HBO Cyber Attacked, Hacked, Thrashed and Tortured
By Doug Pollack - News on August 21, 2017
- Cyber Security
- Incident Response
A of couple weeks ago, HBO was hacked by an individual or group of hackers going by the moniker of “Mr. Smith”. Unfortunately for HBO, they seem to be going through a death by a thousand cuts. The hacker is slowly publicly posting pre-releases of upcoming TV episodes from “Ballers”, “Insecure” and “Room 104” according to an article by the Washington Post. The hacker is demanding a ransom to be paid in Bitcoin, in the amount of approximately $6 million.
This hack is quite a departure from the typical ransomware attack where malware will lead to installation of ransomware software on the target computer, which then encrypts and/or locks the computer, so that the individual or company can no longer access it and its files. In these more common attacks, the payment of ransom is demanded in order to re-enable access to files and/or the ability to continue to conduct business.
Mr. Smith claims to have stolen over 1.5 terabytes of data from HBO, as reported by Wired, which sounds like quite a treasure trove. A week after posting the episodes online of the shows noted above, as well as select scripts for upcoming “Game of Thrones” episodes, they delivered their ransom letter along with internal HBO documents such as emails, employment agreements, and other sensitive business material.
Now to add insult to injury, HBO also just had their social media accounts hacked. A group called “OurMine” took over their Facebook and Twitter accounts. As reported by Engadget, this hack was not for financial gain, but obviously continues to be an embarrassment to the premium network organization.
So, will HBO pay Mr. Smith the requested ransom? They seem to be standing firm. They have stated that “[they] are not in communication with the hacker and [are] not going to comment every time a new piece of information is released.” Thus far this strategy has just led to more and more content floating out into the public eye.
According to Gartner analyst Avivah Litan as reported by the NY Post, “it’s kind of like kidnap and ransom and torture. Eventually HBO may have to give in.”
I guess we’ll see. Paying ransom, no doubt, is a precedent that no content and media organization wants to establish. However, the effective cost to HBO after all is said and done, may well exceed the several millions of dollars requested by the hackers.
I wonder if HBO has insurance for this hack, and if it covers payment of ransom? That will be interesting to see.