HBO Offers Hackers $250,000 'bug bounty'

HBO reportedly offered $250,000 (£193,000) to the group that hacked its servers under the guise of a “bug bounty”, according to a screenshot of the conversation released by the attackers.

A senior vice president of the company made the offer on 27 July, phrasing the payment as a reward for discovering weaknesses in HBO’s network rather than acceding to ransom demands.

There is no way to verify the authenticity of the email, or whether it has been altered, but it was shared with some outlets through the same email address that the attackers had previously used to leak stolen data.

In the message, the executive says HBO has “been working hard since Sunday evening [23 July] to review all of the material that you have made available to us. We simply have not yet been able to do so”.

The executive continues: “You have the advantage of having surprised us. In the spirit of professional cooperation, we are asking you to extend your deadline for one week.

“As a show of good faith on our side, we are willing to commit to making a bug bounty payment of $250,000 to you as soon as we can establish the necessary account and acquire bitcoin.”

The offer may have been an attempt to stall for time, rather than a genuine proposal of payment. HBO explained about the hack four days after the bug bounty payment was offered, telling the public that it had experienced a “cyber-incident, which resulted in the compromise of proprietary information”.

A script for Game of Thrones, and two unreleased episodes of dramas Ballers and Room 104, were put online the same day. A week after the payment offer, on 3 August, the attackers sent out more evidence of hacked materials, and claimed to have access to the company’s entire webmail system, a claim denied by HBO.

The hackers later released the personal details of some Game of Thrones actors, including email addresses and phone numbers, plus some HBO emails and confidential files, along with a renewed demand for a multimillion dollar ransom.

Bug bounty payments are a common occurrence in cybersecurity, designed to encourage third-parties to discover and report weaknesses found in security systems so they can be fixed, rather than sell the information to would-be attackers.

But it is uncommon for them to be paid following the active exploitation of a bug to steal substantial quantities of data, and extremely uncommon for them to be paid to attackers who deliver payment demands in the form of a video of scrolling text set to dramatic music, asking for a payment of “six months’ salary”, or $6m, as the HBO attackers did.

At least one Hollywood hack victim has paid the ransom demanded by attackers, according to the Hollywood Reporter. But most victims refuse to talk about the ransom requests, fearing that admission they paid will make them a target for future attacks.

Guardian:

You Might Also Read:

Hackers Steal Game of Thrones Script:

Hacker Holds Netflix To Ransom:

 

« Chinese Satellite Sends Hack-Proof Messages
Cyber Security Risks Of Cloud Computing »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

Kenna Security

Kenna Security

Kenna Security is a risk intelligence & vulnerability management platform that helps prioritize and remediate vulnerabilities.

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

International Accreditation Forum (IAF)

International Accreditation Forum (IAF)

The IAF is the world association of Conformity Assessment Accreditation Bodies. Its primary function is to develop a single worldwide programme of conformity assessment.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

US Venture Partners (USVP)

US Venture Partners (USVP)

USVP is a leading Silicon Valley venture capital firm focusing on early-stage start-ups that transform cybersecurity, enterprise software, consumer mobile and e-commerce, and healthcare.

Beyond Encryption

Beyond Encryption

Mailock by Beyond Encryption is a secure email solution that allows businesses to exchange email securely, safe in the knowledge that their email can only be read by their intended recipient.

Consistec Engineering & Consulting

Consistec Engineering & Consulting

Consistec Engineering & Consulting GmbH is an information technology and services company offering solutions for monitoring the security of IT and OT infrastructure.

Zephyr Project

Zephyr Project

The Zephyr Project strives to deliver the best-in-class RTOS for connected resource-constrained devices, built to be secure and safe.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

Cybaverse

Cybaverse

Cybaverse (formerly North Star Cyber Security) was founded to create the perfect blend of a Managed Security Service Provider (MSSP) and a Cyber Security Consultancy in one.

KATIM

KATIM

KATIM is a leader in the development of innovative secure communication products and solutions for governments and businesses.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

Network Contagion Research Institute (NCRI)

Network Contagion Research Institute (NCRI)

NCRI provides pioneering technology, research, and analysis to identify and forecast cyber-social threats targeting individuals, organizations, and communities.

Intel Ignite

Intel Ignite

Intel Ignite is an internationally renowned acceleration program for early-stage deep tech startups.