Hackers Demand Millions for Stolen ‘Game of Thrones’, HBO Data

New York (AP) — Hackers using the name "Mr. Smith" posted a fresh cache of stolen HBO files online Monday, and demanded that HBO pay a ransom of several million dollars to prevent further such releases.

The data dump included what appear to be scripts from five "Game of Thrones" episodes, including one upcoming episode, and a month's worth of email from the account of Leslie Cohen, HBO's vice president for film programming. There were also internal documents, including a report of legal claims against the network and job offer letters to top executives.

HBO, which previously acknowledged the theft of "proprietary information," said it's continuing to investigate and is working with police and cybersecurity experts. The network said Monday that it still doesn't believe that its email system as a whole has been compromised.

This is the second data dump from the purported hacker. So far the HBO leaks have been limited, falling well short of the chaos inflicted on Sony in 2014. In that attack, hackers unearthed thousands of embarrassing emails and released personal information, including salaries and social security numbers, of nearly 50,000 current and former Sony employees.

Those behind the HBO hack claim to have more data, including scripts, upcoming episodes of HBO shows and movies, and information damaging to HBO.

In a video directed to HBO CEO Richard Plepler, "Mr. Smith" used white text on a black background to threaten further disclosures if HBO doesn't pay up. To stop the leaks, the purported hackers demanded "our 6 month salary in bitcoin," which they implied is at least $6 million.

    Read more: www.bloomberg.com

    New Wave of Ransom Threats Seen in Unprecedented Attack

    An unrivaled global cyber-attack is poised to continue claiming victims Monday as people return to work and turn on their desktop computers, even as hospitals and other facilities gained the upper hand against the first wave.

    More than 200,000 computers in at least 150 countries have so far been infected, according to Europol, the European Union’s law enforcement agency. The U.K.’s National Cyber Security Centre said new cases of so-called ransomware are possible “at a significant scale.”

    “We’ve seen the rise of ransomware becoming the principal threat, I think, but this is something we haven’t seen before — the global reach is unprecedented,” Europol Executive Director Rob Wainwright said on ITV’s “Peston on Sunday” broadcast. 

    QuickTake Cybersecurity

    The malware used a technique purportedly stolen from the U.S. National Security Agency. It affected the U.K.’s National Health Service, Russia’s Ministry of Interior, China government agencies, Germany’s Deutsche Bahn rail system, automakers Nissan Motor Co. and Renault SA, PetroChina, logistics giant FedEx Corp., and other company and hospital computer systems in countries from Eastern Europe to the U.S. and Asia.

    The hackers used the tool to encrypt files within affected computers, making them inaccessible, and demanded ransom — typically $300 in bitcoin. Russia and Ukraine had a heavy concentration of infections, according to Dutch security company Avast Software BV.

    Microsoft Corp. President Brad Smith, in a blog post Sunday, said the attack is a “wake-up call” for governments in the U.S. and elsewhere to stop stockpiling tools to exploit digital vulnerabilities. “They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world,” he said.

    Normal Operations

    About 97 percent of U.K. facilities and doctors disabled by the attack were back to normal operation, Home Secretary Amber Rudd said Saturday after a government meeting. At the height of the attack Friday and early Saturday, 48 organizations in the NHS were affected, and hospitals in London, North West England and Central England urged people with non-emergency conditions to stay away as technicians tried to stop the spread of the malicious software.

    The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn’t or didn’t download a security patch released in March that Microsoft had labeled “critical.”

    Microsoft said in a blog post Saturday that it was taking the “highly unusual“ step of providing the patch for older versions of Windows it was otherwise no longer supporting, including Windows XP and Windows Server 2003.

    While the scale of the attack shows Microsoft needs to strengthen its own capabilities, “there is simply no way for customers to protect themselves against threats unless they update their system,” Smith said in his blog post. “Otherwise they’re literally fighting the problems of the present with tools from the past.

    “This attack is a powerful reminder that information technology basics like keeping computers current and patched are a high responsibility for everyone, and it’s something every top executive should support."

    Matt Suiche, founder of United Arab Emirates-based cyber security firm Comae Technologies, said he’s seen a variant on the original malware that still contains a kill-switch mechanism — though future versions could find a way to overcome it. “We are lucky that this logic bug is still present,” Suiche said.

