out too much bad pub­lic­ity for HBO, said San­jay Goel, a pro­fes­sor at the Univer­sity at Al­bany and chair­man of its in­for­ma­tion tech­nol­ogy man­age­ment de­part­ment.

“Hack­ers are not in this game for $250,000; this prob­a­bly took them a lot of time and ef­fort,” Goel said. “That’s a very, very small amount in these kinds of ne­go­ti­a­tions.”

Then, on Mon­day, hack­ers us­ing the name “Mr. Smith” posted a fresh cache of stolen HBO files on­line, and de­manded that the net­work pay a ran­som of sev­eral mil­lion dol­lars to pre­vent fur- ther such re­leases.

The leaks in­cluded scripts from “Game of Thrones” episodes and a month’s worth of email from the ac­count of HBO’s vice pres­i­dent for film pro­gram­ming. There were also in­ter­nal doc­u­ments, in­clud­ing a re­port of le­gal claims against the net­work and job of­fer let­ters to top ex­ec­u­tives.

HBO has said that it is work­ing with law en­force­ment and cy­ber­se­cu­rity firms to in­ves­ti­gate the at­tack, which is the lat­est to hit a Hol­ly­wood busi­ness.

The leaks so far have fallen well short of the chaos in­flicted on Sony in 2014. In April, a hacker claimed to have re­leased episodes of Net­flix’s “Or­ange is the New Black” ahead of their of­fi­cial launch date.

But pay­ing ran­soms to hack­ers can be dan­ger­ous be­cause it shows that be­ing a bad-guy hacker is a good busi­ness, said cy­ber­se­cu­rity ex­pert Oren Falkowitz, CEO of Red­wood City, Calif.-based Area 1 Se­cu­rity. Com­pa­nies would be bet­ter off in­vest­ing in pre­vent­ing email spear-fish­ing at­tempts and other hack­ing tech­niques, he said.

“The rea­son they got in this sce­nario is they didn’t have the right pre-emp­tion strat­egy,” Falkowitz said. “The next com­pany, whether it’s Show­time or Death Row Records or whomever, needs to see that they’re go­ing to wake up one day to this re­al­ity un­less they con­front it.”

Ma­call B. Po­lay, HBO

Niko­laj Coster-Wal­dau, who plays Jaime Lan­nis­ter, is seen in Sun­day’s “Game of Thrones.” On Mon­day, hack­ers posted a fresh cache of stolen HBO files, in­clud­ing scripts from five episodes of the pop­u­lar show.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.