US indicts Iranian in ‘Game of Thrones’ HBO hack

21 Nov, 2017 21:25 / Updated 7 years ago

The Department of Justice has charged an Iranian national over a hack resulting in stolen data from HBO, including unaired episodes of the ‘Game of Thrones’ series.  Behzad Mesri sought millions of dollars in bitcoins, threatening to post spoilers on the internet.

Mesri, also known as “Skote Vahshat,” was named in Tuesday’s indictment by acting Manhattan US Attorney Joon H. Kim. Mesri had “previously hacked computer systems for the Iranian military,” and allegedly “infiltrated HBO’s systems, stole proprietary data, then sought to extort HBO of $6 million in Bitcoins,” said Kim.

The purloined data included scripts and plot summaries of unaired episodes of ‘Game of Thrones,’ Kim added.

Starting in May 2017, Mesri conducted “online reconnaissance of HBO’s computer networks and employees” and “searched for access points to the network,” the indictment said. Over a period of three months, he successfully compromised multiple user accounts and used these to obtain unauthorized access to HBO’s computer servers, stealing “confidential and proprietary data” belonging to the channel.

Emails, financial balance sheets, employment agreements and marketing strategies, were listed among the 1.5 terabytes of data claimed to have been stolen by the then-unnamed hackers.

Between July 23 and July 29, Mesri tried to extort HBO executives through emails, with a ransom note eventually demanding $6 million worth of Bitcoin, according to the indictment. HBO responded by offering a “bug bounty,” a payment normally given to legitimate researchers who discover security vulnerabilities. Mesri then leaked portions of the stolen data over the internet on July 27, including unaired episodes of the hit series. He ‘promoted’ the ‘Games of Thrones’ leak by sending emails to the media.

Mesri has been charged with multiple counts, including, wire fraud, computer hacking, aggravated identify theft and interstate transmission of extortionate communication. His crimes carries a maximum potential sentence of 42 years in jail. He is out of reach of authorities, however, as he is not in the US.

“For hackers who test our resolve in protecting our intellectual property ‒ even those hiding behind keyboards in countries far away ‒ eventually, winter will come,” said Kim. He added that although Masri remains at large, “he will forever have to look over his shoulder until he is made to face justice.”

The most recent season of ‘Game of Thrones,’ which ended in August, logged record numbers of live viewers. Some of them stuck around for ‘Ballers’ and ‘Insecure,’ two other shows impacted by the data breach.