Feds Indict Iranian Over 'Game of Thrones' HacksIranian National Charged With Extortion, Leaking Unreleased Episodes
A 29-year-old Iranian man has been charged with a $6 million extortion attempt against entertainment company HBO after he allegedly stole scripts for unaired episodes of the popular show "Game of Thrones" and other confidential information.
See Also: Threat Intelligence - Hype or Hope?
Behzad Mesri is accused of compromising accounts for HBO employees that allowed him to gain deep access into the company's systems. Mesri claimed to have obtained 1.5 terabytes of information, including unaired episodes of "Ballers," "Barry," "Room 104," "Curb Your Enthusiasm" and "The Deuce."
Mesri is charged with one count each of wire fraud, computer hacking and interstate transmission of extortionate communication and three counts of threatening to impair the confidentiality of information, according to the indictment, which was unsealed Tuesday in U.S. District Court for the Southern District of New York.
If convicted, Mesri could face a maximum of 24 years in prison. But Mesri lives in Iran, and the U.S. does not have an extradition treaty with the country.
"Mesri now stands charged with federal crimes, and although not arrested today, he will forever have to look over his shoulder until he is made to face justice," says Acting Manhattan U.S. Attorney Joon H. Kim.
The U.S. Department of Justice has increasingly issued indictments on computer hacking-related charges against those living in countries such as Russia or China, which also don't have extradition agreements with the U.S. Those indictments may never result in prosecutions if those accused stay in those places, but it also makes it difficult for them to travel to countries that do have agreements with the U.S.
The attack against HBO was one of several high-profile extortion attempts this year. The target of those schemes is confidential, sensitive or simply embarrassing data that is held for a ransom, usually payable in virtual currency.
Although the FBI advises against paying ransoms, in some cases, organizations view paying as a cost of doing business. But they're also hedging that a hacker who has committed a crime will uphold their end of the deal and not publicly release the data.
HBO's situation spilled out publicly. Mesri is alleged to have emailed the news media as he continued to pressure HBO into paying. A Twitter account was used to tease proof of the compromise. In early August, HBO disclosed that it had been targeted.
Mesri allegedly demanded $6 million in bitcoin, the virtual currency that has surged in price in recent weeks. Starting in May, Mesri compromised "multiple user accounts" and used the access to gain access to HBO's servers, according to the indictment.
After compromising the data, Mesri sent emails in late July to HBO executives, employees and others with a "non-negotiable" ransom demand, the indictment says. He also allegedly threatened to erase data on "80 terabyte hard drives."
The incident for which Mesri has been charged is different from another one that resulted in the release of one episode of "Game of Thrones."
On Aug. 15, police in India arrested four men, three current and one former employee who worked for Prime Focus Technologies, in connection with that separate incident. That company was a contractor of Star India, a broadcasting company that carries HBO programming. The men were accused of using their insider access to steal the episode (see Authorities: 4 Insiders Leaked 'Game of Thrones' Episode).
U.S. prosecutors alleged that Mesri was part of an Iran-based hacking group called the Turk Black Hat Security team. That group defaced websites, and Mesri is believed to have used the pseudonym "Skote Vahshat."
Prosecutors also believe Mesri did work for the Iranian government, which experts say has well-developed offensive cyber capabilities.
"Mesri was a self-professed expert in computer hacking techniques and had worked on behalf of the Iranian military to conduct computer network attacks that targeted military systems, nuclear software systems and Israeli infrastructure," the indictment reads.
HBO didn't pay the ransom and now has seen an indictment get lodged against the alleged perpetrator. Other entertainment companies, however, haven't been so lucky.
The post-production facility Larsen Studios in Hollywood saw its systems get breached in December 2016. The attackers identified themselves as being part of The Dark Overlord hacking group. As reported by Variety, Larsen gave the attackers $50,000 in bitcoins in an attempt to satisfy their demands.
But the group failed to honor its agreements, claiming that it discovered Larsen Studios had been in contact with the FBI, and then released some of the stolen data. That included season five for the hit Netflix TV series "Orange Is the New Black," which had yet to be released.