Large companies at the mercy of hackers typically refuse to negotiate with their attackers but HBO apparently made an exception to the rule.
In a leaked e-mail obtained by Variety from HBO to the hackers dated July 27, the network offered to make a bug bounty payment of $250,000 via Bitcoin “as a show of good faith.”
Bug bounties, as you likely know, are often awarded to “white hat” security researchers as a reward for identifying vulnerabilities and bringing them to their attention versus exploiting them for personal gain or selling the information on the black market.
The message also asks the hackers to extend their ransom-payment deadline by one week. “You have the advantage of having surprised us,” HBO said in its e-mail.
Variety said that although the authenticity of the e-mail was confirmed to them by a source close to the investigation, they opted not to publish the name or e-mail address of the HBO executive who sent the message.
A few things stand out as odd in HBO’s response including both the non-confrontational tone used and the small amount of money offered (the hackers originally demanded a “six-month salary” and claimed to generate as much as $15 million a year).
Sources tell the publication that the document was more or less designed as a stall tactic to buy time to further investigate the breach.
Image courtesy THR