{
	"id": "78dad867-de72-4f33-a9ad-4ab3922da4fd",
	"created_at": "2026-04-06T00:09:04.635038Z",
	"updated_at": "2026-04-10T03:21:58.785017Z",
	"deleted_at": null,
	"sha1_hash": "be8cdd4362d7bbb39a794fb45d7f27335f5d5158",
	"title": "HBO breach accomplished with hard work by hacker, poor security practices by victim",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 40367,
	"plain_text": "HBO breach accomplished with hard work by hacker, poor\r\nsecurity practices by victim\r\nBy Doug Olenick\r\nPublished: 2017-08-09 · Archived: 2026-04-05 12:43:21 UTC\r\nCybersecurity executives are speculating the HBO hack by “Mr. Smith” was the result of the intruder putting in a\r\ntremendous amount of effort to infiltrate the entertainment giant that included many separate attacks, while said\r\ngiant most likely was slayed by ignoring basic security hygiene.\r\nOn August 7 a small treasure trove of HBO content was posted publicly to the web by a hacker who is now\r\ndemanding a $6 million payment to stop any further release of data. The hacker who goes by Mr. Smith posted\r\nfive scripts for Game of Thrones and a month's worth of email from HBO Vice President for Film Programming\r\nLeslie Cohen along with some other corporate information, according to the Associated Press.\r\nThe general consensus among cybersecurity insiders is the hacker was able to procure this information through a\r\nseries of small attacks conducted over an extended period of time tied to poor security practices by either by HBO\r\nor perhaps a third-party vendor. Mr. Smith seemed to confirm the timeline saying the $6 million ransom amount is\r\ntied to the length of time his crew spent on the hack, about six months.\r\n“Through a persistent effort of phishing, malware attacks and plain old social engineering, the attackers likely\r\ncompromised many individual identities. Once these identities are compromised, the attackers can inject malware\r\nonto systems that over time learn more passwords and allow them lateral access into other systems on the\r\nnetwork,” Corey Williams, Centrify's senior director of products and Marketing, told SC Media.\r\nAnother strong possibility is HBO is simply another victim of partnering with a third-party vendor that either\r\nmade an error or did not have its cybersecurity ducks lined up in a row. If this turns out to be true HBO will join a\r\nlong list of companies, to include Verizon, Trump Hotels, Hard Rock and Scottrade, which suffered a data breach\r\ndue to one of these ancillary companies proving to be a weak link.\r\n“They have to treat intellectual property (IP) with the same level of protection that banks treat regulated customer\r\ninformation – that is it should be given the highest level of IT security controls and data privacy protection.  Then\r\nin those instances where a studio has outsourced to a vendor (e.g. Larson Studios and the Netflix hack), they must\r\ninsure that their vendors employ equally strong security,” Brad Keller, director 3rd Party Strategy for Prevalent,\r\nsaid in an email interview with SC Media.\r\n HBO launched an investigation into the initial attack that took place on August 1 when its CEO and Chairman\r\nRichard Plepler confirmed the cable company had been victimized. So far the company has not released any\r\ninformation.\r\nWhatever the company discovers during its investigation, along with its decision on whether or not is should pay\r\nthe $6 million ransom will prove quite educational for other media firms who may find themselves victimized in a\r\nhttps://www.scmagazine.com/home/security-news/cybercrime/hbo-breach-accomplished-with-hard-work-by-hacker-poor-security-practices-by-victim/\r\nPage 1 of 3\n\nsimilar manner.\r\nAs with most ransomware situations, the consensus on whether or not the victim should pay up was split. If the\r\ndata is deemed more valuable than the ransom and it cannot be replicated than breaking out the corporate check\r\nbook might be in order, but otherwise, if at all possible, the bad guys should not be paid off.\r\n“It's a business decision, plain and simple. If an attacker was threatening to release the new Star Wars movie early,\r\nI'd want to understand the business impact of that. If it meant that there would be a decrease in people attending\r\nmovies or buying merchandise in dollar amounts that exceeded the amount of the ransom, I'd at least consider\r\ncoming to the table and negotiating,” said James Carder, CISO of LogRhythm.\r\nHowever, everyone did agree that snatching IP was a smart move as it forces the company to quickly make a\r\ndecision over what is essentially a product with an expiration date. And they did not rule out that despite asking\r\nfor money the hacker could have an ulterior motive, one similar to the Sony hack that was focused on damaging\r\nthe studio for the release of the anti-North Korea movie “The Interview.”