Iranian ‘Game of Thrones’ Hacker Demanded $6 Million Bitcoin Ransom From HBO, Feds Say
The Justice Department says a former black hat for Tehran's military dumped scripts of the show in an apparent effort to prove his bona fides and shake down the media giant.
Photo Illustration by Elizabeth Brockway/The Daily Beast
The Department of Justice on Tuesday charged an Iranian national with allegedly hacking into HBO, dumping a selection stolen files, and attempting to extort the company by ransoming a treasure trove of the company’s content. This summer, hackers released a bevy of internal HBO files, included scripts for Game of Thrones and full, unaired episodes of other shows.
Behzad Mesri, aka “Skote Vahshat”, at one point worked for the Iranian military to break into military and nuclear systems, as well as Israeli infrastructure, according to the newly released complaint. Under his Vahshat pseudonym, Mesri also defaced hundreds of websites in the U.S. and around the world, the complaint adds.
FBI
Mesri started his hacking campaign in around May 2017, according to the complaint, probing HBO’s systems and employees for weaknesses. Mesri managed to compromise multiple HBO employee accounts as well as other authorized users; from here, he allegedly stole confidential and proprietary information. These included unaired episodes of Ballers, Barry, Room 104, Curb Your Enthusiasm, and The Deuce, as well as scripts for Game of Thrones. Indeed, the hacker behind the HBO breach publicly dumped much of this material online this summer.
Mesri was allegedly not content with just stealing information. Starting in July, he supposedly started to extort HBO.
“Hi to All losers! Yes it’s true! HBO is hacked! … Beware of heart Attack!!!” an anonymous email sent to HBO staff included in the complaint reads. The hacker claimed to have stolen some 1.5 terabytes of data, the email added.
Mesri allegedly tried to pry $6 million from HBO in the digital currency bitcoin. As The Daily Beast reported during the extortion effort in August, an HBO employee offered the hacker $250,000, although that was likely to be an effort to stall the hacker. Mesri also pinched financial documents and login details for HBO’s social media accounts, the complaint reads. (A group of hackers known as OurMine took over several HBO Twitter accounts in August, but the group appears to be distinct from Mesri’s alleged crimes).
What separated this hacking and extortion campaign from some others is how public the whole thing played out. The HBO hackers set up a dedicated website to catalogue media reports on their efforts, and consciously reached out to journalists, likely in an attempt to exert pressure on HBO. Prosecutors explicitly mention this in the complaint, and how Mesri allegedly “undertook efforts to promote the leaks.”
Mesri is charged with wire fraud, four different counts of computer fraud, interstate transmission of an extortionate communication, and aggravated identity theft.
An HBO spokesperson told The Daily Beast in a statement that, “HBO has confirmed in the past that we were working with law enforcement from the early stages of the cyber incident. As far as the criminal case is concerned, we prefer to leave any comments to the US Attorney’s Office.”