Cape Times

Hackers: HBO agrees to pay ‘bug reward’

- Matt O’Brien and Tali Arbel

HACKERS last week released an email from HBO in which the company expressed willingnes­s to pay them $250 000 as part of a negotiatio­n over data swiped from HBO’s servers.

The July 27 email was sent by HBO executive John Beyler, who thanked the hackers for “making us aware” of security vulnerabil­ities. He asked for a one-week delay and said HBO was willing to make a “good faith” payment of $250 000, calling it a “bug bounty” reward for IT profession­als rather than a ransom.

HBO declined to comment. A person close to the investigat­ion confirmed the authentici­ty of the email, but said it was an attempt to buy time and assess the situation.

Whether or not HBO followed through with its offer, the email raised questions on Friday among security profession­als about the importance of the data and whether HBO’s reaction might encourage future attacks.

‘Bitcoin payment’ “It’s interestin­g that they’re spinning it as a bug bounty programme,” said Pablo Garcia, CEO of FFRI North America, based in Aliso Viejo, California. “They’re being extorted. If it was a bug bounty, it would be on the up and up.”

Beyler’s email to the hackers said the company was working “very hard” to review all the material they provided, and also trying to figure out a way to make a large transactio­n in bitcoin, the hackers’ preferred payment method.

“Hackers are not in this game for $250 000; this probably took them a lot of time and effort,” said Sanjay Goel, a professor at the University at Albany. “That’s a very, very small amount in these kinds of negotiatio­ns,” Garcia said.

Then, last Monday, hackers using the name “Mr Smith” posted a fresh cache of stolen HBO files online, and demanded the network pay a ransom of several million dollars to prevent further releases.

The leaks included scripts from Game of Thrones episodes and a month’s worth of emails from the account of HBO’s vice-president for film programmin­g. There were also internal documents, including a report of legal claims against the network and job offer letters to top executives.

HBO has said it is working with law enforcemen­t and cybersecur­ity firms to investigat­e the attack, the latest to hit a Hollywood business. In April, a hacker claimed to have released episodes of Netflix’s Orange is the New Black ahead of their official launch date.

The leaks so far have fallen well short of the chaos inflicted on Sony in 2014.

However, paying ransoms to hackers can be dangerous because it shows that it is a good business, said cybersecur­ity expert Oren Falkowitz.

Companies would be better off investing in preventing email spear-fishing attempts and other hacking techniques, he said. “The reason they got in this scenario is they didn’t have the right pre-emption strategy,” Falkowitz said.

Game of Thrones scripts and emails from HBO’s film programmin­g vicepresid­ent were leaked

Newspapers in English

Newspapers from South Africa