    The Good Guys Can Have the Upper Hand on Cybersecurity

    A message informing visitors of a cyber attack is displayed on the NHS website on May 12.

    Photographer: Carl Court/Getty Images

    Victims have paid about $50,000 in ransom so far, with the total expected to rise, said Tom Robinson, chief operating officer and co-founder of Elliptic Enterprises Ltd., a ransomware consultant that works with banks and companies in the U.K., U.S. and Europe. Robinson, in an interview by email, said he calculated the total based on payments tracked to bitcoin addresses specified in the ransom demands.

    Last year an acute-care hospital in Hollywood paid $17,000 in bitcoin to an extortionist who hijacked its computer systems and forced doctors and staff to revert to pen and paper for record-keeping.

    Business Targets

    A spokesman for Spain’s Telefonica SA said the hack affected some employees at its headquarters, but the phone company is attacked frequently and the impact of Friday’s incident wasn’t major. FedEx said it was “experiencing interference,” the Associated Press reported.

    Renault halted production at some factories to stop the virus from spreading, a spokesman said Saturday, while Nissan’s car plant in Sunderland, in northeast England, was affected without causing any major impact on business, an official said.

    In Germany, Deutsche Bahn faced “technical disruptions” on electronic displays at train stations, but travel was unaffected, the company said in a statement on its website. Newspaper reports showed images of a ransomware message on display screens blocking train information.

    Russia’s Interior Ministry, with oversight of the police forces, said about “1,000 computers were infected,” which it described as less than 1 percent of the total, according to its website.

    In China, the malware affected computers at “several” unspecified government departments, the country’s Cyberspace Administration said on its WeChat blog Monday. Since that initial attack, agencies and companies from the police to banks and communications firms have put preventive measures in place, while Qihoo 360 Technology Co., Tencent Holdings Ltd. and other cybersecurity firms have begun making protection tools available, the internet overseer said.

    China National Petroleum Corp., which owns PetroChina, reported that some of its 21,000 gas stations had seen their digital payment systems disabled by the attack and resorted to accepting cash. More than 80 percent of the stations had been reconnected to the network as of noon on May 14, the company said. Several Chinese universities had also been hit by the attacks, according to local media reports.

    In Japan, Hitachi Ltd. said that some of its computers had been affected. In South Korea, CJ CGV Co., the country’s largest cinema chain, said advertising servers and displays at film theaters were hit by ransomware. Movie servers weren’t affected and are running as normal, it said in a text message Monday. Indonesia’s government reported two hospitals in Jakarta were affected.

    While any size company could be vulnerable, many large organizations with robust security departments would have prioritized the update that Microsoft released in March and wouldn’t be vulnerable to Friday’s attack.

    Users Tricked

    Ransomware is a particularly stubborn problem because victims are often tricked into allowing the malicious software to run on their computers, and the encryption happens too fast for security software to catch it. Some security experts calculate that ransomware may bring in as much as $1 billion a year in revenue for the attackers.

    The attack was apparently halted in the afternoon in the U.K. when a researcher took control of an Internet domain that acted as a kill switch for the worm’s propagation, according to Ars Technica.

    “I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental,” wrote the researcher, who uses the Twitter name @MalwareTechBlog. “So long as the domain isn’t revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again.”

    There is a high probability that Russian-language cybercriminals were behind the attack, said Aleks Gostev, chief cybersecurity expert for Kaspersky Labs.

    “Ransomware is traditionally their topic,” he said. “The geography of attacks that hit post-Soviet Union most also suggests that.”

    Read more: www.bloomberg.com

    Behind the Biggest Bitcoin Heist in History: Inside the Implosion of Mt. Gox

    Mt. Gox was once the biggest exchange for the virtual currency. Then half a billion dollars’ worth went missing. Emails give important clues to what happened.”>

    TOKYO When Mark Karpeles, the CEO of what was once the worlds largest Bitcoin exchange, said that the company had gone bankrupt because 800,000 bitcoins (worth nearly half a billion dollars at the time) had been hacked, he wasnt exactly lying. He wasnt exactly telling the whole truth, either, but there was an intriguing element of fact.

    At least 80,000 had been hacked before Karpeles even took over the company, and that initial cyber theft began a spiral of trouble that may have led directly to the firms financial collapse.

