HBO Offers Game of Thrones Hackers $250,000 as 'Bug Bounty Payment'
Bug Bounty programs are usually offered to ethical hackers who identify security flaws and alert the relevant service provider before an attack is made. The ‘bounty’ is usually a cash reward to thank the hacker and to encourage other hackers to act in a similar matter.
What is confusing is why HBO would be offering cash to a hacker that has done nothing but exploit security flaws in a deliberate attempt to damage the channel.
HBO in panic about what else could be released
Sources close to HBO have suggested the bounty might be a panic move to buy them time to examine what else the hackers might have access to. It would seem that if they have access to scripts and personal information, the possibility of an even more damaging attack could be looming.
The email reads, "You have the advantage of having surprised us. In the spirit of professional cooperation, we are asking you to extend your deadline for one week." The correspondence goes on to say "As a show of good faith on our side, we are willing to commit to making a bug bounty payment of $250,000 to you as soon as we can establish the necessary account and acquire bitcoin."
Six-month salary demanded as ransom
A week after the email was sent the hacker posted more evidence of hacked material. They also reiterated demands for a ‘six-month’ salary as a type of ransom to get them to stop the attacks. The figure would be enormous, given the hacker has indicated they regularly earn between 12 - 15 million USD per year.
In the first leak, the hacker, who calls himself, Mr. Smith, told HBO, CEO Richard Plepler to pay his ransom demands or they would make the allegedly stolen data publicly available.
Hacker, dubbed Mr.Smith, has access to company email
Mr. Smith told HBO they have 1.5TB of stolen data that included full episodes of various HBO shows as well as millions of files. At the time of the video message, the hacker or hackers also dumped over 3 gigabytes of data. The data included technical information about HBO’s internal network and administrator passwords as well as the draft scripts from five Game of Thrones episodes. Perhaps most terrifying for the media group was the release of a month’s worth of emails from HBO’s vice president for film programming, Leslie Cohen. HBO don’t believe their email system has been totally compromised, although it did acknowledge the theft of “proprietary information”.
The hackers claim it took six months to break into HBO’s network They go on to suggest that they spend over half a million dollars per year purchasing zero-day exploit that let them exploit holes in networks that are unknown to large software companies such as Microsoft.