The Washington PostDemocracy Dies in Darkness

Hackers post stolen HBO ‘Game of Thrones’ scripts online, demand bitcoin ransom

Conleth Hill, Peter Dinklage, Nathalie Emmanuel, Emilia Clarke, Liam Cunningham and Kit Harington in “Game of Thrones.” (Macall B. Polay/HBO)
Placeholder while article actions load

A hacker or hackers going by the name “Mr. Smith” dumped a trove of stolen HBO files online Monday and demanded a ransom from the network while threatening to release more of the files they claim to have obtained in a security breach last week.

The data dump included five “Game of Thrones” scripts and a month’s worth of emails from Leslie Cohen, the network’s vice president for film programming. It is the second data dump from the recent hack, according to the Associated Press.

The “Game of Thrones” scripts, including one for an upcoming episode, were watermarked with the words “HBO is Falling,” which is the hackers’ motto, according to Wired. Also included were internal documents such as financial balance sheets, a report of legal claims against the network and letters of job offers for several of its top executives, AP reported.

The hackers sent HBO chief executive Richard Plepler a dramatic video letter showing a scroll unfurling while the “Game of Thrones” score plays, according to the Hollywood Reporter. The scroll read, in part, “We successfully breached into your huge network. … HBO was one of our difficult targets to deal with but we succeeded (it took about 6 months).”

The hackers demanded “our 6 month salary in bitcoin,” which appeared to be at least $6 million, the New York Times reported.

Bitcoin will start being used in U.S. market trades starting Dec. 11, 2017, according to Close Global Markets Inc. Here's everything you need to know about it. (Video: Amber Ferguson/The Washington Post)

In a statement to The Washington Post on Tuesday, HBO doubled down on its claim that “the review to date has not given us a reason to believe that our email system as a whole has been compromised.” But the network did say it “believed that further leaks might emerge from this cyber incident when we confirmed it last week.”

HBO publicly disclosed the hack July 31, following a leak that included “the unauthorized release of several coming TV episodes from the series ‘Ballers,’ ‘Insecure’ and ‘Room 104,’ as well as a script for a coming episode of ‘Game of Thrones,'” The Post reported.

HBO reports hackers have stolen upcoming programming. (Video: Reuters)

How bad is the HBO hack? The company is still struggling to find out.

The hackers claimed to have stolen 1.5 terabytes of data, though the first release only included about 300 megabytes. Monday’s data dump included 500 megabytes, Wired reported. (A terabyte is equal to 1 million megabytes. For context, a song file is generally around 4 megabytes.)

Security experts told The Post that determining exactly how much data was stolen could take weeks. “You don’t know what you don’t know,” said Hemanshu Nigam, a former federal prosecutor and founder of Internet security company SSP Blue.

Dealing with cyber breaches has become an increasingly common challenge for studios and networks. As the actual materials used in the production of film and television, such as scripts and video files, become digitized, they’re naturally more vulnerable to hackers. Hackers have taken advantage of this, stealing files from major entertainment companies such as Netflix and Sony Pictures.

“No company is really off limits today,” Jim McGregor, principal analyst at Tirias Research, told  TechNewsWorld. “But the bigger and more prominent you are, the bigger target you become for a wider variety of hackers.”

Financial gain appears to be a driving factor behind the hacks. HBO isn’t the first network to be faced with paying up or facing leaked episodes of its popular shows. In December, a hacking group known as the Dark Overlord stole several files from Larson Studios, including the entire fifth season of Netflix’s “Orange is the New Black.”

“Once I was able to look at our server, my hands started shaking, and I almost threw up,” the studio’s director of digital systems Chris Unthank told Variety.

The hackers demanded 50 bitcoin, or about $50,000, from Larson Studios or else it would release the episodes. The studio paid up. Rather than upholding its end of the deal, though, the Dark Overlord then pressured Netflix to pay an additional ransom.

Netflix refused. In response, the Dark Overlord leaked the stolen episodes online in late April, weeks before its scheduled release on June 9, the New York Times reported.

Why the ‘Orange Is the New Black’ leak really won’t hurt Netflix

In this particular case, Netflix didn’t have much incentive to pay the ransom. As The Post wrote:

It isn’t as though viewers of “Orange Is the New Black” are about to cancel their subscriptions just so they can get what they were paying for free. Netflix is likely to keep getting subscribers’ money, said Laura Martin, an analyst at the asset management firm Needham & Co.
And while Netflix might be concerned about potential customers seeking out free, pirated content rather than paying for it, she added, most Americans — roughly 54 percent, according to Leichtman Research — already have Netflix.

There are other scenarios, though, in which a studio might be more eager to stop a leak, as they can have real-world impact beyond simply spoiling the latest high-profile death on “Game of Thrones.”

In October 2014, hackers identifying themselves as Guardians of Peace stole more than 100 terabytes of confidential documents, including emails between top executives, from Sony Pictures. In this case, though, no ransom was requested. Instead, many of the documents were posted online and consumed by the media in a rabid frenzy.

The reason for the hack, many thought, was not financial. Instead, as Andrea Peterson wrote in The Post at the time, “Multiple reports suggest U.S. government officials believe the attack is tied to the North Korean government, who expressed outrage over the Sony-backed film ‘The Interview,’ an action-comedy centered on an assassination plot against North Korean leader Kim Jong Un.”

One set of emails released in the leak was a back-and-forth between Sony Pictures Entertainment co-chairman Amy Pascal and high-powered producer Scott Rudin in which the two imagined what President Barack Obama’s favorite movies were. All of their suggestions were films largely starring African Americans, many focusing on slavery such as “Django Unchained” and “12 Years a Slave.”

Pascal resigned less than two months after the leak, the Los Angeles Times reported.

While the leaks can be problematic for networks and studios, adequate cybersecurity remains generally out of reach.

Fearing Russian hacking, for example, the team behind Fox’s upcoming Russian spy movie “Red Sparrow” decided to only use digital scripts that use encrypted scripts that generate a user log — the idea being that they can track whoever accesses it, as reported in the Hollywood Reporter.

Such encryption might work, but it’s generally not enough to stop a determined hacker. A film must go through many different companies on its path to being released in theaters, which makes it especially vulnerable. As the New York Times reported:

While companies like Netflix and Fox might invest in state-of-the-art cybersecurity defense technology, they must also rely on an ecosystem of postproduction vendors, ranging from mom-and-pop shops to more sophisticated outfits like Dolby and Technicolor, which may not deploy the same level of cybersecurity and threat intelligence.

Options for the studios are so limited that Reg Harnish, chief executive of GreyCastle Security, suggested to CNBC that studios are best simply informing authorities and carrying on with business as usual.

“Call the FBI, then go make more movies,” he said.

Brian Fung contributed to this story.

Here's a recap of the fourth episode from Season 7 of HBO's "Game of Thrones." (Video: Daron Taylor, Nicki DeMarco/The Washington Post)

More from Morning Mix

Residents of an exclusive San Francisco street didn’t pay their taxes. So someone bought their street.

Airbnb boots white nationalists headed to ‘Unite the Right’ rally in Charlottesville