    This week The Daily Beast obtained internal emails, contracts,, and other documents related to the implosion of Karpeless company, Mt. Gox. Along with information provided by a former employee who handled accounting for the firm, the documents reveal previously unreported details about how Mt. Gox failed, and why.

    According to Karpeless lawyer, Nobuyasu Ogata, one of the emails has been submitted to the court as evidence by the prosecution to demonstrate that Karpeles was not forthcoming with his customers. But the same email can be used to argue for his innocence on other charges.

    Mt. Gox, which was once the worlds largest exchange for the decentralized virtual currency, filed for bankruptcy protection in February 2014, when it was reported that 850,000 bitcoins, worth $450 million at the time, had disappeared or been stolen by hackers. Mt. Gox said it also lost $27 million in cash.

    Originally, the company had been created as a platform for trading playing cards. Pokmon probably is the most familiar version in the West, but these were for Magic: The Gathering, a game that was popular among kids who gave up on any hope of being cool at high school; a dungeons and dragons sort of card game for obsessive fans.

    The company were writing about here was called Magic: The Gathering Online eXchange, which is where Mt. Gox derived its unusual name. But in a very short time, it left the original nerds far behind as bitcoins came in and cards went out. And then, a whole lot of bitcoins went missing.

    To date, 650,000 bitcoins, currently worth $292 million, remain unaccounted for, and Karpeles is facing several criminal chargesbut none of them deal directly with the absent virtual currency. 

    In November of last year, Japanese prosecutors finally finished bringing criminal charges against Karpeles after re-arresting him again and again in hopes that he would confess to every crime they thought he might have committed. 

    It should be noted here that one of the reasons Japans prosecutors have a 99 percent conviction rate is that a suspect can be held up to 23 days after an arrest, without having a lawyer present during daily interrogations. If the suspect is denied bail, the police and the prosecutors have even longer to question the suspect. Eventually most people do confess to the charges against themguilty or not.

    When the prosecutors concluded their investigation into Karpeles in November, he was indicted for improper use of electronic funds and embezzling a total of over 300,000,000 yen ($2.7 million) of customer funds.

    At this point in time, Karpeless lawyers would only say that Karpeles had made no confession to the police and that Karpeles is only guilty of sloppy accounting, mixing personal accounts and corporate accounts, not embezzlement.

    Yet the documents obtained by The Daily Beast, which included correspondence between Mark Karpeles and the original founder of Mt. Gox, Jed McCaleb, suggest that Mt. Gox was plagued by problems from its earliest days, before Karpeles had even taken over the company. The Daily Beast was given internal documents including emails by a former consultant to Mt. Gox and then verified them with Karpeless lawyer, former employees, and sources in law enforcement.

    Jed McCaleb first approached Mark about selling him Mt. Gox in January of 2011. In an email dated Jan. 18 that year, McCaleb wrote to his acquaintance Karpeles:

    Hi Mark~

    Get The Beast In Your Inbox!
    By clicking "Subscribe," you agree to have read the TermsofUse and PrivacyPolicy
    Thank You!
    You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason

    Please keep all this confidential I dont want to start a panic and Im not sure Ill do it yet but Im thinking I might try to sell mtgox. I just have these other projects I would like to devote more time to. Would you be interested? It could be very little up front and just a payout based on revenue or something. There is also an investment group that wants to fund mtgox. Probably around $158k. So you could most likely take it over with some cash.

    Let me know



    Karpeles had become interested in Bitcoin in late 2010 and saw the Mt. Gox platform as the perfect place to set up a Bitcoin exchange. In the early days of the currency, changing fiat money (real money) into bitcoins was an arduous task.

    Karpeles agreed to purchase the company from McCaleb and by Feb. 3, 2011, he had signed an agreement with McCaleb to buy the firm, under some very unusual terms.

    The seller (McCaleb) wrote into the contract that the Seller is uncertain if mt.gox.com is compliant or not with any applicable U.S. code or statute, or law of any country. And it included an article of indemnification: The buyer agrees to indemnify Seller against any legal action that is taken against Buyer or Seller with regards to mtgox.com or anything acquired under this agreement.

    Shortly after the handover, Karpeles became aware that Mt.Gox had already been hacked at least once and was missing a substantial number of bitcoinsa total of 80,000 to be precise.

