Early August, hackers announced to have breached the systems of the television network HBO that is owned by the giant Time Warner. Crooks claimed to have stolen 1.5 terabytes of data from HBO, including information on the current season of Game of Thrones and a script that is reportedly for the upcoming fourth episode of Game of Thrones Season 7.

On Sunday, July 30th, hackers reported the security breach to several journalists via anonymous email, below an excerpt from the message:

“Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh, I forget to tell. It’s HBO and Game of Thrones……!!!!!!

You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread the words. Whoever spreads well, we will have an interview with him.”

“HBO has joined the ranks of Hollywood entertainment companies to suffer a major cyber-attack.” reads the Entertainment Weekly website.

“EW has learned that upcoming episodes of a couple of series and at least one alleged script or treatment have been put online by hackers who breached the company’s systems — with more threatened to be coming soon.”

The hackers have exfiltrated a huge trove of data, including the episodes of many HBO shows yet to release online, they have already leaked upcoming online episodes of “Ballers” and “Room 104, ” and they announced more leaks to be “coming soon.”

“HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information,” reads a statement issued by the company. “We immediately began investigating the incident and are working with law enforcement and outside cyber security firms. Data protection is a top priority at HBO, and we take our responsibility seriously to protect the data we hold.”

Figure 1- HBO Game of Thrones series

HBO did not provide further details on the incident; the company immediately reported the facts to law enforcement to start the investigation.

HBO chairman and CEO Richard Plepler sent an email to HBO employees notifying them the security breach.

“As most of you have probably heard by now, there has been a cyber incident directed at the company which has resulted in some stolen proprietary information, including some of our programming,” he wrote. “Any intrusion of this nature is obviously disruptive, unsettling, and disturbing for all of us. I can assure you that senior leadership and our extraordinary technology team, along with outside experts, are working round the clock to protect our collective interests. The efforts across multiple departments have been nothing short of Herculean. It is a textbook example of quintessential HBO teamwork. The problem before us is unfortunately all too familiar in the world we now find ourselves a part of. As has been the case with any challenge we have ever faced, I have absolutely no doubt that we will navigate our way through this successfully.”

Ethical Hacking Training – Resources (InfoSec)

The “Mr. Smith’s request – a video letter to the CEO

The cyber gang that claimed to have hacked the television group HBO networks were demanding millions of dollars in ransom payments from the company while threatening to release more material belonging to 1.5 terabytes of data they have stolen.

The hackers published a five-minute video letter to HBO chief Richard Plepler claiming to have “obtained valuable information” in a cyber-attack.

The author of the message called himself “Mr. Smith,” confirmed his group obtained “highly confidential” documents and data, including scripts, contracts, and personnel files.

According to the website Databreaches.net, hackers leaked ten files including what appears to be a new script of the fantasy series “Game of Thrones.”

Along with the video letter, the hackers released 3.4GB of files. The dump contained technical data related to the HBO’s internal network and administrator passwords, and of course the draft scripts from five Game of Thrones episodes. The huge trove of files also includes a month’s worth of emails from HBO’s vice president for film programming, Leslie Cohen.

“Many of the more than 50 internal documents released were labelled “confidential”, including a spreadsheet of legal claims against the TV network, job offer letters to several top executives, slides discussing future technology plans, and a list of 37,977 emails called “Richard’s Contact list”, an apparent reference to Plepler.” reported the Guardian.

One of the confidential documents leaked by hackers contains the cast list for Game of Thrones, listing personal telephone numbers and email addresses for actors such as Peter Dinklage, Lena Headey, and Emilia Clarke.

The hackers claim to have worked hard for six months to compromise the HBO network; they also added to have purchased $500,000 a year zero-day exploits that let them hack the firm exploiting flaws in Microsoft and other software used by HBO.

The hackers demanded “six-month salary in Bitcoin” for their work; they pretended to receive half of the HBO group’s annual budget of $12 million to $15 million to stop leasing the files.

“We want XXX dollars to stop leaking your data,” “HBO spends 12 million for Market Research and 5 million for GOT7 advertisements. So, consider us another budget for your advertisements!”

Mr. Smith claims HBO was the 17th victim of his group and added that “only 3 of our past targets refused to pay and were punished very badly and 2 of them collapsed entirely.”

HBO fears that hackers will leak other material and that “the forensic review is ongoing.”

“While it has been reported that a number of emails have been made public, the review to date has not given us a reason to believe that our email system as a whole has been compromised,” the statement from the Time Warner unit said. “We continue to work around the clock with outside cybersecurity firms and law enforcement to resolve the incident.”

The “bug bounty” proposal

According to a report from a leaked memo by Variety, HBO offered a reward of $250,000 in response to the incident. The payment was offered as a “bug bounty,” to discover vulnerabilities in their its computer networks.

Just after the security breach, HBO offered $250,000 to crooks who hacked into its computer systems in the attempt to extend a deadline for paying a much larger ransom.

The email message that was reviewed by Reuters reads:

“You have the advantage of having surprised us,” a member of HBO’s technology team said in the July 27 email. “In the spirit of professional cooperation, we are asking you to extend your deadline for one week.”

According to the Reuters agency, a person familiar with HBO’s response confirmed the company sent the email “as a stall tactic, ” and it had never intended to make the payment, but the strategy failed.

Unfortunately, “Mr. Smith” and his gang weren’t satisfied by the offer to stop leaking sensitive data because it did not match their millionaire request that would be more than $6 million.

HBO did not comment the report by Variety; the company is working with forensic experts and law enforcement to identify the hackers and fix the flaws they have exploited to steal the precious content.

Hollywood under attack

Hollywood seems to be a privileged target for crooks; this isn’t the first time that HBO is a victim of the hackers, crooks already penetrated the HBO network in 2015, and leaked the first four episodes of “Game of Thrones Season 5.”

In April 2017, the hacker ‘The Dark Overlord’ claimed to have stolen and leaked online episodes from the forthcoming season of the TV show Orange Is The New Black.

In May 2017, a hacker claimed to have stolen Pirates of the Caribbean: Dead Men Tell No Tales, but Disney denied it.

In 2014 the Sony Pictures suffered the biggest data breach of ever in the Hollywood history, a successful cyber-attack exposed sensitive and confidential data, and that had a significant impact on the operations of the company.

Who is the next one?

References

http://securityaffairs.co/wordpress/61558/data-breach/hbo-data-breach.html

http://securityaffairs.co/wordpress/61832/cyber-crime/crooks-hbo-hack.html

http://securityaffairs.co/wordpress/61934/data-breach/hbo-bug-bounty-hackers.html

http://ew.com/tv/2017/07/31/hbo-hacked-game-of-thrones/

https://www.theguardian.com/technology/2017/aug/08/game-of-thrones-stars-personal-details-leaked-hbo-hackers-demand-ransom

http://securityaffairs.co/wordpress/59165/data-breach/crooks-pirates-of-the-caribbean.html

http://securityaffairs.co/wordpress/58553/cyber-crime/orange-is-the-new-black.html