HBO's Hack: 'Hollywood Is Under Siege'

By Joe Flint and Tripp Mickle Features Dow Jones Newswires

At a time when HBO should be relishing the record ratings of its hit drama "Game of Thrones," executives there are instead are grappling with a hacker shakedown that could be a plot point on the network's "Silicon Valley."

Continue Reading Below

The breach of the network's systems that was disclosed last month is developing into a prolonged crisis. Hanging over HBO now is the daily threat of leaks of sensitive information, ranging from show content to actors' and executives' personal information.

The hack at HBO comes almost three years after a high-profile one at Sony Corp. and highlights persistent vulnerabilities unique to the entertainment industry. The pressing issue isn't safeguarding credit-card numbers and account details. Instead, executives are worried about potential damage to intellectual property if television-show spoilers are made available before episodes are officially aired.

"Hollywood is under siege," said Jeremiah Grossman, chief of security strategy for cybersecurity company Sentinel One. "It seems easy to hack a network, and they perceive that they can make money doing so."

Already, scripts of "Game of Thrones" episodes have been leaked by the hackers, whose leader calls himself "Mr. Smith." Also made public were episodes of other shows, including comedies "Ballers" and "Insecure," and a month's worth of emails from an executive.

When the hackers came forward late last month, an HBO technology-department employee sent them a letter offering $250,000 to participate in the company's "bug bounty" program, in which technology professionals are compensated for finding vulnerabilities, according to a person familiar with the matter.

Continue Reading Below

HBO was buying time with that response and isn't in negotiations with the hackers, the person said. The hacker has demanded a ransom of around $6 million.

The network has also been working with the Federal Bureau of Investigation and other law-enforcement agencies and cybersecurity firms to address the matter, people familiar with the matter say.

Meanwhile, the cable network is playing Whac-A-Mole. It managed to take down the website and digital locker the hacker initially used to distribute show material after sending takedown notices to internet-service providers, according to the person familiar with the matter. It alerted potentially exposed "Game of Thrones" cast members of the hack before Mr. Smith posted material that includes some of their phone numbers.

In a statement, HBO Chairman and Chief Executive Richard Plepler said, "The consensus here was a path to transparency. When something like this happens, the best you can do is try to protect the people you work with inside and outside the company. That's what our focus has been."

Unlike retailers, entertainment firms usually don't shoulder the burden of protecting customer-account details, because that is handled by cable, satellite and web-TV distributors.

The urgent worry is that fewer viewers will watch episodes that can cost several million dollars each if hackers supply a stream of spoilers. That hasn't happened yet. The last "Game of Thrones" episode, which aired on Aug. 6 attracted a record 10.2 million viewers.

The fear also relates to the chance of emails emerging that could hurt relations with talent or other companies. In the Sony hack, then-studio chief Amy Pascal was embarrassed by emails in which she made a joke about President Barack Obama's taste in movies as well as disparaging remarks about actors, including Adam Sandler.

"Leakage will be your worst nightmare; your competitors will know about current & future strategies, your inner circle inside HBO & senior staff will be thrown into chaos," the hackers promised in a video note to Mr. Plepler they posted earlier this week.

HBO has said it expects more information to leak out but said its review of the matter "has not given us a reason to believe that our email system as a whole has been compromised."

After the Sony hack, many entertainment companies, including HBO's parent Time Warner Inc., beefed up their own security.

Around the same time, though, in a cost-saving move, Time Warner centralized much of the technology operations that previously existed in the individual units, which also include Turner and Warner Bros.

Now that strategy is being rethought, and the individual units are being encouraged to take on more autonomy and responsibility for their own technology infrastructure, the person familiar with the matter said.

Prior to the HBO hack, sister unit Turner Broadcasting had already begun the process of overhauling some of its information technology after an assessment revealed that a hack into one network, such as Cartoon Network, could easily be a gateway into CNN.

The HBO hack also comes as Time Warner is in the process of being acquired by AT&T Inc. However, the hack isn't expected to have any effect on the sale or the terms of the deal, according to media analyst Michael Nathanson of MoffettNathanson Research. An AT&T spokesman declined to comment.

Cybersecurity expert Mr. Grossman, who has tested security networks for Hollywood TV and movie companies, said these firms are vulnerable because they work with so many partners that "their data is all over the place."

Write to Joe Flint at joe.flint@wsj.com and Tripp Mickle at Tripp.Mickle@wsj.com

(END) Dow Jones Newswires

August 11, 2017 05:44 ET (09:44 GMT)