This evening, the hackers who grabbed headlines last week by announcing their hack of HBO, released more files and more evidence of how thoroughly they may have ransacked some of HBO’s most valuable property.
In an email sent to this site, spokesperson “Mr. Smith” wrote, “this is the second wave. enjoy it…..”
The second wave consisted of 10 files, including what may be the script of Episode 5 of Game of Thrones and what appears to be the text of their ransom demand to HBO’s Chairman and CEO, Richard Plepler.
That there’s a lot of confidential and sensitive information in this latest data leak seems indisputable. One archive alone contained more than four dozen confidential files concerning scripts for episodes, contracts, and litigation claims.
The most intriguing part of this second data dump – well, to me, anyway, was the letter to Richard Plepler, The letter begins ominously:
I am Mr. Smith and I have the honor to inform you, on behalf of my colleagues, that we successfully breached in your huge network.
As they had suggested in their previous leak, Mr. Smith wrote that HBO had been a challenge to attack:
We confess that HBO was one of our difficult targets to deal with but we succeeded. (It took about 6 months).
It may have taken 6 months, but it sounds like it was worth it. Here is their description/claim of what they acquired (spelling, grammar, and punctuation as in the original):
By penetrating your Internal Network and other related platforms, we obtained your highly confidential Documents, IT related data, Scripts and etc. these data dump, as you will see, contains HBO’s Various Contracts, Mutual Agreements, Human resources, internal structure, International affiliates, Business strategies, international Marketing, IT infrastructures, producing films & Series (with very detail info!), budget detail for major operations, how you sell and how much!, various strategic insights in every aspects, confidential research, internal letters & Tax Evading Proofs! & Neilsen’s Dirty Job! & etc.
Game of Thrones was not easy to acquire, it seems, as Mr. Smith writes that although they obtained the cast and scripts:
You concealed GOT7 very carefully so we can’t find it due to lack of time although we are so close. Instead, we produced some tiny mini-series of GOT7 for you which be able to shock the entire world!!! What we got from GOT 7 not only put an end to fate of this season but also corrupts your idea and efforts to season 8.
But finally, they get to the heart of the letter – their demands – which they preface with:
Our motives isn’t political nor financial. (Even we hate trump like other Americans do) Its like a game for us, we enjoy to get data. Money isn’t our main purpose.
(my colleagues argue with me about details given to you and length of this letter, but as there will be very few emails between us, I must assure you about what we have, what will be confronting you and what should be paid to settle down everything!!)
We honestly share what we got with you and frankly bring you our demand. We are white hat hackers and it’s very shameful if you compare us with some noisy & amateur blackhat ones like Darkoverload. You will see in future steps in our operation that we fulfill any promises made and any given word.
The hackers redacted the ransom amount from the mp4 file they distributed publicly, but left the part outlining their rationale for the amount:
Because the letter is not dated, we don’t know exactly when the first deadline came and went, but it obviously passed or we wouldn’t have been seeing data dumps.
Of note, the hackers claim that they are very successful:
The HBO is our 17th Target. Only 3 of our past targets refused to pay and were punished very badly and 2 of them collapsed entirely.
How are you able to stop a group like us that spends about 400-500,000 dollars in a year to buy 0days exploits. We often launch two major operations in a year and our annual income is about 12-15 million dollars.
There will be more written about this hack and the newest release, but like most other journalists, going through all these files will take me time. And I take back what I said in my earlier reporting where I said this didn’t seem to be the work of TheDarkOverlord. Consider that an open question for now.