    The following email on April 28, 2011, which reportedly has been submitted into evidence by both sides in the trial, was probably the beginning of Mark Karpeless nightmare:

    From: Jed McCaleb <[email protected]>

    Date: 2011/04/28 22:33

    To: Mark Karpeles <[email protected]>

    I cant tell how big an issue it will be to be short 80k BTC (*80,000 bitcoin) if the price goes to $100 or something. That is quite a bit to owe at that point but mtgox should have made a ton of BTC (Bitcoin) getting to there. There is also still the fact that the BTC (Bitcoin) balance will probably never fall below 80k. So maybe you dont really need to worry about it.

    There are 3 solutions I have thought of:

    – Slowly buy more BTC with the USD that Gox Bot has. Hopefully you would fill up the loss before the price got out of hand.

    – Buy a big chunk of BTC (really just moving the BTC debt to the USD side) If BTC goes up this is a huge win. Problem is there isnt enough BTC for sale on mtgox. Maybe you could find someone on the forum to do it.

    – Get those crystal island people to investThey have 200+ BTC so they could fill in the gap.

    Maybe you could just mine it

    The Daily Beast has been trying to reach Jed McCaleb for several weeks both through his email accounts and social media accounts but he has not responded.

    Kim Nilsson, a computer security expert at WizSec who has been analyzing the case for over two years, says, Assuming the emails are genuine considering the timing, both Mark and Jed were aware of some 80,000 BTC that seem to have already been missing before the large June 2011 hack, and Jed was suggesting possible approaches to recovering from it. The question then remains: did either of them put these plans into actionfor example creating a trading bot (a software application that runs automated tasks) to cover the loss.

    That is still an unresolved mystery.

    In April 2011, 80,000 bitcoins were worth approximately $62,400.

    Maybe Karpeles figured he could make it back up as he went along. But luck was not on his side. As he would try to fill the hole, the price of bitcoins kept rising. By June 2, 2011, the value for the missing BTC had jumped to over $800,000.

    Unfortunately for Karpeles, he had signed a non-disclosure agreement that left him unable to discuss the loss, and he faced the Sisyphean task of recovering the missing bitcoins on his owna problem that became greater by the day and sometimes by the hour as the value of bitcoins skyrocketed.

    In June of 2011, Mt. Gox was hacked once again. Investigators at the time believed that hackers might have gained access to Jed McCalebs administrator account, which was still active.

    Karpeless reaction to the hack was to move the majority of the bitcoins off-line into what is called cold storage and place them in safety deposit boxes dispersed through various banks in Tokyo. He only left enough online to make sure transactions could be carried out. But having moved the bitcoins off, Karpeles neglected to reconcile the amounts of cold storage with other customer accounts. Karpeles became increasingly paranoid about hackersalmost obsessive.

    An individual who worked at Mt. Gox handling accounting told The Daily Beast, on condition we not identify him by name because of his role in the investigation, Mt. Gox was not an investment company, according to my opinion. It was like a pachinko parlor gift exchange. (Pachinko is a Japanese variant of pinball with a payoff.)

    The man in charge of accounting says he urged Karpeles to reconcile the BTC (Bitcoin) balance, the on-line balance, and the fiat (cash) balance several times but was spurned.

    I told him, I want to know where are the bitcoins, and we need to reconcile, and Mark replied, mendokusai [its a pain in the ass]. He said it was too difficult and too risky, because to reconcile the balance, you need to put the bitcoins from the cold storage onto a hot wallet, and there is the risk that it could be hacked, so he didnt want to do it.

    A hot wallet refers to bitcoins onlinea situation that makes them more vulnerable to cyber predators.

    Karpeles insisted that bitcoins in a cold-wallet, sometimes printed out on sheets of paper, were much more secure. He thought it was difficult to know how much each cold wallet is worth until you put the BTC back on-lineor make notations on the paper wallets when creating them.

    The virtual money was becoming makeshift paper money, and there were masses of it.

    The accounts manager understood what Karpeless concerns were from a cyber security perspective but still felt that not reconciling the accounts was dangerous.

    I didnt think it was reasonable not to reconcile, but I thought its his company, hes the CEO, so I said okay.

    Former employees of Karpeles say that he might have made it all work. They claim rogue U.S. government agents seized $5 million of Mt. Gox funds in summer 2013 in retaliation for Karpeless refusal to cooperate with them. This seizure supposedly cut into the firms operating reserves, which may have been the beginning of the end, at least according to the former Mt. Gox accountant.

