Iranian Hacker Charged in HBO 'Game of Thrones' Hack, But Can't Be Arrested
Behzad Mesri is in Iran but if he leaves he could be arrested.
An Iranian hacker has been charged for hacking into the HBO servers and stealing Game of Thrones episodes, Joon H. Kim. Acting U.S. Attorney Southern District of New York, announced on Tuesday.
“Winter is coming for Behzad Mesri,” Kim told reporters. Hackers may think they’re safe behind a screen name, but even for them, winter will come, Kim said.
Mesri held video of unaired episodes, scripts, and plot outlines ransom for $6 million in bitcoin. Koon took care to say that Mesri can never leave Iran without fear of being arrested. Mesri claimed to have stolen 1.5 terabytes of data.
For several months before the July breach and subsequent leaks, Mesri conducted reconnaissance on HBO employees and obtained their log-in credentials before breaching the secured HBO server.
He “stole mass quantities of proprietary information and confidential data,” Koon said. “Through anonymous emails, the hacker made his intentions clear, demanding ransom of upwards of $6 million in bitcoins. If HBO did not pay up, he threatened to release stolen scripts, plot summaries, and unaired episodes of a popular HBO show. That was July and August.
Koon said Mesri got materials for Ballers, Curb Your Enthusiasm, and Barry, a hitman comedy series starring Bill Hader due out in 2018.
“Showing a flair for the dramatic, Mesri included in his emails iconic imagery from the Game of Thrones,” Koon said. “For example, he doctored an image of the Night King, a character from the show, in one of his emails and after eventually posting some of the stolen videos and data online, he added his own twist to the Game of Thrones catch-phrase. He posted online an image of the Night King with the phrase, ‘winter is coming,’ and added his own ominous threat,’ HBO is falling.’”
About four months later, the FBI and cyber prosecutors in the Attorney General’s office announced criminal charges.
The reason the attorney general’s office went public with the charges before an arrest was made is because it felt it wouldn’t be able to arrest Mesri because he’s in Iran.
Koon said that Mesri had worked for and with the Iranian military on other cyber weapon projects, including other military systems, nuclear software systems, and Israeli infrastructure.
He worked methodically, Koon said. He transferred the media files to a server under his control. He also stole emails and financial data from HBO as well.
Koon warned Mesri publicly:
“Because Mesri is in Iran, we are unfortunately unable to arrest him today, but Mesri should know, and all other cyber criminals, and would-be cyber criminals should know, that they are not safe behind the anonymity of their computer screens, even if they are a world away,” he said. “If you hack our people, our companies, out institutions, we will work relentlessly and creatively, applying all the tools available to us to identify you, find you, and charge you.
“At some point, maybe not right away, we will find you and bring you to justice.”