A hacker or hackers going by the name "Mr. Smith" dumped a trove of stolen HBO files online Monday, hinting at the extent of the network's security breach last week.
The files include five "Game of Thrones" scripts and a month's worth of emails from Leslie Cohen, the network's vice president for film programming. This is the second data dump from the recent hack, according to the Associated Press.
The hackers also demanded a ransom from HBO, threatening to release more of remaining files they claim to have obtained.
The "Game of Thrones" scripts, including one for an upcoming episode, were watermarked with the words "HBO is Falling," which is the hackers' motto, according to Wired. Also included in the data dump were internal documents such as financial balance sheets, a report of legal claims against the network and job offer letters for several of its top executives, AP reported.
The hackers sent HBO's chief executive Richard Plepler a dramatic video letter showing a scroll unfurling while the "Game of Thrones" score plays, Wired reported. The scroll read, in part, "We successfully breached into your huge network. . . . HBO was one of our difficult targets to deal with but we succeeded (it took about 6 months)," according to the Hollywood Reporter.
The hackers demanded "our 6 month salary in bitcoin," which appeared to be at least US$6 million ($8.2m), the New York Times reported.
HBO doubled-down on its claim that "the review to date has not given us a reason to believe that our e-mail system as a whole has been compromised," in a statement to the Hollywood Reporter. But the network did say it "believed that further leaks might emerge from this cyber incident when we confirmed it last week."
HBO publicly disclosed the hack on July 31, following a leak that included "the unauthorized release of several upcoming TV episodes from the series 'Ballers,' 'Insecure' and 'Room 104,' as well as a script for an upcoming episode of 'Game of Thrones,'" The Washington Post's Brian Fung and Craig Timberg reported.
The hackers claimed to have stolen 1.5 terabytes of data, though the first release only included about 300 megabytes, according to The Post. Monday's data dump included 500 megabytes, Wired reported.
Security experts told The Post that figuring out exactly how much data was stolen could take weeks.
"You don't know what you don't know," said Hemanshu Nigam, a former federal prosecutor and founder of Internet security company SSP Blue.
Dealing with hackers has become an increasingly common challenge for studios and networks in the Internet age. As the actual materials used in the production of film and television, such as scripts and video files, become increasingly digitized, they're naturally more vulnerable to hackers.
Many hackers have taken advantage of this, stealing files from major entertainment companies such as Netflix and Sony Pictures.
"No company is really off limits today," Jim McGregor, principal analyst at Tirias Research, told TechNewsWorld. "But the bigger and more prominent you are, the bigger target you become for a wider variety of hackers."
In many cases, financial gain appears to be a driving factor behind the hacks.
HBO isn't the first network to be faced with the decision to pay up or have upcoming episodes of its popular shows leaked. In December 2016, a hacking group known as the Dark Overlord stole several files from Larson Studios, including the entire fifth season of Netflix's popular original show "Orange is the New Black."
"Once I was able to look at our server, my hands started shaking, and I almost threw up," the studio's director of digital systems Chris Unthank told Variety.
The hackers demanded 50 bitcoin, or about US$50,000 ($68,000), from Larson Studios or else it would release the episodes. The studio paid up. Rather than upholding its end of the deal, though, the Dark Overlord then pressured Netflix to pay an additional ransom.
Netflix refused. In response, the Dark Overlord leaked the stolen episodes online in late April, weeks before its scheduled release on June 9, the New York Times reported.
In this particular case, Netflix didn't have much incentive to pay the ransom. As the Post's Brian Fung wrote:
"It isn't as though viewers of 'Orange Is the New Black' are about to cancel their subscriptions just so they can get what they were paying for free. Netflix is likely to keep getting subscribers' money, said Laura Martin, an analyst at the asset management firm Needham & Co.
"And while Netflix might be concerned about potential customers seeking out free, pirated content rather than paying for it, she added, most Americans - roughly 54 percent, according to Leichtman Research - already have Netflix."
There are other scenarios, though, in which a studio might be more anxious to stop a leak, as they can have real-world impact beyond simply spoiling the latest high-profile death on "Game of Thrones."
In October 2014, hackers identifying themselves as Guardians of Peace stole more than 100 terabytes of confidential documents, including emails between top executives, from Sony Pictures. In this case, though, no ransom was requested. Instead, many of the documents were posted online and consumed by the media in a rabid frenzy.
The reason for the hack, many thought, was not financial. Instead, as Andrea Peterson wrote in The Post at the time:
"Multiple reports suggest US government officials believe the attack is tied to the North Korean government, who expressed outrage over the Sony-backed film 'The Interview,' an action-comedy centered on an assassination plot against North Korean leader Kim Jong Un."
One set of emails released in the leak was a back-and-forth between Sony Pictures Entertainment co-chairman Amy Pascal and high-powered producer Scott Rudin in which the two imagined what President Obama's favorite movies were. All of their suggestions were films predominately starring African Americans, many focusing on slavery such as "Django Unchained" and "12 Years a Slave."
Pascal resigned less than two months after the leak, the Los Angeles Times reported.
While the leaks can be problematic for networks and studios, adequate cybersecurity remains generally out of reach.
Fearing Russian hacking, for example, the team behind Fox's upcoming Russian spy movie "Red Sparrow" decided to only use digital scripts that use encrypted scripts that generate a user log - the idea being that they can track whoever accesses it, as reported in the Hollywood Reporter.
Such encryption might work, but it's generally not enough to stop a determined hacker. A film must go through many different companies on its path to being released in theaters, which makes it especially vulnerable. As the New York Times reported:
"While companies like Netflix and Fox might invest in state-of-the-art cybersecurity defense technology, they must also rely on an ecosystem of postproduction vendors, ranging from mom-and-pop shops to more sophisticated outfits like Dolby and Technicolor, which may not deploy the same level of cybersecurity and threat intelligence."
Options for the studios are so limited that Reg Harnish, CEO of GreyCastle Security, suggested to CNBC studios are best simply informing authorities and carrying on with business as usual.
"Call the FBI, then go make more movies," he said.