HBO offered hackers a $250,000 'bug bounty' to stall them

The hackers leaked a screenshot of a HBO email offering to pay a "bug bounty" rather than a ransom but also asking for a one-week extension to the deadline.

Steven Musil Night Editor / News

Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.

Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.

See full bio

Alfred Ng Senior Reporter / CNET News

Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.

See full bio

Steven Musil

Alfred Ng

Aug. 11, 2017 6:00 a.m. PT

2 min read

Cash money and laptop computer — Did a HBO exec offer hackers a "bug bounty" instead of paying a ransom?
Getty Images

An HBO executive offered the hackers behind its recent breach a $250,000 payment as a "bug bounty," a leaked email showed.

In the latest development in HBO's battle against hackers who claim to have 1.5 terabytes of stolen data from the media giant, the cybercriminals leaked an email showing a discussion between an HBO executive and the hackers from July 27, about five days before the breach became public.

The hackers first contacted HBO with a ransom note on July 23, the email indicated.

HBO's email carefully is worded to avoid the appearance that the payment is anything other than a reward for discovering vulnerabilities in HBO's system. The hackers, who posted several of HBO's new episodes and a "Game of Thrones" script online in late July, demanded $6 million, a person close to the investigation said.

"You have the advantage of having surprised us. In the spirit of professional cooperation, we are asking you to extend your deadline for one week," HBO's email read. "As a show of good faith our our side, we are willing to commit to making a bug bounty payment of $250,000 to you as soon as we can establish the necessary account and acquire Bitcoin."

CNET obtained the email, which a person close to the investigation confirmed was legitimate.

HBO's hackers leaked an email interaction with one of the company's executives.
Little Finger

A person close to the investigation said that the email was a delay tactic and that HBO never intended on cooperating with the hackers. According to the leaked email, the hacker is going by the nickname "Little Finger," a reference to a "Game of Thrones" character known for being devious and cunning. The hacker has also used the name "Mr. Smith" in the past.

The cybercriminal is using an email address hosted in China.

Hackers claim to have stolen 1.5TB of data from the company, including forthcoming episodes of "Ballers" and "Room 104," which they have reportedly leaked online. Hackers warned last month that more material would come.

First published, Aug. 10 at 7:38 p.m. PT.
Update, Aug. 11 at 6:00 a.m. PT: To include details from leaked email and sources close to the investigation.

Tech Culture: From film and television to social media and games, here's your place for the lighter side of tech.

Batteries Not Included: The CNET team shares experiences that remind us why tech stuff is cool.