Support NeoGAF

[GK86]

Link.

The hackers behind HBO's recent breach have leaked a screenshot of an email that shows a senior vp for the network offering the hackers $250,000 as a "bug bounty payment."

In what appears to be an effort to embarrass HBO, the email dated July 27 and obtained by The Hollywood Reporter indicates a negotiation going on between the network and the hackers. But the HBO executive's missive to the hackers is carefully worded and avoids language that would be construed as paying off the hackers and instead is framed as an offer for a reward for discovering vulnerabilities in HBO's system.

The HBO executive instead says that the network has "been working hard since [July 23] to review all of the material that you have made available to us. ... In the spirit of professional cooperation, we are asking you to extend your deadline for one week." The email continues, "As a show of good faith on our side, we are willing to commit to making a bug bounty payment of $250,000 to you as soon as we can establish the necessary account and acquire bitcoin."

It is unclear if the HBO email is authentic or if it has been doctored in any way. However, the email to THR is from the same account going by "Mr. Smith" that has sent previous messages and proof of stolen content. THR has confirmed that the executive works for HBO in a technology capacity. HBO declined comment.

"We also have not been able to put into place the necessary infrastructure to be able to make a large payment in bitcoin, although we are taking steps to do so as you suggested," the HBO exec says in the email.

On Aug. 3, the hackers sent an email to THR indicating their motive. "It's just about money. We have weeks of negotiations with HBO officials, but they broke their promises and want to play with us...," the email said.

Hollywood hacking victims are typically loath to acknowledge that they pay up or even offer to make a payment, as it would set a precedent that could have a ripple effect in the industry. However, in the recent wave of attacks that have hit the industry over the past year, at least one victim has paid the hackers. It is also possible that HBO had no intention of paying the hackers any money and was looking for a way to stall for more time to ascertain the scope of the breach before stolen items were released on the internet.

 

[Sunster]

lmao they are just being mean now

 

[Guevara]

Great, you just gave future hackers a range.

 

[hodayathink]

While I don't think this will be nearly as bad as the Sony hack, I also don't think that HBO would be willing to pay 250K just to prevent the early release of a few episodes of Game of Thrones.

 

[kswiston]

While I don't think this will be nearly as bad as the Sony hack, I also don't think that HBO would be willing to pay 250K just to prevent the early release of a few episodes of Game of Thrones.

Episode 4 probably got its ratings bump due to the india leak, but the finale leaking early would be bad for them.

 

[Lan Dong Mik]

lol reminds me of some black mirror shit

 

[PixelatedBookake]

What do these guys want?

 

[HawksWinStanley]

Probably a naive question, but why does HBO care? How much exactly do they stand to lose here on viewership? Wasn't there just a thread about how their most popular show gets pirated at an unbelievable rate anyway? Why not just tell them to fuck off, take the L, and beef up their security and a lesson learned?

 

[Starviper]

Probably a naive question, but why does HBO care? How much exactly do they stand to lose here on viewership? Wasn't there just a thread about how their most popular show gets pirated at an unbelievable rate anyway? Why not just tell them to fuck off, take the L, and beef up their security and a lesson learned?

Well, it's two-fold -- They prevent possible damage to the company (because only they know what and how much data the hackers got) and I imagine the intent is to get the hackers to reveal more about how they got into their systems.

If the email is real, the hackers definitely don't care about making anything from this. Seems short sighted to me if they had that offer on the table.

 

[Various Artists]

I wonder if HBO would try to do what Valve (Gabe) did by trying to get them out in the open and arrested. Almost worked too.

 

[Horns]

I would give them nothing now. Fuck them. They'll likely still fuck HBO over even if they pay.

 

[smokeymicpot]

Probably a naive question, but why does HBO care? How much exactly do they stand to lose here on viewership? Wasn't there just a thread about how their most popular show gets pirated at an unbelievable rate anyway? Why not just tell them to fuck off, take the L, and beef up their security and a lesson learned?

It isn't about the show. They are more worried all their personal data gets out.

 

[shira]

While I don't think this will be nearly as bad as the Sony hack, I also don't think that HBO would be willing to pay 250K just to prevent the early release of a few episodes of Game of Thrones.

But you can just claim that as an expense.

 

[Socivol]

I read about this last night someone from HBO confirmed it was legit and the only made the offer to buy time. I don't think these hackers have GoT episodes because HBO has been dicking them around and yet the episodes have not leaked.

 

[TheContact]

While I don't think this will be nearly as bad as the Sony hack, I also don't think that HBO would be willing to pay 250K just to prevent the early release of a few episodes of Game of Thrones.

I think it's more about "tell us how you got in so we can fix it" for 250k

 

[SugarDaddy]

Hollywood hacking victims are typically loath to acknowledge that they pay up or even offer to make a payment, as it would set a precedent that could have a ripple effect in the industry. However, in the recent wave of attacks that have hit the industry over the past year, at least one victim has paid the hackers. It is also possible that HBO had no intention of paying the hackers any money and was looking for a way to stall for more time to ascertain the scope of the breach before stolen items were released on the internet.

Makes sense

 

[LOLCats]

I wonder if HBO would try to do what Valve (Gabe) did by trying to get them out in the open and arrested. Almost worked too.

seems more plausible than the 250k

 

[gdt]

Probably a naive question, but why does HBO care? How much exactly do they stand to lose here on viewership? Wasn't there just a thread about how their most popular show gets pirated at an unbelievable rate anyway? Why not just tell them to fuck off, take the L, and beef up their security and a lesson learned?

Some rumors about there being emails and internal memos in the stolen files.

 

[NimbusD]

What do these guys want?

To feel powerful. The more they embarrass a rich, iconic corporation, the more bad ass they feel.

 

[sixteen-bit]

Mr Robot season 3 viral marketing is next-level

 

[CloudyTuba]

Reading their trouble with bitcoin reminds me of work. Let me tell you it's not as easy to buy bitcoin in the US as it used to be. Lots of restrictions. My company got their servers ransom locked and while they initially planned to give them the middle finger and restore from backups, they soon discovered that IT was not doing backups like they were supposed to and were months behind. They gave in and it took like 2-3 weeks to get their hands on the requisite bitcoins after all the hoops they were forced to jump through. It's a hassle.

 

[Jezbollah]

Showing intent to pay a ransom only encourages said activity.

Well done HBO. Good job.

 

[Cake Boss]

I am surprised they haven't leaked all of the GOT episodes yet. I know they did just one of them.

 

[BlackSalad]

Reading their trouble with bitcoin reminds me of work. Let me tell you it's not as easy to buy bitcoin in the US as it used to be. Lots of restrictions. My company got their servers ransom locked and while they initially planned to give them the middle finger and restore from backups, they soon discovered that IT was not doing backups like they were supposed to and were months behind. They gave in and it took like 2-3 weeks to get their hands on the requisite bitcoins after all the hoops they were forced to jump through. It's a hassle.

damn

 

[pestul]

I am surprised they haven't leaked all of the GOT episodes yet. I know they did just one of them.

It wasn't this hack that leaked episode 4.

 

[HMD]

Because of these fucks spoilers are literally everywhere and I'd have to completely quit social media if I didn't wanna be spoiled. I just hope HBO has tighter security for the last season.

 

[soundscream]

I am surprised they haven't leaked all of the GOT episodes yet. I know they did just one of them.

No they didn't. That was a content partner in India who left a link to the file on a webpage.

 

[Dalek]

Out of curiosity what is typically the punishment for a crime like this, if caught? It seems so brazen as if there is no fear of consequence.

 

[Familienoberhauptvogel]

Probably a naive question, but why does HBO care? How much exactly do they stand to lose here on viewership? Wasn't there just a thread about how their most popular show gets pirated at an unbelievable rate anyway? Why not just tell them to fuck off, take the L, and beef up their security and a lesson learned?

take a look at sony pictures.

Showing intent to pay a ransom only encourages said activity.

Well done HBO. Good job.

ransomware doesn't need encouragement at all, it's thriving really. Why steal info when you can extort people to get access to them.

 

[Kinyou]

Out of curiosity what is typically the punishment for a crime like this, if caught? It seems so brazen as if there is no fear of consequence.

I imagine it would be quite hefty. Blackmail is no joke.

But also very possible that these guys sit in a country that wouldn't extradite them to the US

 

[Daedardus]

"We're offering you $250,000. Please give us your bank account or address where we can send the cheque to."

 

[Dierce]

Whatever happened to the Disney hack? Didn't hackers steal one of their movies and try to blackmail the studio?

I wonder if Disney secretly negotiated with them.

 

[andythinkpad]

Why do HBO even care? last episode had the highest rating.

 

[Glass Rebel]

HBO probably doesn't want to have that storyline with Ned's head getting resurrected leaked.

 

[Kalnos]

Try to get them to reveal themselves and if they do then take whatever information they can give you before calling the authorities. Win/win for HBO if they took the bait.

 

[GK86]

Out of curiosity what is typically the punishment for a crime like this, if caught? It seems so brazen as if there is no fear of consequence.

A fine and jail time. The amount and time served would depend on the crime and state. I'm guessing they don't have a fear of getting caught. I mean, they were in HBO's systems for six months without being noticed.

 

[Kiraly]

Reading their trouble with bitcoin reminds me of work. Let me tell you it's not as easy to buy bitcoin in the US as it used to be. Lots of restrictions. My company got their servers ransom locked and while they initially planned to give them the middle finger and restore from backups, they soon discovered that IT was not doing backups like they were supposed to and were months behind. They gave in and it took like 2-3 weeks to get their hands on the requisite bitcoins after all the hoops they were forced to jump through. It's a hassle.

What hoops?

 

[thoseAREmySHOES]

Mr Robot season 3 viral marketing is next-level

Underrated post

 

[Admiral Woofington]

I don't care how much you want to do something for the lulz, for that much money? I'd let an HBO exec have his/her way with me.

 

[see5harp]

I tried to buy bitcoin and I was shocked at how many hoops there are.

 

[nubbe]

What do these guys want?

 

[RedAssedApe]

Episode 4 probably got its ratings bump due to the india leak, but the finale leaking early would be bad for them.

would it really? millions of pirated downloads of this show every week are not putting any kind of dent in their ratings numbers. you can easily avoid spoilers if you want to.

 

[Jezbollah]

ransomware doesn't need encouragement at all, it's thriving really. Why steal info when you can extort people to get access to them.

The reality is that while there are people who will pay, people will keep attempting to extort.

Its like junk mail. For 99% of the time its unsuccessful, that 1% will justify the effort in the first place.

 

[Astral/H3X]

You guys know that what HBO is trying is common yeah? It's one of the ways that you can (kinda) legitimately make money with hacking skills -- "Hey corporation, I found vulnerabilities in your system that allowed me XYZ. I'll tell you what they were and how to fix them for money".

It's still illegal, but is a lot more moral, and isn't exactly prosecuted. It's rewarded precisely because a company would prefer someone crack into their systems with the intent of selling info on how to prevent it, than someone cracking in to steal shit and cause damage.

 

[Skellig Gra]

There is no point in paying these guys. They already did something incredibly illegal. Why would they stick to an agreement after they get their money? Don't the HBO execs watch any of the shows they produce?

 

[Jigorath]

I wonder if HBO would try to do what Valve (Gabe) did by trying to get them out in the open and arrested. Almost worked too.

Yeah. Seems like some sort of set up.

 

[platocplx]

I wouldnt even pay them. If I were HBO id just release what was left for current seasons and make it a marathon night.

 

[elrechazado]

I wouldnt even pay them. If I were HBO id just release what was left for current seasons and make it a marathon night.

And if it's a massive data breach that contains personal information on employees or customers, then what? A show leaking early is the least concerning thing that can happen.

 

[Contica]

I dream of a world where people will stop being childish pricks, and start using their talents for something that's actually constructive.

 

[Kareha]

What do these guys want?

They already said they're just doing it for the money, nothing else.