HBO Offers Hackers $250,000 'bug bounty'

HBO reportedly offered $250,000 (£193,000) to the group that hacked its servers under the guise of a “bug bounty”, according to a screenshot of the conversation released by the attackers.

A senior vice president of the company made the offer on 27 July, phrasing the payment as a reward for discovering weaknesses in HBO’s network rather than acceding to ransom demands.

There is no way to verify the authenticity of the email, or whether it has been altered, but it was shared with some outlets through the same email address that the attackers had previously used to leak stolen data.

In the message, the executive says HBO has “been working hard since Sunday evening [23 July] to review all of the material that you have made available to us. We simply have not yet been able to do so”.

The executive continues: “You have the advantage of having surprised us. In the spirit of professional cooperation, we are asking you to extend your deadline for one week.

“As a show of good faith on our side, we are willing to commit to making a bug bounty payment of $250,000 to you as soon as we can establish the necessary account and acquire bitcoin.”

The offer may have been an attempt to stall for time, rather than a genuine proposal of payment. HBO explained about the hack four days after the bug bounty payment was offered, telling the public that it had experienced a “cyber-incident, which resulted in the compromise of proprietary information”.

A script for Game of Thrones, and two unreleased episodes of dramas Ballers and Room 104, were put online the same day. A week after the payment offer, on 3 August, the attackers sent out more evidence of hacked materials, and claimed to have access to the company’s entire webmail system, a claim denied by HBO.

The hackers later released the personal details of some Game of Thrones actors, including email addresses and phone numbers, plus some HBO emails and confidential files, along with a renewed demand for a multimillion dollar ransom.

Bug bounty payments are a common occurrence in cybersecurity, designed to encourage third-parties to discover and report weaknesses found in security systems so they can be fixed, rather than sell the information to would-be attackers.

But it is uncommon for them to be paid following the active exploitation of a bug to steal substantial quantities of data, and extremely uncommon for them to be paid to attackers who deliver payment demands in the form of a video of scrolling text set to dramatic music, asking for a payment of “six months’ salary”, or $6m, as the HBO attackers did.

At least one Hollywood hack victim has paid the ransom demanded by attackers, according to the Hollywood Reporter. But most victims refuse to talk about the ransom requests, fearing that admission they paid will make them a target for future attacks.

Guardian:

You Might Also Read:

Hackers Steal Game of Thrones Script:

Hacker Holds Netflix To Ransom:

 

« Chinese Satellite Sends Hack-Proof Messages
Cyber Security Risks Of Cloud Computing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Zerto

Zerto

Zerto provides enterprise-class disaster recovery and business continuity software specifically for virtualized data centers and cloud environments.

Owl Cyber Defense

Owl Cyber Defense

Owl patented DualDiode Technology enables hardware-enforced network segmentation and deterministic, one-way transfer of all data types and file sizes.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

Dataglobal

Dataglobal

Dataglobal is an industry-leading provider of Information Archiving/Governance and Unified Data Classification solutions.

miniOrange

miniOrange

miniOrange is a cloud and on-premise based identity and access management (IAM) solution provider.

ChainSecurity

ChainSecurity

ChainSecurity provides products and services for securing smart contracts and blockchain protocols and conducts R&D in the areas of security, program analysis, and machine learning.

Crosspring

Crosspring

Crosspring is an incubator/accelerator for people who have the ambition to start a successful business or want to extend their existing business in the areas of FinTech, AR, VR, Cybersecurity and SaaS

LOGbinder

LOGbinder

LOGbinder eliminates blind spots in security intelligence for endpoints and applications.

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications & Information Protection of Ukraine (SSSCIP)

State Service of Special Communications and Information Protection is the technical security and intelligence service of Ukraine, under the control of the President of Ukraine.

Precursor Security

Precursor Security

Precursor Security are information security specialist, delivering all aspects of Security testing, Cyber Risk Management, and Continuous Security Testing.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

Route1

Route1

Route1 is an advanced provider of secure data intelligence solutions to drive your business forward.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

Dynamic Networks

Dynamic Networks

Dynamic Networks provide Managed Cloud Services; Unified Communications; Security & Compliance Services and Network & Infrastructure Services for both Public Sector and Private sector businesses.

SENTRIQS

SENTRIQS

SENTRIQS advanced encryption technology is engineered to defend against the most sophisticated cyber threats, keeping your operations efficient and secure.