FacebookTwitterLinkedIn

HBO’s Torrid Time

With the recent spate of data breaches and leaks of arguably HBO’s most popular television program, Game of Thrones, one can assume many of the company’s executives wish they could return to an era with no internet. Hacking of the entertainment industry appears to be on the rise and placing the relevant companies in the headlines for all the wrong reasons. If one was looking for a silver lining, the shared excitement the leaks caused on platforms like Reddit does show how popular Game of Thrones still is.

The most recent dump which seems to have occurred early this week would be the third similar data dump in about two weeks. From initial reports, it appeared that the hackers in the most recent attack tried to extort an undisclosed sum from HBO, which the hackers themselves redacted in statements issued to the press.

The first data dump

The first hack occurred over the last weekend of July. The hack was announced to certain members of the press via email. All in all the Hackers managed to steal 1.5 TB of data which included the script for the episode of the seventh season of Game of Thrones. This was later leaked online with upcoming episodes of Ballers and Room 104, which are other popular shows on the HBO rooster.

hbo's torrid time

Not all the data stolen was leaked with the hackers via email promising to leak more content in due time with the hackers themselves stating “Enjoy it & spread the words. Whoever spreads well, we will have an interview with him. HBO is falling,” in the emails, they sent to the press. At this point, many at HBO must have had a distinct feeling of déjà vu, as when last year’s release of Game of Thrones was mired by the leak of the first five episodes of season six on torrent sites. The leak was due to someone acquiring pre-release DVDs intended for the media rather than a campaign instituted by a group of hackers stealing data via the companies email servers although no episodes were leaked. The hack was confirmed by HBO to Entertainment weekly in a press statement that stated “HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information…We immediately began investigating the incident and are working with law enforcement and outside cyber security firms. Data protection is a top priority at HBO, and we take seriously our responsibility to protect the data we hold.” It is still unknown if the hackers in this instance tried to extort a sum from HBO.

The second data dump

This is where the tale starts to get murky. On 4 August, the fourth episode of season seven was leaked online. Links were shared on Vidme, Pirate Bay, and Google Drive. HBO managed to get the file removed from Google Drive. The episode which leaked had the water mark of an Indian entertainment company, Star of India, which is HBO’s distributor for the country. A Star of India spokesperson went on record to Entertainment Weekly to verify the episodes authenticity and would be investigating the breach.

Initial reports suggested that the leak of the episode could be related to the initial leak of 1.5 TB of data. HBO later said that they believed that the leak of the episode might not be related to the initial leak and may be a separate incident entirely.

The third data dump

Occurring on Tuesday of this week the script for the fifth episode along with the ransom demand sent to HBO and other content from the entertainment companies email servers. Members of the press began to receive emails from a “Mr Smith” claiming to be the spokesperson for the group of hackers responsible for the data breach. Written in typically poor English as many communications between hackers and the public at large, the email goes on to explain the rationale behind the attack and the group's rationale behind the ransom demand.

The hackers redacted the ransom demand later but kept the rationale for demanding the ransom on a website used to explain themselves. The rationale rests upon the hackers believing that HBO’s yearly income is not the hundreds of millions made public but rather billions of dollars. “Mr Smith” then goes on to state that the paying of a ransom to stop the data dumps would be a pitiful amount compared to their supposed billions in profit.

An interesting side note can be found in the hacker's statement where “Mr Smith” distances the hacking group he represents from another hacking group TheDarkOverlord.

TheDarkOverlord

While “Mr Smith” look to distance his hacking group from TheDarkOverlord both groups modus operandi is the same. TheDarkOverlord attempted to extort money from Netflix and ABC in April last year. As with the HBO, data dumps the attempt to extort money from both Netflix and ABC were unsuccessful. As TDO was unable to convince the two companies to give him a sum of money in order not to leak data, in response to not receiving the ransom he leaked episodes of Orange is the New Black and ABC’s new game show Funderdome. In the case of Netflix, TDO wanted a ransom of 50 Bitcoin, approximately 67,000 USD at the time of the demand.

Both groups provided information to journalists prior to leaking data. This can possibly be seen as an attempt to place more pressure on the studios and entertainment companies involved. While the companies in question might suffer financially as a result of the leaks, not to mention the ensuing PR storm, it is difficult to imagine that the companies would pay the ransom despite what the hackers believe are the companies actual earnings. Entertainment companies have been struggling with piracy in numerous forms eating into their profits for years. Whether it was bootleg recordings or been able to download what was desired from torrent sites piracy occurred. In the statement made by “Mr Smith” an admission that the hackers only gained access to HBO’s data took six months with no obvious pay out it seems like the hackers could have spent six months doing something else with their time.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal