" /> HBO Hackers Leak Top Executive’s Emails | bambinoides.com

HBO Hackers Leak Top Executive’s Emails

HBO Hackers Leak Top Executive’s Emails


The release of a month’s worth of the executive’s inbox is the first indication that HBO’s emails have been penetrated, at least partially.

The hacker or hackers behind the HBO data breach have posted online a publicly accessible link to a cache of internal documents, including a script summary of an upcoming Game of Thrones episode and a month’s worth of emails from the inbox of one of the company’s executives.

The materials, which mark the first evidence that some HBO private emails are in the hands of hackers, came Monday in an email message to The Hollywood Reporter that also contained nine files with such labels as “Confidential” and “Script GOT7.” The hackers also delivered a video letter to HBO CEO Richard Plepler that says, “We successfully breached into your huge network. … HBO was one of our difficult targets to deal with but we succeeded (it took about 6 months).”

THR is not revealing the contents of the emails or the substance of the leaked Game of Thrones materials, which also includes marketing spreadsheets and media plans for the hit series. It’s unclear if the hackers sent the link to the materials to other media outlets or Game of Thrones fan sites.

While the release of an executive’s emails is an escalation of the HBO attack, it doesn’t necessarily indicate the hackers have access to widespread company emails, as was the case in the 2014 hack of Sony Pictures. On Aug. 2, days after the HBO hack was first acknowledged, Plepler told staff: “We do not believe that our e-mail system as a whole has been compromised, but the forensic review is ongoing.”

The confidential folder offers a screenshot of files that largely pertain to Game of Thrones and includes castings, script summaries and marketing materials, including a detailed summary of the episode that is set to air Sunday.

In the letter to Plepler, which unfolds as a scroll set to ominous music, the hackers demand money (though the figure is redacted). They also claim that HBO marks their 17th target, and only three have failed to pay.

An HBO spokesperson, in a statement to THR, responded: “HBO believed that further leaks might emerge from this cyber incident when we confirmed it last week. As we said, the forensic review is ongoing. While it has been reported that a number of emails have been made public, the review to date has not given us a reason to believe that our e-mail system as a whole has been compromised.”

The statement added: “We continue to work around the clock with outside cybersecurity firms and law enforcement to resolve the incident. Meanwhile, our dedicated employees continue to focus on delivering the high quality of entertainment and service for which we are known.”

Aug. 7, 3:05 p.m.THR has removed from this article the name of the executive whose emails were leaked.


FBI Gives Hollywood Hacking Victims Surprising Advice: “Pay the Ransom”

Illustration by Victor Kerlow

Netflix isn’t alone: Agencies and others are balancing demands for money against the fears of stolen data ending up online.

Phones are the lifeblood of a talent agency like UTA, but on April 11, its IT department discovered an intruder lurking in the voicemail system and computer network and quickly decided to shut them down, sending agents to conduct business on their iPads. Soon thereafter a demand from a hacker arrived: Pay a ransom or watch the agency’s most confidential data get posted online.

It turns out UTA was lucky — an outside cybersecurity firm was brought in and, after conducting a forensic analysis, determined that nothing valuable had been pilfered. But the episode was one of at least a half-dozen extortion attempts against Hollywood firms over the past six months alone, say sources in the cybersecurity industry. Mirroring the audacity of the famed Bling Ring, the recent spate of strikes has left executives throughout the entertainment industry on edge, fearing that they — and all of their emails, contracts, celebrity addresses, banking information and salaries — might be the next Sony or Netflix, which saw 10 episodes of the upcoming season ofOrange Is the New Black posted to The Pirate Bay six weeks ahead of the series’ June 9 launch.

Others targeted with extortion plots include ICM and WME, the latter more significantly. Says USC cybercrime expert Michael Orosz: “A hacker breaks in through various means, steals data and then holds the company over the barrel. This is becoming more and more common because it’s easy to do. It’s basically low-hanging fruit.”