    In the meantime, Karpeles voluntarily assisted U.S. authorities in their investigation of the online black market Silk Road, evidently hoping that would buy him some sort of immunity.

    It didnt.

    The first time I got the signal that the bitcoins were missing, it was when Mark told me, sometime in early February [2014], said the accountant. He called me in his office, and he said, There is a chance that Mt. Gox might have to file for bankruptcy. And he asked me to go to the law firm Baker & McKenzie the next day to discuss with them. 

    The accountant recalls that Karpeles was eerily calm at the timebut that Mark was always that way. He was like a more stoic version of the Cheshire Cat. He was always smiling. He could probably tell you, Oh, the entire office is on fire and wed better leave before we burn to death and it would be the same expression.

    The Japanese courts will determine if Karpeles has committed criminal acts, but the latest revelations would make anyone ask: Is he a con-man, a victim, a fall-guy, or all of the above?

    One thing seems clearKarpeles bought a company already missing tens of thousands of bitcoins.

    Did the thief who took them take hundreds of thousandsworth hundreds of millions of dollarsmore? Someone did, in the heist of the century, and to solve it, the police need to make a case that depends on more than coercion and confession.

    Read more: www.thedailybeast.com

    Amnesty condemns ‘over-militarized policing’ at Standing Rock protests

    Activists participate in an art project conceived by Cannupa Hunska Luger, from the Standing Rock Sioux Tribe, at Oceti Sakowin Camp on the edge of the Standing Rock Sioux Reservation on December 3, 2016 outside Cannon Ball, North Dakota.
    Image: Getty Images

    Days after local authorities were condemned for spraying people with water cannons in freezing temperatures, Amnesty International has called for an end to America’s “over-militarized” response to the Standing Rock protest in North Dakota.

    On Saturday, the organisation demanded President Obama halt the construction of the Dakota Access Pipeline.

    It also condemned the “excessive” force used on those seeking to end the nearly 1,200-mile oil pipeline’s advance under the Missouri River the chief water source for the Standing Rock Sioux Tribe.

    Amnesty International human rights observers have travelled to the site, where protestors, who call themselves water protectors, have faced off with security guards and local police.

    What they saw horrified them.

    “People exercising their human rights to assemble, pray and speak out have been brutally arrested, shot with rubber bullets, drenched in tear gas, and sprayed with water in freezing temperatures,” Zeke Johnson, managing director of Amnesty International USA’s Individuals at Risk Program, wrote on Medium.

    “Non-violent Indigenous People opposed to the Dakota Access pipeline have been met with over-militarized policing and excessive, disproportionate and unnecessary military force.”

    Since August, more than 525 people from throughout the country have been arrested during protests.

    Snow covers Oceti Sakowin Camp near the Standing Rock Sioux Reservation on November 30, 2016 outside Cannon Ball, North Dakota.

    Image: Getty Images

    Divergent actor Shailene Woodley has also been vocal about Standing Rock, visiting the encampment in October.

    Talking with Gasland director Josh Fox recently, she said Obama must take a stand, Rolling Stone reported.

    Acknowledging fears that President-elect Donald Trump would simply reverse any decision made by the president, Woodley said that was no reason for inaction.

    “I ask that they look at this situation, not out of a place of fear if you’re fearful that President-elect Trump will reinstall this pipeline, then you’re going to have to trust that the people on the ground aren’t going to let that happen.”

    The pipeline is being constructed by Energy Transfer Partners, a company in which Trump holds stock.

    Woodley is one of many who have asked Obama to end the stand-off during his last months in office.

    In a powerful video, Kendrick Eagle of the Standing Rock reservation in North Dakota called for Obama to make good on his promises to America’s first people.

    Eagle said he met Obama in 2014 when the president visited Standing Rock, and also during a visit to D.C. “You came here to speak with the youth of Standing Rock,” he said. “You gave us hope, a lot of hope.”

    “I’m here standing with my people talking to you, and asking you if you can come and help us stop this pipeline. I just want you to stick to your words. You said you would have our backs as long as you were in office.”

    The U.S. Army Corps of Engineers has told the water protectors to leave federal land by Dec. 5, including the main Oceti Sakowin camp.

    The Associated Press contributed reporting.

    BONUS: MazaCoin: The First Native American Cryptocurrency (Documentary)

    Read more: