Sun, Aug 13, 2017 - Page 16 News List

E-mail shows HBO talks with hackers


Hackers this week released an e-mail from HBO in which the company expressed willingness to pay them US$250,000 as part of a negotiation over data swiped from HBO’s servers.

The July 27 e-mail was sent by John Beyler, an HBO executive who thanked the hackers for “making us aware” of previously unknown security vulnerabilities.

The executive asked for a one-week delay and said HBO was willing to make a “good faith” payment of US$250,000, calling it a “bug bounty” reward for information technology professionals rather than a ransom.

HBO declined to comment.

A person close to the investigation confirmed the authenticity of the e-mail, but said it was an attempt to buy time and assess the situation.

The same hackers have subsequently released two dumps of HBO material and demanded a multimillion-dollar ransom.

Regardless of whether HBO intended to follow through with its US$250,000 offer, the e-mail on Friday raised questions among security professionals about the importance of the data and whether HBO’s reaction might encourage future attacks.

“It’s interesting that they’re spinning it as a bug bounty program,” said Pablo Garcia, CEO of Aliso Viejo, California-based FFRI North America. “They’re being extorted. If it was a bug bounty, it’d be on the up and up.”

Beyler’s e-mail to the hackers said the company was working “very hard” to review all the material they provided, and was also trying to figure out a way to make a large transaction in bitcoin, the hackers’ preferred payment method.

“You have the advantage of having surprised us,” Beyler wrote. “In the spirit of professional cooperation, we are asking you to extend your deadline for one week.”

The first HBO hack became publicly known on July 31.

Beyler’s e-mail, sent several days earlier, might have been an attempt to make the problem go away without too much bad publicity for HBO, said Sanjay Goel, a professor at the University at Albany and chairman of its information technology management department.

“Hackers are not in this game for US$250,000; this probably took them a lot of time and effort,” Goel said. “That’s a very, very small amount in these kinds of negotiations.”

On Monday, hackers using the name “Mr Smith” posted online a fresh cache of stolen HBO files and demanded that the network pay a multimillion-dollar ransom to prevent further releases.

The leaks included scripts from Game of Thrones episodes and a month’s worth of e-mail from the account of HBO’s vice president for film programming.

There were also internal documents, including a report of legal claims against the network and job offer letters to top executives.

HBO has said that it is working with law enforcement and cybersecurity firms to investigate the attack, which is the latest to hit a Hollywood business.

In April, a hacker claimed to have released episodes of Netflix Inc’s Orange is the New Black ahead of their official launch date.

This story has been viewed 1890 times.

Comments will be moderated. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned.

TOP top