The frequency of the attacks has overwhelmed the FBI’s Los Angeles field office, which has been unable to properly investigate all of them. The FBI’s surprising advice, according to industry sources: Pay the ransom. After all, the hackers aren’t asking much more than a Cannes hotel tab. In all of the Hollywood extortion cases, the hackers demanded less than $80,000. A law enforcement source says that in California, losses would need to exceed $50,000 for the U.S. Attorney’s office to prosecute, thus keeping the FBI from pursuing most of these cases.

But an FBI spokesperson in the L.A. office denied that the agency is telling companies to cough up the bitcoins in cases of ransomware. “The FBI does not encourage payment of ransom as it keeps the criminals in business,” says Laura Eimiller. “Of course, the individual victim must weigh their options.”

“If your system is wiped and you didn’t pay, then there’s no way to recover it and you basically shut down your entire business, so the FBI will say it’s easier to pay it than it is to try to fight to get it back,” says Hemanshu Nigam, a former federal prosecutor of online crime in L.A. and onetime chief security officer for News Corp. “And if one company pays the ransom, the entire hacking community knows about it.”

So far, at least one Hollywood company has paid the ransom, according to a source. Others are waiting to see if anything valuable was taken, something not evident unless a victim runs a forensic analysis, which typically costs far more than the ransom demand.

Hacking collective TheDarkOverlord used Twitter to announce that it was distributing unreleased episodes of <em>Orange Is the New Black</em>.
Courtesy of Twitter
Hacking collective TheDarkOverlord used Twitter to announce that it was distributing unreleased episodes of Orange Is the New Black.
Also among the titles stolen from Larson Studios was IFC&rsquo;s <em>Portlandia.</em>
Courtesy of IFC Films
Also among the titles stolen from Larson Studios was IFC’s Portlandia.


Netflix recently learned the consequences of not paying. Sometime in late 2016, a hacker collective known as TheDarkOverlord breached the network of postproduction facility Larson Studios and made off with a trove of unaired shows including Orange Is the New Black, CBS’ NCIS: Los Angeles, Fox’s New Girl and IFC’s Portlandia. It wasn’t until late January that the FBI began to contact the affected parties, which also included ABC, NBC, FX, National Geographic, E!, Disney Channel and Lifetime, to let them know the agency was investigating a possible hack and that their property may have been stolen. But more than a month passed without incident, eliciting relief from the networks. Then, in March, TheDarkOverlord made its first overture to the victims, demanding a ransom of 50 bitcoin (roughly $60,000) by an April 30 deadline or else the content would be released.

Netflix never responded to TheDarkOverlord, and two days before the deadline, the hackers posted on Twitter, “To those of you carefully watching this feed, allow the events that are but mere moments away to influence your choises [sic].” Twenty minutes later, the account tweeted a link to download the first episode of season five of Orange Is the New Black on Pirate Bay.

THR has been in contact with TheDarkOverlord, who said more content will be released because none of the affected parties has paid the ransom. “We’re motivated by our desire to acquire internet money,” TheDarkOverlord told THR via an encrypted conversation in a private chat room. “Contrary to what others have declared, we’re motivated only by the benefit of financial gain.” The group would not say whether it had infiltrated other Hollywood entities.

CBS&rsquo;<em> NCIS: Los Angeles</em> was taken as well.
Courtesy of CBS
CBS’ NCIS: Los Angeles was taken as well.


Although more than two years have passed since the epic Sony hack, the phenomenon appears to be alive and well in Hollywood, albeit barely reported. TheDarkOverlord hit might be the first breach since Sony to generate headlines, but that doesn’t mean the problem is rare or insignificant. One source, who declined to be named because it would violate a confidentiality agreement, called hacking one of the biggest threats facing the industry.

That’s partly because few appreciate the scope of the problem. After all, Hollywood is an interconnected ecosystem, where valuable and confidential data is uploaded or shared with partners at a wide variety of organizations that in turn have varying degrees of security, says Orosz. A studio may have a solid firewall, but what about the management company it negotiates deals with, or the law firm or the publicity outfit? Last year, a hacker posing as an Interscope executive convinced a record label and management company to send copies of Lady Gaga’s master audio files, according to The New York Times. (Lady Gaga’s reps did not respond to a request for comment.)

