Iranian Charged in `Game of Thrones' Hack, Extortion Scheme
Iranian Tied to His Military Accused of `Game of Thrones' Hack
(Bloomberg) -- An Iranian man with ties to the country’s military taunted HBO employees with the email greeting "Hi All losers!" before announcing he’d stolen scripts to unreleased “Game of Thrones” episodes and other sensitive data, U.S. prosecutors said.
Behzad Mesri, 29, an alleged member of an Iran-based group of hackers called the Turk Black Hat security team, was charged with breaking into HBO’s computer servers and trying to extort $6 million in bitcoin from the cable network. Mesri, who isn’t in U.S. custody, previously worked for the Iranian military to conduct computer attacks against defense systems, nuclear software systems and Israeli infrastructure, according to an indictment returned by a grand jury Nov. 7 and unsealed Tuesday.
The indictment against Mesri comes amid talk of plans by U.S. President Donald Trump to scrap a 2015 nuclear deal with Iran and reimpose economic sanctions. The Washington Post reported that Justice Department prosecutors were being pressed to consider making public any investigations or charges involving Iran or its citizens.
Acting Manhattan U.S. Attorney Joon Kim called Mesri "an experienced, sophisticated hacker who has been wreaking havoc on computer systems around the world for some time." Prosecutors in Manhattan charged Mesri, who they say used the hacker name "Skote Vahshat," with seven criminal counts including wire fraud and computer fraud. The wire-fraud charge carries a possible sentence of up to 20 years in prison.
Access Points
Beginning in May, Mesri searched for ways to get into Home Box Office Inc.’s network, using access points where employees and other authorized users accessed the system from outside, according to prosecutors. He allegedly used the access to download huge amounts of data, including video files of unreleased episodes of "Ballers," "Barry," "Room 104," "Curb Your Enthusiasm" and "The Deuce."
He also stole scripts and plot summaries for unaired episodes of "Game of Thrones" and other shows, confidential lists of cast and crew contact information, financial documents, credentials and emails from at least one HBO employee, prosecutors say.
In a July 23 anonymous email sent to HBO, Mesri allegedly threatened: "Yes it’s true! HBO is hacked! ... Beware of heart Attack!!!" He sent another email: "I have the honor to inform you... that we successfully breached into your huge network" and that "in a complicated cyber operation, infiltration into your network [was] accomplished and we obtained most valuable information."
The second email included an image of the "Night King," a Game of Thrones character, with the message "Good luck to HBO."
Big Data
Mesri allegedly told HBO he took 1.5 terabytes of data, which he threatened to release publicly if the network failed to pay a "nonnegotiable" ransom of $5.5 million in bitcoin. He later raised the amount to $6 million, according to prosecutors.
In late July and into August, Mesri leaked some of the HBO material on the Internet through websites under his control, then promoted the leaks through emails to the press and on a Twitter account, prosecutors say.
Quentin Schaffer, an HBO spokesman, didn’t immediately return a message seeking comment.
"Today’s charges make clear that nation-states, like Iran, routinely employ alleged criminals, mercenaries, like Mesri, to conduct network attacks in America and elsewhere," Kim said.
He pointed to charges filed in March 2016 against hackers linked to the Iranian government who allegedly launched attacks on U.S. financial institutions and on a flood-control dam north of New York City.
"Unfortunately, I suspect that this will not be the last time we charge cyber offenses against hackers with ties to the Iranian government," Kim said.
The case is U.S. v. Mesri, 17-cr-00689, U.S. District Court, Southern District of New York (Manhattan).
To contact the reporter on this story: Bob Van Voris in federal court in Manhattan at rvanvoris@bloomberg.net.
To contact the editors responsible for this story: David Glovin at dglovin@bloomberg.net, Paul Cox, Joe Schneider
©2017 Bloomberg L.P.