UPDATED: The U.S. Attorney’s Office for the Southern District of New York on Tuesday announced charges against an Iranian national who allegedly hacked HBO’s servers and attempted to extort $6 million from the premium cable programmer.
Federal authorities charged Behzad Mesri, a 29-year-old citizen and resident of Iran, with seven criminal counts including computer hacking and fraud; wire fraud; interstate transmission of an extortionate communication; and aggravated identity theft.
According to the U.S. Attorney’s Office, Mesri (a.k.a. “Skote Vahshat”) broke into HBO computers and stole data — including unaired episodes of “Game of Thrones” and financial data — and then threatened to release the info unless HBO paid $5.5 million in Bitcoin.
Mesri is currently in Iran, and “we are unfortunately unable to arrest him today,” Joon Kim, acting U.S. Attorney for the Southern District of New York, told reporters at a press conference. But, Kim added, “He will never be able to travel outside of Iran without fear that he will be arrested on these charges.”
If convicted, Mesri faces a maximum sentence of 20 years in prison for wire fraud; up to five years for each of the four charges related to computer fraud; a two-year mandatory sentence for aggravated identity theft; and up to two years in prison for the extortion charge. Mesri was indicted by a federal grand jury on Nov. 8 and a warrant was issued for his arrest.
Between about May and July of 2017, Mesri compromised multiple user accounts belonging to HBO employees and other authorized users to gain access to the cable network’s proprietary information, according to a grand jury indictment released by the U.S. Attorney’s Office in New York.
HBO said in a statement: “HBO has confirmed in the past that we were working with law enforcement from the early stages of the cyber incident. As far as the criminal case is concerned, we prefer to leave any comments to the U.S. Attorney’s Office.”
In July, HBO confirmed that its computer systems had been breached, resulting in what it said was “the compromise of proprietary information.” The hacker, who called himself “Mr. Smith” in some communiques, reportedly made off with a trove of 1.5 terabytes of data and demanded millions in ransom payments from HBO in Bitcoin.
The hacker released of a “Game of Thrones” script and episodes of HBO shows including “Ballers” and “Curb Your Enthusiasm,” and gloated about the hack on Twitter and in emails to HBO execs and the media. HBO offered a $250,000 payoff to the hacker as a so-called “bug bounty,” but that move was in fact was a stall tactic by HBO as it assessed the situation.
According to federal investigators, Mesri stole unaired episodes of HBO original series including episodes of “Barry,” “Ballers,” “Curb Your Enthusiasm,” “Room 104,” and “The Deuce”; scripts and plot summaries for unaired programming including episodes of “Game of Thrones”; confidential cast and crew contact lists; emails belonging to at least one HBO employee; financial documents; and online credentials for HBO social media accounts.
In his email demanding a “non-negotiable” ransom payment of $5.5 million in Bitcoin, Mesri included an image of the zombie Night King from “Game of Thrones” with the message, “Good luck to HBO.”
Mesri had worked on behalf of the Iranian military to carry out cyberattacks that targeted military systems, nuclear software systems, and Israeli infrastructure, according to authorities. As a member of Iran-based hacking group Turk Black Hat Security, he had defaced hundreds of websites in the U.S. and elsewhere under the pseudonym “Skote Vahshat,” officials said.
On Sunday, the Washington Post reported that the Justice Department was preparing to announce charges against the HBO hacker along with other cases involving Iranian suspects. The report cited anonymous sources who said law-enforcement officials were concerned DOJ brass were pushing to publicly announce such cases because the Trump administration wants Congress to impose new sanctions on Iran.
Kim, the federal prosecutor, said the charges against Mesri were announced Tuesday after the U.S. Attorney’s Office in New York considered whether there was a realistic chance of actually apprehending the suspect, weighed against the “importance of sending a message that we can and will, even when you are immediately beyond our reach, target you and make a public statement like this.”
A rep for the U.S. Attorney’s Office in Manhattan declined to provide details on how investigators tracked down Mesri or how Mesri allegedly obtained login credentials to access HBO’s systems. The case was cracked “through the ingenuity and hard work of the men and women of the FBI,” the spokesman said.
The FBI on Tuesday released a wanted poster for Mesri, seeking information on him (click to download full-size image):
Separately, in August police in India arrested four people — who were employees of a vendor working with HBO distribution partner Sky India — in connection with the theft of a “Game of Thrones” season 7 episode that was leaked to piracy sites ahead of its premiere on HBO.
Also in August, HBO’s Twitter and Facebook accounts were temporarily hijacked by notorious hacker collective OurMine.