BEHZAD MESRI Charged in $6M HBO Hack
November 22, 2017
The DOJ unsealed of an indictment charging BEHZAD MESRI, a/k/a “Skote Vahshat,” for his involvement in a scheme to obtain unauthorized access to the computer systems of Home Box Office, Inc. (“HBO”), steal proprietary data from those systems, and obtain $6 million worth of Bitcoin from HBO through extortion by threatening to disseminate stolen content. Subsequently, MESRI leaked the stolen content on the Internet, including but not limited to confidential information about upcoming episodes of the popular television series, “Game of Thrones,” and video files containing unreleased episodes of other television series created by HBO.
Acting Manhattan U.S. Attorney Joon H. Kim said: “Behzad Mesri, an Iranian national who had previously hacked computer systems for the Iranian military, allegedly infiltrated HBO’s systems, stole proprietary data, including scripts and plot summaries for unaired episodes of Game of Thrones, and then sought to extort HBO of $6 million in Bitcoins. Mesri now stands charged with federal crimes, and although not arrested today, he will forever have to look over his shoulder until he is made to face justice. American ingenuity and creativity is to be cultivated and celebrated -- not hacked, stolen, and held for ransom. For hackers who test our resolve in protecting our intellectual property -- even those hiding behind keyboards in countries far away -- eventually, winter will come.”
FBI Assistant Director William F. Sweeney Jr. said: “In the simplest of terms, he lurked in the alleyways of the Internet, identified the vulnerabilities of his victim, and pickpocketed their information from thousands of miles away. After he had successfully identified their proprietary secrets, he held their future for ransom. Today’s charges show that international cybercriminals are never beyond the reach of U.S. laws. This indictment unsealed today is the product of the countless hours put in by investigators in the FBI’s Cyber Division working alongside our prosecutors at the Southern District of New York U.S. Attorney’s office.”
According to the allegations contained in the Indictment unsealed today in Manhattan federal court:
Background on Behzad Mesri
MESRI is an Iran-based computer hacker who had previously worked on behalf of the Iranian military to conduct computer network attacks that targeted military systems, nuclear software systems, and Israeli infrastructure. At certain times, MESRI has been a member of an Iran-based hacking group called the Turk Black Hat security team and, as a member of that group, conducted hundreds of website defacements using the online hacker pseudonym “Skote Vahshat” against websites in the United States and elsewhere.
Online Reconnaissance and Hack of HBO
Starting in approximately May 2017, MESRI conducted online reconnaissance of HBO’s computer networks and employees. Among other things, MESRI searched for access points to the network where employees and other authorized users could remotely access HBO’s computer systems.
From approximately May 2017 to July 2017, MESRI successfully compromised multiple user accounts belonging to HBO employees and other authorized users, and used those accounts to repeatedly obtain unauthorized access to HBO’s computer servers. Over the course of several months, MESRI used that unauthorized access to steal confidential and proprietary information belonging to HBO, which he then exfiltrated to servers under his control. Through the course of the intrusions into HBO’s systems, MESRI was responsible for stealing confidential and proprietary data belonging to HBO, including, but not limited to: (a) confidential video files containing unaired episodes of original HBO television programs, including episodes of “Barry,” “Ballers,” “Curb Your Enthusiasm,” “Room 104,” and “The Deuce;” (b) scripts and plot summaries for unaired programming, including but not limited to episodes of “Game of Thrones;”(c) confidential cast and crew contact lists; (d) emails belonging to at least one HBO employee; (e) financial documents; and (f) online credentials for HBO social media accounts (collectively, the “Stolen Data”).
Commencement of Extortion Scheme
Between approximately July 23, 2017, and July 29, 2017, MESRI engaged in a scheme to extort HBO by transmitting, or aiding and abetting the transmission of, the following email messages, each of which was sent to multiple HBO executives and employees:
Release of Stolen Data
Starting on approximately July 30, 2017, and continuing through August 2017, MESRI caused portions of the Stolen Data to be publicly leaked over the Internet on websites that he controlled. Certain of the video materials that MESRI caused to be leaked included a graphic depicting the “Night King” that was superimposed at the bottom of the video. In addition, MESRI undertook efforts to promote the leaks of the Stolen Data on the Internet, including by, among other things, causing emails to be sent to members of the media regarding the leaks, and causing the creation of a Twitter profile to announce the leaks and provide evidence of the hack of HBO’s computer network.
* * *
MESRI, 29, a citizen and resident of Iran, is charged with one count of wire fraud, which carries a maximum sentence of 20 years in prison; one count of computer hacking, which carries a maximum sentence of five years in prison; three counts of threatening to impair the confidentiality of information, each of which carries a maximum sentence of five years in prison; one count of aggravated identity theft, which carries a mandatory sentence of two years in prison; and one count of interstate transmission of an extortionate communication, which carries a maximum sentence of two years in prison. The maximum potential sentences in this case are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by the assigned judge.