Iran-based hacker charged with trying to extort HBO
Hacker stole internal HBO documents, along with addresses and phone numbers of Game of Thrones stars
An Iran-based hacker plotted to extort HBO out of $6 million US by threatening to release stolen episodes and scripts of hit shows, such as Game of Thrones, at one point taunting the network with a twist on a catch phrase form that series: "Winter is coming. HBO is falling."
An indictment filed Tuesday in federal court in Manhattan accuses Behzad Mesri of hacking into the cable network's computer system in New York. It says he stole unaired episodes from shows including Curb Your Enthusiasm and The Deuce, story plot summaries and scripts for Game of Thrones and confidential cast and crew contact lists.
The hacker also stole internal HBO financial and strategic documents, and among them were home addresses and phone numbers of Game of Thrones stars.
- HBO offered $250,000 to hackers in bid to delay data release
- Hackers demand millions in ransom for stolen HBO data
Mesri, 29, a fugitive living in Iran who used the alias "Skote Vahshat," earlier this year infiltrated computer accounts of HBO employees authorized to remotely access the network's servers, the indictment says. In July, he emailed HBO executives in New York providing evidence of the hack and demanding $5.5 million in digital currency, a figure later raised to $6 million, it says. Included was an image of Game of Thrones Night King character, leader of an army of zombies, with the words, "Good luck HBO."
After HBO apparently refused to pay, Mesri began leaking portions of the stolen material on websites he controlled, the indictment says. One of the leaks was an unaired episode of a new HBO comedy called Barry on which he superimposed an opening credit showing the Night King and the "HBO is falling" threat, according to the indictment.
In a statement Tuesday, HBO said it is working with law enforcement but declined further comment.
U.S. authorities described Mesri as a computer whiz who sometimes works with a hacker group in Iran called Turk Black Hat Security. He also has teamed with the Iranian military to conduct cyberattacks targeting military and nuclear software systems and Israeli infrastructure, they said.
- Game of Thrones episode leaks amid HBO's hacker crisis
- Hackers threaten to leak upcoming Game of Thrones episode scripts
But there is nothing in the indictment suggesting Mesri targeted HBO on behalf of Iran's government or with its financial support, said Collin Anderson, a U.S.-based internet researcher who specializes in Iran. It's also possible Mesri was acting without the knowledge of Iran's government, he said.
It's also not clear how he came to do hacking work for Iran's military, which could have been as part of compulsory military service, Anderson said.
On most-wanted list
Although Mesri is not in custody, prosecutors decided to publicly charge him and put him on the FBI's most-wanted list to send a message to outlaw hackers that U.S. law enforcement has the means to identify, track and get them arrested if they travel to countries where the United States has better relations, acting U.S. Attorney Joon Kim said.
The U.S. has neither formal diplomatic relations nor an extradition treaty with Iran, meaning the U.S. can't request Mesri's extradition. Likewise, if he travels internationally, he could be arrested and sent to the U.S. to face charges.
"Today, winter has come for Behzad Mesri," Kim said. "He will forever be looking over his shoulder. And if he isn't, he should be."