According to an article found here, HBO offered to pay hackers $250,000 as part of a negotiation over data swiped from HBO’s servers.
In an email dated July 27, John Beyler, an HBO executive, thanked the hackers for “making us aware” of previously unknown security vulnerabilities. The executive asked for a 1-week delay and said HBO was willing to make a “good faith” payment of $250,000, calling it a “bug bounty” reward for IT professionals rather than a ransom.
“It’s interesting that they’re spinning it as a bug bounty program,” said Pablo Garcia, CEO of FFRI North America, based in Aliso Viejo, California. “They’re being extorted. If it was a bug bounty, it’d be on the up and up.”
Beyler’s email to the hackers said the company was working “very hard” to review all the material they provided, and also trying to figure out a way to make a large transaction in bitcoin, the hackers’ preferred payment method.
“You have the advantage of having surprised us,” Beyler wrote. “In the spirit of professional cooperation, we are asking you to extend your deadline for one week.” Were they serious when they offered to pay the hackers? Everyone knows HBO could afford to pay them immediately.
HBO has said that it is working with law enforcement and cyber security firms to investigate the attack, which is the latest to hit a Hollywood business. In April, a hacker claimed to have released episodes of Netflix’s “Orange is the New Black” ahead of their official launch date.
The leaks so far have fallen well short of the chaos inflicted on Sony in 2014.
But paying ransoms to hackers can be dangerous because it shows that being a bad-guy hacker is a good business, said cyber security expert Oren Falkowitz, CEO of Redwood City, California-based Area 1 Security. Companies would be better off investing in preventing email spear-fishing attempts and other hacking techniques, he said.
“The reason they got in this scenario is they didn’t have the right preemptive strategy,” Falkowitz said. “The next company, whether it’s Showtime or Death Row Records or whomever, needs to see that they’re going to wake up one day to this reality unless they confront it.”
Vulnerability scanning, like that offered by Trust Guard, monitors for more than 75,000 holes that hackers use to access websites and servers without authorization. With more than 30,000 WordPress websites getting hacked on a daily basis, it’s a good idea for everyone to start taking stronger measures to protect their websites from paying ransoms to hackers.