\r\n“\"Intellectual property is particularly well suited to ransomware attacks because there is little way to repair the\r\ndamage after it has been released.  In the case of movies and/or episodes, there is an immediate diminution in\r\nmarket value,” Keller said.\r\nWilliams agreed, adding the negative consequences of pre-releasing brand defining IP can be tremendous with the\r\npossibility of subscriptions being impacted in HBO's case.\r\nCarder did add that if a company manages to save a few dollars in negotiating to pay a lower ransom it would be\r\nsmart to take that money and invest in boosting its cybersecurity. And he had a few suggestions on where to invest\r\nwith the most important point made being the amount the company invests should be near the equivalent to the\r\nvalue of what it is trying to protect.\r\n“Unfortunately, there isn't a silver bullet or one thing these studios can do. It's a combination of things that must\r\nhappen. Studios must practice good IT and security hygiene (patching systems and applications, updating and\r\nmodernizing systems/applications/infrastructure, controlling access to only those that need access, validating\r\nidentities, encrypting or applying other safeguards to critical business systems and data). They also must\r\nimplement stringent monitoring and alerting mechanisms as compensating controls for when or if an attacker\r\nbreaks through their defenses,” Carder said.\r\nWilliams noted that even improving some basic security protocols would be a huge help. The first change he\r\nsuggested is to stop relying on passwords as a line of defense to protect intellectual property. Next is to implement\r\nmultifactor authentication and utilize machine learning to halts attacks as they happen.\r\nWhile there are many things companies must do to increase security, the one thing they cannot do is underestimate\r\ntheir enemies, said Matthew Pascucci, Cybersecurity Practice Manager at CCSI.\r\n\"The HBO hack should be taken seriously. Anytime a malicious actor has your sensitive data and is releasing it to\r\nthe public they've earned the right to be taken serious. How HBO responds to their demands and moves forward\r\nwith the isolation of the incident will determine what needs to be done moving forward from a hardening and\r\nprocess perspective,” he said.\r\nhttps://www.scmagazine.com/home/security-news/cybercrime/hbo-breach-accomplished-with-hard-work-by-hacker-poor-security-practices-by-victim/\r\nPage 2 of 3\n\nIn the end it may be hard to discern what will be the final result of this attack. HBO may determine how it was\r\ndone, but unless it publicly states that it paid, or the hacker makes such a disclosure, the world may not know.\r\nUnlike the NotPetya attack, which has negatively impacted the financials of FedEx and Maersk, HBO may pass\r\nthrough this incident unscathed. Especially if it enters into a negotiation with Mr. Smith.\r\n“Just like with any business deal, there could be some level of negotiation and potentially some agreements made\r\nif HBO thinks that the stolen data has considerable value from a business perspective. By comparison, if you look\r\nat the effects of Sony's breach, there was really no material impact on Sony's fiscal results the year it was\r\nbreached. Most of the cost incurred was associated with the investigation and the remediation necessary to bolster\r\ntheir cybersecurity program, which could be seen as an investment in the long run,” Carder said.\r\nSource: https://www.scmagazine.com/home/security-news/cybercrime/hbo-breach-accomplished-with-hard-work-by-hacker-poor-security-prac\r\ntices-by-victim/\r\nhttps://www.scmagazine.com/home/security-news/cybercrime/hbo-breach-accomplished-with-hard-work-by-hacker-poor-security-practices-by-victim/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"ETDA",
		"Malpedia"
	],
	"references": [
		"https://www.scmagazine.com/home/security-news/cybercrime/hbo-breach-accomplished-with-hard-work-by-hacker-poor-security-practices-by-victim/"
	],
	"report_names": [
		"hbo-breach-accomplished-with-hard-work-by-hacker-poor-security-practices-by-victim"
	],
	"threat_actors": [],
	"ts_created_at": 1775434144,
	"ts_updated_at": 1775791318,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/be8cdd4362d7bbb39a794fb45d7f27335f5d5158.pdf",
		"text": "https://archive.orkl.eu/be8cdd4362d7bbb39a794fb45d7f27335f5d5158.txt",
		"img": "https://archive.orkl.eu/be8cdd4362d7bbb39a794fb45d7f27335f5d5158.jpg"
	}
}