For the web is dark and filled with hackers…
Winter came for HBO at the start of August, as they were hit with hacks and data leaks (and a couple of their own mistakes). And as August progresses, we feel it’s safe to say that August marks the Long Night for the cable network, as every few days a new leak or development in the story makes headlines.
Up until now, the hack resulted in the theft of 1.5 terabytes of data from HBO, and we’ve seen full episodes of Ballers, Curb Your Enthusiasm, Room 104 and more leaked online, along with Game of Thrones scripts, a breach of HBO’s social media accounts and the exposure of Game of Thrones cast and crew’s personal information.
The main hackers involved call themselves the ‘Mr. Smith group’ and are the main hacking group responsible for the hack and the data dumps. They have since demanded approx $6.5m as ransom for the stolen data. HBO has refused to bend the knee.
Next up, Mr. Smith threatened to release the highly anticipated Game of Thrones season finale (episode 7) and we are sure to expect new surprises and leaks in addition. But for now, we’ve put together a timeline documenting HBO’s month of hacks, and we plan on updating accordingly.
August 2nd: HBO Shows and Game of Thrones Script Leaked
In a cyberattack said to be a larger-scale Sony Hack, hackers managed to infiltrate HBO’s servers and released episodes of Ballers and Room 104 and a Game of Thrones episode script online. The hackers threatened to release more information in the weeks to come, claiming that “HBO is falling”.
An investigation into the hack was launched by the FBI and Mandiant.
August 9th: Hackers Release a Horde of Data Along With a Ransom Note
Just a week after the first data dump, and as promised, hackers leaked about a half-gigabyte sample of the stolen info. This includes several episodes and scripts of many HBO shows, all watermarked with “HBO is Falling” – what seems to be the official motto of the Mr. Smith hacking group.
In addition to the shows and scripts, the dump contained HBO internal emails and documents, including employment agreements, marketing strategy documents and financial balance sheets.
August 11th: HBO Offers Hackers $250,000 ‘bug bounty’
According to various reports, HBO offered hackers $250,000 as a reward for discovering weaknesses in HBO’s network.
August 17th: OurMine Hacks HBO’s Social Media Pages
Only one day after a blunder by HBO Spain gave viewers a full length sneak peak at Game of Thrones’ episode 6, the network takes yet another hit. This time on social media.
The hacking team known as ‘OurMine’ gained control of HBO’s social media accounts. A message for HBO was posted and read: “Hi OurMine here, we are just testing your security, HBO team please contact us to upgrade the security – ourmine.org -> Contact.”
Additionally, OurMine got #HBOHacked trending worldwide.
— Andrew Wallenstein (@awallenstein) August 17, 2017
August 19th: Game of Thrones Cast and Crew Had Their Personal Information Stolen
In an interview with Daily Beast, Nikolaj Coster-Waldau (who plays our favorite Kingslayer on the show) revealed how in a phone call he assumed was about his character’s fate, he was in fact told that his personal information was stolen. “Your emails, your phone numbers, all of the info is out there,” Coster-Waldau was told.
August 21st: HBO Hackers Threaten to Leak the Season Finale of Game of Thrones Season 7
The hacking group Mr. Smith claims to have the final full episode of Game of Thrones’ seventh season. “Be ready for GOT S& E6 &E7 as soon as possible.” the hackers told Mashable.
The hackers may have saved the best for last as a final attempt at getting their ransom, as holding a full Game of Thrones episode (and the finale, no less) over HBO’s head may be one way to get HBO to bow to any demands. Yet, HBO remains standing strong.
Viewing on a mobile? Click the infographic to enlarge.
She aims to educate and inspire developers, security professionals, and organizations to find the best defense against online threats.
Latest posts by Arden Rubens (see all)
- Continuous Security Testing for Microservices – October 19, 2017
- Checkmarx Expands Codebashing Developer Application Security Training With New Interactive Mobile Security Courses – October 18, 2017
- Checkmarx Expands Codebashing Developer Application Security Training With New Interactive Mobile Security Courses – October 17, 2017
Sign up today & never miss an update from the Checkmarx blog
This is a Security Bloggers Network syndicated blog post authored by Arden Rubens. Read the original post at: Blog – Checkmarx