Netflix probably has the resources and in-house expertise to thwart a network intruder, but few third-party vendors can match the tech brawn of a multibillion-dollar corporate giant. “Part of being data-security responsible is understanding that there’s a supply chain,” explains Orosz, “and everybody collectively needs to do their part to ensure that they are not the weakest link.”

"When you're in the boxing ring, you're there — you have to be present. It's a craft I'm learning," says Barry Keoghan, photographed May 2 in Dublin.

Privately, many of the networks victimized by TheDarkOverlord hack were quick to point fingers at Larson Studios, a postproduction facility widely used by television shows. In its only public statement on the matter, Netflix deflected blame to Larson: “A production vendor used by several major TV studios had its security compromised, and the appropriate law enforcement authorities are involved.”

Experts say UTA handled its attack correctly, moving swiftly to contain the threat by getting everyone off their devices to prevent the malware from spreading. “To me, it’s the first time that I actually saw an amazingly positive sign that these agencies are realizing the risks of cyberattacks in how badly it can hit their bottom line and their reputation,” says Nigam. “Watching what UTA did was something that people should pay a lot of attention to in terms of this is a good example of how you respond to an attack.”

The fact is, the next major breach likely has already occurred. Often the first time a company learns it has been hacked is with the arrival of a ransom note, and that can be long after its data is stolen. Hackers, typically located in foreign countries, are constantly sweeping for data, and it may take weeks or months for them to examine a cache and realize what they have.

Sixty-thousand dollars is the rough value of the 50-bitcoin ransom hackers demanded for stolen episodes of <em>Orange Is the New Black.</em>
Courtesy of Netflix
Sixty-thousand dollars is the rough value of the 50-bitcoin ransom hackers demanded for stolen episodes of Orange Is the New Black.

TheDarkOverlord sees itself as a professional venture, not unlike the Hollywood companies it is trying to extort. “We’re a professional business entity, and we behave as such,” TheDarkOverlord told THR. “We’re in this racket to create mutually beneficial long-term business relationships. A majority of our clients find our services very beneficial.”

The group didn’t clarify what it means by “clients,” but it seems to imply that it offered investors a black market opportunity to share the profits from its extortion plots. A Times report linked the group to extortion against entities including an investment bank, a glue manufacturer, health care providers and a cancer charity.

But there are a lot of people out there who are especially interested in messing with Hollywood. At Sundance in January, hackers launched a DDoS attack that shut down the box office. Around the same time, a separate but likely related attack is believed to have disrupted Wi-Fi service for nearly all of Park City’s Main Street businesses, bringing many festival events to a standstill. The FBI never confirmed whether it was investigating, telling THR that it had no update beyond that it was reviewing the incident.

“Technology continues to march at an unrelenting pace, and things are becoming much more sophisticated. What has resulted is we humans start to lose track of the environment that we are all interfacing with,” says Orosz. “Hollywood is fast-paced, but no matter how fast or critical your timelines, part of that responsibility is taking care of your data security. So far, it doesn’t appear to be costing business too much, but it will.”

A DDoS attack knocked out the box office at Sundance in January.
Danny Moloshok/Invision/AP
A DDoS attack knocked out the box office at Sundance in January.

This story first appeared in the May 10 issue of The Hollywood Reporter magazine.


The views expressed are not necessarily those of the publisher or bambinoides.com. Images accompanying posts are either owned by the author of said post or are in the public domain and included by the publisher of the blog bambinoides.com on its initiative.

Leave a comment

You must be Logged in to post comment.

© 2012-2018 - Copyright - bambinoides.com is not liable for the content of external web pages. © Disclaimer Under Section 107 of the Copyright Act 1976.
Creative Commons Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Bambinoides.com está disponible bajo una licencia “Creative Commons” Reconocimiento-No comercial 4.0. Cualquier reconocimiento debe ser a bambinoides.com y a cada autor/publicación en particular.
WP-Backgrounds Lite by InoPlugs Web Design and Juwelier Schönmann 1010 Wien
“La historia es en realidad el registro de crímenes, locuras y adversidades de la humanidad” (E. Gibbon)