Feds Indict Iranian Over ‘Game of Thrones’ Hacks

Gigacycle > Information & Guidance  > Feds Indict Iranian Over ‘Game of Thrones’ Hacks

Feds Indict Iranian Over ‘Game of Thrones’ Hacks

Breach Response
Data Breach
Data Loss

Iranian National Charged With Extortion, Leaking Unreleased Episodes

Feds Indict Iranian Over 'Game of Thrones' Hacks
The Night King from the HBO series “Game of Thrones.” (Photo: HBO)

A 29-year-old Iranian man has been charged with a $6 million extortion attempt against entertainment company HBO after he allegedly stole scripts for unaired episodes of the popular show “Game of Thrones” and other confidential information.

See Also: How to Scale Your Vendor Risk Management Program

Behzad Mesri is accused of compromising accounts for HBO employees that allowed him to gain deep access into the broadcaster’s systems. Mesri claimed to have obtained 1.5 terabytes of information, including unaired episodes of “Ballers,” “Barry,” “Room 104,” “Curb Your Enthusiasm” and “The Deuce.”

Mesri is charged with wire fraud, one count of computer hacking, three counts of threatening to impair the confidentiality of information and one count of interstate transmission of extortionate communication, according to the indictment, which was unsealed Tuesday in U.S. District Court for the Southern District of New York.

If convicted, Mesri could face a maximum of 24 years in prison. But Mesri lives in Iran, and the U.S. does not have an extradition treaty with the country.

“Mesri now stands charged with federal crimes, and although not arrested today, he will forever have to look over his shoulder until he is made to face justice,” says Acting Manhattan U.S. Attorney Joon H. Kim in a news release.

The U.S. Department of Justice has increasingly secured indictments on computer hacking related charges against people living overseas in countries such as Russia or China, which also don’t have extradition agreements with the U.S.

Those indictments may never result in prosecutions if those accused stay in those places, but it also makes it difficult for them to travel to countries that do have agreements with the U.S.

Extortion Attempt

Source: FBI

The attack against HBO was one of several high-profile extortion attempts this year. The target of those schemes is confidential, sensitive or simply embarrassing data that is held for a ransom, usually payable in virtual currency.

Although the FBI advises against paying ransoms, in some cases, organizations view paying as a cost of doing business. But they’re also hedging that a hacker who has committed a crime will uphold their end of the deal and not release the data publicly.

HBO’s situation spilled out publicly. Mesri is alleged to have emailed the news media as he continued to pressure HBO into paying. A Twitter account was used to tease proof of the compromise. In early August, HBO disclosed that it had been targeted.

Mesri allegedly demanded $6 million in bitcoin, the virtual currency that has surged in price in recent weeks. Starting in May, Mesri compromised “multiple user accounts” and used the access to gain access to HBO’s servers, according to the indictment.

After compromising the data, Mesri sent emails in late July to HBO executives, employees and others with a “non-negotiable” ransom demand, the indictment says. He also allegedly threatened to erase data on “80 terabyte hard drives.”

Mesri allegedly sent an email to HBO executives claiming he had obtained scripts and final video files. According to the indictment, the email contained this image of the Night King from the series “Game of Thrones.”

The incident for which Mesri has been charged is different from one that also affected HBO and resulted in the release of one episode of “Game of Thrones.”

On Aug. 15, police in India arrested four men, three current and one former employee who worked for Prime Focus Technologies. That company was a contractor of Star India, a broadcasting company that carries HBO programming. The men were accused of using their insider access to steal the episode (see Authorities: 4 Insiders Leaked ‘Game of Thrones’ Episode).

Website Defacements

U.S. prosecutors alleged that Mesri was part of an Iran-based hacking group called the Turk Black Hat Security team. That group defaced websites, and Mesri is believed to have used the pseudonym “Skote Vahshat.”

Prosecutors also believe Mesri did work for the Iranian government, which experts say has well-developed offensive cyber capabilities.

“Mesri was a self-professed expert in computer hacking techniques and had worked on behalf of the Iranian military to conduct computer network attacks that targeted military systems, nuclear software systems and Israeli infrastructure,” the indictment reads.

Source: Department of Justice.

Sour Deals

HBO didn’t pay the ransom and now has seen an indictment get lodged against the alleged perpetrator. Other entertainment companies, however, haven’t been so lucky.

The post-production facility Larsen Studios in Hollywood saw its systems get breached in December 2016. The attackers identified themselves as being part of The Dark Overlord hacking group. As reported by Variety, Larsen gave the attackers $50,000 in bitcoins to try and satisfy their demands.

But the group failed to honor its agreements, claiming that it discovered Larsen Studios had been in contact with the FBI, and released some of the stolen data. That included season five for the hit Netflix TV series “Orange Is the New Black,” which had yet to be released.

Go to Source

No Comments

Sorry, the comment form is closed at this time.