“Winter Has Come” for the Iranian Hacker Who Ruined Summer for HBO – (Or Has It?)
This past summer brought with it the fun of Game of Thrones along with a public extortion campaign run by some hackers who were trying to blackmail HBO - the network behind GoT. While an episode was also leaked ahead of its scheduled release, it was later discovered that it was an insider job and unrelated to this particular extortion campaign. Following months of investigation, the Department of Justice has charged an Iranian national, Behzad Mesri, for allegedly hacking into HBO. He is also charged for accessing files, dumping them online, and attempting to extort the company for $6 million worth of Bitcoin.
“Our demand is clear and Non-Negotiable: We want XXXX dollars to stop leaking your Data. HBO spends 12 million for Market Research and 5 million for GOT7 advertisements. So consider us another budget for your advertisements!”
Mesri is also known as Skote Vahshat, who was a member of the Turk Black Hat Security hacking group and had reportedly worked for the Iranian military to break into military and nuclear systems. Today's indictment claims that Mesri is also responsible for conducting "computer network attacks" that targeted "Israeli infrastructure". Under his pseudonym, Mesri is charged with defacing hundreds of websites in the United States and around the world.
The indictment reads that he started his campaign in May probing HBO’s systems and employees for weaknesses, eventually compromising several employee accounts. Stealing what he claimed was over 1.5TB of data, Mesri had also publicly dumped some of this material online.
When HBO refused to pay the extortion money, the hacker turned to the press, contacting media organizations, sending images that featured the Night King from GoT along with scintillating titles like "Winter Is Coming. HB0 Is Failing." At the time it was revealed that someone from HBO had offered to pay $250,000 - while this offer was refused, hackers had leaked this email conversation to the media, as well.
"As a show of good faith on our side, we are willing to commit to making a bug bounty payment of $250,000 to you as soon as we can establish the necessary account and acquire bitcoin," the email read.
The Department has charged Mesri on over seven counts, including wire fraud, four different counts of computer fraud, interstate transmission of an extortionate communication, and aggravated identity theft.
"Today, winter has come for Behzad Mesri," US attorney on HBO hacker
Joon Kim, the acting US attorney in Manhattan, said that HBO had "become a victim of a malicious cyber attack" and credited the network for its "prompt and proactive co-operation" with law enforcement. An HBO spokesperson added that "HBO has confirmed in the past that we were working with law enforcement from the early stages of the cyber incident. As far as the criminal case is concerned, we prefer to leave any comments to the US Attorney’s Office".
"In Game of Thrones, ‘winter is coming’ is the motto of the House of Stark," Kim added during the press conference earlier today. "Today, winter has come for Behzad Mesri."
However, it is unlikely that winter would come for Mesri. The US officials notoriously try to lure hackers inside the country before unsealing indictments (remember Marcus Hutchins? Beard guy?) By unsealing the indictment the department has admitted that Mesri may just be out of reach.
"Mersi allegedly organized his hacking scheme from halfway around the world, in Iran," Kim said. "He now stands charged with federal crimes, and although not arrested today, he will forever have to look over his shoulder until he is made to face justice."