Episode 5 of the penultimate season of Game of Thrones will air on Sunday at silly o'clock on Sky Atlantic in the UK. As with episode 4, an outline of the script has been circulating online in what seems to be the latest leak from the huge HBO hack. And suddenly, it seems like the “cyber incident” that some people — including this blogger — thought would be catastrophic is just a big, bad empty threat.
It seemed like a big deal at first. Nearly two weeks ago, HBO confirmed that hackers had penetrated its servers and stolen some “proprietary information.” A hacker who identifies himself as “Mr. Smith” then leaked the script outline for episode 4 of Game of Thrones, some episodes of Ballers, as well as some information about other HBO shows, like Room 104. At the time, the hacker claimed to have stolen some 1.5 terabytes of data, including information about HBO employees, and demanded a $6 million (£4.64m) ransom. But HBO stood fast.
Things heated up a few days later, when Variety reported that the hacked data included some emails of a senior HBO executive. The entertainment newspaper also claimed that there is an image file that “appears to show screenshots of HBO’s internal administration tools, listing employee names and email addresses and their functions within the organisation.” That’s when comparisons to the catastrophic Sony hack of 2014 really heated up. If these hackers released a boatload of private and confidential information, and if the leaked data included financial information about the company, HBO could be in real trouble.
Trouble is still not out of the question, but it’s starting to seem like this hacker might not be holding as much damaging information as he claims. Indeed, some of an HBO executive’s emails were stolen. We know this because the hacker released them to media outlets earlier this week. The Hollywood Reporter got the scoop:
The materials, which mark the first evidence that some HBO private emails are in the hands of hackers, came Monday in an email message to The Hollywood Reporter that also contained nine files with such labels as “Confidential” and “Script GOT7.” The hackers also delivered a video letter to HBO CEO Richard Plepler that says, “We successfully breached into your huge network. … HBO was one of our difficult targets to deal with but we succeeded (it took about 6 months).”
THR is not revealing the contents of the emails or the substance of the leaked Game of Thrones materials, which also includes marketing spreadsheets and media plans for the hit series.
But, after all this, the fact remains that we still haven’t seen any damage that’s even close to comparable to the Sony hack that could end up costing that company $100 million (£77,339m) . We also haven’t seen anything super splashy surrounding Game of Thrones, which was always the hacker’s big hook in drawing interest to the data breach. It is true that a low quality screener of episode 4 appeared online last week, before the show aired. We later learned, however, that incident was part of a separate leak involving an Indian distribution company. We still have no evidence that the HBO hacker has any Game of Thrones content aside from a few outdated episode outlines.
We now have evidence that HBO expressed some willingness to pay, at first, however. On Thursday, images of a July 27th email exchange between the hacker and a member of HBO’s tech team emerged. They showed that the network offered the hacker $250,000 (£193,000) to extend the deadline for the larger ransom. The email framed the payment as a “bug bounty” that would be paid in “good faith.” The fact that HBO made an offer, by the way, doesn’t necessarily mean that HBO was willing to pay. In fact, a source familiar with the matter told Deadline that the figure “was in fact not even a genuine offer.” HBO was apparently just trying to buy some time.
Time will tell whether this HBO hack will matter. What definitely matters is the fact that big Hollywood studios are now in the crosshairs of hackers around the world. It makes sense, too. Hackers love attention, and there are few better ways to win headlines than to dump a bunch of unreleased entertainment online for free. The fact that employee data and financial information could be included as well gives companies like HBO (or Sony) a good reason to pay the ransom.
To paraphrase the immortal words of Brad Pitt’s character in Burn After Reading, everybody — from Hollywood studios to your aunt in Virginia — needs to worry about the security of their shit. Things will probably get worse before they get better, when it comes to cyber incidents like this. Do your best to end up on the better side.