Last week, CCN reported that hackers had blackmailed HBO for bitcoin, as they threatened to release 1.5 TB of company data, including episodes of the hit series Game of Thrones. The hackers, going by “Mr. Smith” demanded “6 months worth of salary”, or about $6 million according to their own claims.
At the time, the hackers released about 3-4 GB of data to prove they actually hacked HBO. The data included network administrator passwords, emails, and other sensitive data. HBO recognized that “proprietary information” had been stolen, and added that it was investigating the case along with security experts and police.
Now according to a leaked email from an IT employee that various news outlets had access to, it has been revealed that the network offered the hackers $250,000 in exchange for a one-week deadline extension on the ransom. The payment was offered as a “bug bounty” payment, a type of payment companies usually offer hackers that reveal exploits without taking advantage of them.
In the email sent by an HBO senior vice president, the network claims to be working hard to review all stolen material, and that it hasn’t yet been able to do so. As such, in the “spirit of professional cooperation”, HBO asked for a one-week deadline extension, and as a sign of good faith it would hand over $250,000. The email reads:
“As a show of good faith on our side, we are willing to commit to making a bug bounty payment of $250,000 to you as soon as we can establish the necessary account and acquire bitcoin.”
According to reports, a source close to the investigation stated that the email was a stall tactic, and that HBO didn’t really plan on handing over $250,000.
The hackers had previously claimed to make between $12 million to $15 million per year blackmailing organizations whose networks they managed to compromise. HBO was allegedly their 17th victim, and only three refused to pay so far.
According to the Hollywood Reporter, only one hack victim actually paid for the ransom demanded by hackers. Companies that pay hackers bitcoin ransoms usually don’t reveal they were even hacked, as they fear an admission will make them a target for future attacks.
Notably, HBO said the $250,000 were a bug bounty payment. These aren’t uncommon and, in fact, companies are more than willing to pay hackers who discover bugs in their networks and help fix them. Major tech companies including Google and Facebook have bug bounty programs in place.
Featured image from Shutterstock.