Future Tense

The HBO Hackers Are Demanding $7.5 Million to Stop Leaking Game of Thrones

Ben Crompton
Hackers stole information from HBO about future Game of Thrones episodes.

Helen Sloan/courtesy of HBO

The HBO hack is finally starting to make sense. Last week hackers released upcoming episodes of Ballers and Room 104 and script material from an unaired Game of Thrones episode, the network’s most popular show. But at that time, it wasn’t clear what their motive was: money, political power, lolz?

Now the hackers have made their intentions clear. They want lots of money.

On Monday, the hackers, who allegedly seized 1.5 terabytes of data from the hit-making television network, released even more stolen loot, including script summaries for the next five episodes of Game of Thrones, as well as scripts and entire seasons of other HBO shows. The leak also included a month’s worth of emails from an HBO executive as well as what appears to be the contact list of HBO chief executive Richard Pleper, which the Guardian reported contained the personal phone numbers of Game of Thrones actors.

But it wasn’t only spoilers that leaked Monday. The hackers also shared a ransom note, in the form of a video, demanding HBO pay millions of dollars or else even more sensitive company data will be posted online. That note was shared as a bizarre video with scrolling text set to the Game of Thrones soundtrack, which was included in Monday’s dump.

In the video sent to Pleper, obtained by Mashable, the hackers say that they want up to $7.5 million in bitcoin delivered later this week. “We often launch two major operations in a year and our annual income is about 12–15 million dollars. We are serious enough to do our business,” the hackers’ ransom note to HBO read. “We don’t play with you so, you in return, don’t play with us. You only have 3 days to make decision so decide wisely.”

HBO is apparently the hackers’ 17th target, and they claim only three have failed to pay up. While it’s still unclear how the hack was carried out, the ransom note does point out that the hackers spend “about 400-500,000 dollars in a year to buy 0days exploits.” That detail hints at the possibility that the hackers purchased an exploit of a software vulnerability online to break into HBO’s system.

If that is what happened, it’s similar to Sony’s hack in 2014, when hackers believed to be linked to North Korea breached the media giant’s computer network. They released tens of thousands of internal emails, as well as the Social Security numbers of thousands of employees, which led to a multimillion-dollar settlement for Sony employees. The Sony attack shared a very similar code to the WannaCry ransomware attack in May, which took advantage of a vulnerability in Windows that had been found and stockpiled by the NSA. That vulnerability was leaked out last year by hackers calling themselves the Shadow Brokers.

Hackers buy and sell software vulnerabilities on the dark web and other pseudonymous forums. The exploits are then often used to create malware or execute an attack. While it’s unclear what HBO could have done differently without knowing how the attack was carried out, one thing is certain: Malware attacks are on the rise.

“Thousands of new malware samples everyday are popping up,” said Steve Grobman, the chief technology officer at McAfee, a security firm. “The vast majority are driven by criminal activity.”

According to recent data from McAfee, the first quarter of 2017 alone counted nearly 100 million more incidents of malware than in the first quarter of 2016. A decent chunk of that malware is actually ransomware, which is when an attack locks down a user’s data until someone pays up or fulfills the hackers’ request. In the first quarter of 2017, McAfee found 9,597,233 cases of ransomware, a huge uptick from the first quarter of 2016, when the security firm found 6,029,206 incidents of ransomware.

HBO now has to decide whether to pay up, try to somehow stop the hackers from leaking, or risk losing even more valuable intellectual property. But the real damage might have nothing to do with Game of Thrones. With the Sony hack, the information leaked out from private emails between executives was far more harmful than stolen intellectual property. After all, HBO’s members are already paying customers who presumably want more than a handful of episodes of shows, so it’s not clear that it will lose any subscribers. Nor is it clear that most Game of Thrones fans would even know where to begin to look for a hacked script or episode. The main thing HBO is probably worried about is whether the hackers accessed any of the media company’s dirty laundry in its stolen email and documents—that damage is often much, much harder to recover from than a leaked television episode.