HBO Hacked, Game of Thrones script leaked on the Internet

Pierluigi Paganini
August 15, 2017 by
Pierluigi Paganini

Early August, hackers announced to have breached the systems of the television network HBO that is owned by the giant Time Warner. Crooks claimed to have stolen 1.5 terabytes of data from HBO, including information on the current season of Game of Thrones and a script that is reportedly for the upcoming fourth episode of Game of Thrones Season 7.

On Sunday, July 30th, hackers reported the security breach to several journalists via anonymous email, below an excerpt from the message:

See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

"Hi to all mankind. The greatest leak of cyber space era is happening. What's its name? Oh, I forget to tell. It's HBO and Game of Thrones……!!!!!!

You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread the words. Whoever spreads well, we will have an interview with him."

"HBO has joined the ranks of Hollywood entertainment companies to suffer a major cyber-attack." reads the Entertainment Weekly website.

"EW has learned that upcoming episodes of a couple of series and at least one alleged script or treatment have been put online by hackers who breached the company's systems — with more threatened to be coming soon."

The hackers have exfiltrated a huge trove of data, including the episodes of many HBO shows yet to release online, they have already leaked upcoming online episodes of "Ballers" and "Room 104, " and they announced more leaks to be "coming soon."

"HBO recently experienced a cyber incident, which resulted in the compromise of proprietary information," reads a statement issued by the company. "We immediately began investigating the incident and are working with law enforcement and outside cyber security firms. Data protection is a top priority at HBO, and we take our responsibility seriously to protect the data we hold."

Figure 1- HBO Game of Thrones series

HBO did not provide further details on the incident; the company immediately reported the facts to law enforcement to start the investigation.

HBO chairman and CEO Richard Plepler sent an email to HBO employees notifying them the security breach.

"As most of you have probably heard by now, there has been a cyber incident directed at the company which has resulted in some stolen proprietary information, including some of our programming," he wrote. "Any intrusion of this nature is obviously disruptive, unsettling, and disturbing for all of us. I can assure you that senior leadership and our extraordinary technology team, along with outside experts, are working round the clock to protect our collective interests. The efforts across multiple departments have been nothing short of Herculean. It is a textbook example of quintessential HBO teamwork. The problem before us is unfortunately all too familiar in the world we now find ourselves a part of. As has been the case with any challenge we have ever faced, I have absolutely no doubt that we will navigate our way through this successfully."

The "Mr. Smith's request – a video letter to the CEO

The cyber gang that claimed to have hacked the television group HBO networks were demanding millions of dollars in ransom payments from the company while threatening to release more material belonging to 1.5 terabytes of data they have stolen.

The hackers published a five-minute video letter to HBO chief Richard Plepler claiming to have "obtained valuable information" in a cyber-attack.

The author of the message called himself "Mr. Smith," confirmed his group obtained "highly confidential" documents and data, including scripts, contracts, and personnel files.

According to the website, hackers leaked ten files including what appears to be a new script of the fantasy series "Game of Thrones."

Along with the video letter, the hackers released 3.4GB of files. The dump contained technical data related to the HBO's internal network and administrator passwords, and of course the draft scripts from five Game of Thrones episodes. The huge trove of files also includes a month's worth of emails from HBO's vice president for film programming, Leslie Cohen.

"Many of the more than 50 internal documents released were labelled "confidential", including a spreadsheet of legal claims against the TV network, job offer letters to several top executives, slides discussing future technology plans, and a list of 37,977 emails called "Richard's Contact list", an apparent reference to Plepler." reported the Guardian.

One of the confidential documents leaked by hackers contains the cast list for Game of Thrones, listing personal telephone numbers and email addresses for actors such as Peter Dinklage, Lena Headey, and Emilia Clarke.

The hackers claim to have worked hard for six months to compromise the HBO network; they also added to have purchased $500,000 a year zero-day exploits that let them hack the firm exploiting flaws in Microsoft and other software used by HBO.

The hackers demanded "six-month salary in Bitcoin" for their work; they pretended to receive half of the HBO group's annual budget of $12 million to $15 million to stop leasing the files.

"We want XXX dollars to stop leaking your data," "HBO spends 12 million for Market Research and 5 million for GOT7 advertisements. So, consider us another budget for your advertisements!"

Mr. Smith claims HBO was the 17th victim of his group and added that "only 3 of our past targets refused to pay and were punished very badly and 2 of them collapsed entirely."

HBO fears that hackers will leak other material and that "the forensic review is ongoing."

"While it has been reported that a number of emails have been made public, the review to date has not given us a reason to believe that our email system as a whole has been compromised," the statement from the Time Warner unit said. "We continue to work around the clock with outside cybersecurity firms and law enforcement to resolve the incident."

The "bug bounty" proposal

According to a report from a leaked memo by Variety, HBO offered a reward of $250,000 in response to the incident. The payment was offered as a "bug bounty," to discover vulnerabilities in their its computer networks.

Just after the security breach, HBO offered $250,000 to crooks who hacked into its computer systems in the attempt to extend a deadline for paying a much larger ransom.

The email message that was reviewed by Reuters reads:

"You have the advantage of having surprised us," a member of HBO's technology team said in the July 27 email. "In the spirit of professional cooperation, we are asking you to extend your deadline for one week."

According to the Reuters agency, a person familiar with HBO's response confirmed the company sent the email "as a stall tactic, " and it had never intended to make the payment, but the strategy failed.

Unfortunately, "Mr. Smith" and his gang weren't satisfied by the offer to stop leaking sensitive data because it did not match their millionaire request that would be more than $6 million.

HBO did not comment the report by Variety; the company is working with forensic experts and law enforcement to identify the hackers and fix the flaws they have exploited to steal the precious content.

Hollywood under attack

Hollywood seems to be a privileged target for crooks; this isn't the first time that HBO is a victim of the hackers, crooks already penetrated the HBO network in 2015, and leaked the first four episodes of "Game of Thrones Season 5."

In April 2017, the hacker 'The Dark Overlord' claimed to have stolen and leaked online episodes from the forthcoming season of the TV show Orange Is The New Black.

In May 2017, a hacker claimed to have stolen Pirates of the Caribbean: Dead Men Tell No Tales, but Disney denied it.

In 2014 the Sony Pictures suffered the biggest data breach of ever in the Hollywood history, a successful cyber-attack exposed sensitive and confidential data, and that had a significant impact on the operations of the company.

Who is the next one?


See Infosec IQ in action

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Pierluigi Paganini
Pierluigi Paganini

Pierluigi is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group, member of Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation, Professor and Director of the Master in Cyber Security at the Link Campus University. He is also a Security Evangelist, Security Analyst and Freelance Writer.

Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.

Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.