Iranian charged in Game Of Thrones hack, extortion scheme

Lena Headey as Cersei Lannister in HBO's Game Of Thrones.
Lena Headey as Cersei Lannister in HBO's Game Of Thrones.PHOTO: HELEN SLOAN/HBO

NEW YORK (BLOOMBERG) - An Iranian man with ties to the country's military taunted HBO employees with the e-mail greeting "Hi All losers!" before announcing he'd stolen scripts to unreleased Game Of Thrones episodes and other sensitive data, US prosecutors said.

Behzad Mesri, 29, an alleged member of an Iran-based group of hackers called the Turk Black Hat security team, was charged with breaking into HBO's computer servers and trying to extort US$6 million (S$8.1 million) in bitcoin from the cable network.

Mesri, who is not in US custody, previously worked for the Iranian military to conduct computer attacks against defence systems, nuclear software systems and Israeli infrastructure, according to an indictment returned by a grand jury Nov 7 and unsealed on Tuesday (Nov 21).

The indictment against Mesri comes amid talk of plans by US President Donald Trump to scrap a 2015 nuclear deal with Iran and reimpose economic sanctions. The Washington Post reported that Justice Department prosecutors were being pressed to consider making public any investigations or charges involving Iran or its citizens.

Acting Manhattan US Attorney Joon Kim called Mesri "an experienced, sophisticated hacker who has been wreaking havoc on computer systems around the world for some time".

Prosecutors in Manhattan charged Mesri, who they say used the hacker name "Skote Vahshat", with seven criminal counts including wire fraud and computer fraud. The wire-fraud charge carries a possible sentence of up to 20 years in prison.

ACCESS POINTS

Beginning in May, Mesri searched for ways to get into Home Box Office's network, using points where employees and other authorised users accessed the system from outside, according to prosecutors.

He allegedly downloaded huge amounts of data, including video files of unreleased episodes of Ballers, Barry, Room 104, Curb Your Enthusiasm and The Deuce.

He also stole scripts and plot summaries for unaired episodes of Game Of Thrones and other shows, confidential lists of cast and crew contact information, financial documents, credentials and e-mails from at least one HBO employee, prosecutors say.


Iranian hacker Behzad Mesri in an FBI handout photo. PHOTO: REUTERS

"HBO has confirmed in the past that we were working with law enforcement from the early stages of the cyber incident," the network said in a statement. The company referred questions about the criminal case to Kim's office.

In a July 23 anonymous e-mail sent to HBO, Mesri allegedly threatened: "Yes it's true! HBO is hacked! ... Beware of heart Attack!!!" 

He sent another e-mail: "I have the honor to inform you... that we successfully breached into your huge network" and that "in a complicated cyber operation, infiltration into your network (was) accomplished and we obtained most valuable information."

The second e-mail included an image of the "Night King," a Game of Thrones character, with the message "Good luck to HBO."

BIG DATA

Mesri allegedly told HBO he took 1.5 terabytes of data, which he threatened to release publicly if the network failed to pay a "nonnegotiable" ransom of US$5.5 million in bitcoin. He later raised the amount to US$6 million, according to prosecutors.

In late July and into August, Mesri leaked some of the HBO material on the Internet through websites under his control, then promoted the leaks through e-mails to the press and on a Twitter account, prosecutors say.

"Today's charges make clear that nation-states, like Iran, routinely employ alleged criminals, mercenaries, like Mesri, to conduct network attacks in America and elsewhere," Kim said.

He pointed to charges filed in March 2016 against hackers linked to the Iranian government who allegedly launched attacks on US financial institutions and on a flood-control dam north of New York City.

"Unfortunately, I suspect that this will not be the last time we charge cyber offences against hackers with ties to the Iranian government," Kim said.