US charges Iranian man with Game of Thrones leaks
Behzad Mesri is charged with attempting to extort HBO for $6 million
The FBI has charged an Iranian national for a hack on HBO's systems that led to the leak of TV episodes and spoilers, including plot summaries of the most recent series of Game of Thrones.
The indictment, unsealed on Tuesday, charges Iranian national Behzad Mesri, 29, for his alleged involvement in a scheme to obtain unauthorised access to HBO's computer network in August, the theft of proprietary data, and for allegedly attempting to obtain $6 million worth in Bitcoin from HBO through extortion by threatening to leak the content.
New York's acting attorney for Manhattan, Joon Kim, said that between 23 and 29 July this year, Mesri was able to hack into multiple HBO employee accounts, gaining access to a trove of data that included unaired episodes of Curb Your Enthusiasm and plot summaries of Game of Thrones.
Having stolen almost 1.5TB of data, Mesri is alleged to have then sent a series of emails to HBO demanding the company initially pay $5.5 million in bitcoins to prevent the content being leaked to the public, which was later increased to $6 million.
Mesri then allegedly began leaking the data on 30 July, including a graphic that depicted the then-unseen primary antagonist of the Game of Thrones series known as the Night King. A number of social media accounts were also created to inform the public of the hack, according to the indictment.
"Mesri now stands charged with federal crimes, and although not arrested today, he will forever have to look over his shoulder until he is made to face justice," said Kim. "For hackers who test our resolve in protecting our intellectual property - even those hiding behind keyboards in countries far away - eventually, winter will come."
Mesri has been described as an Iran-based computer hacker who previously worked on behalf of the Iranian military.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
The charges also indicate that Mesri was at one time part of a hacking group known as Turk Black Hat, from which he defaced hundreds of websites both in the US and elsewhere, under the pseudonym "Skote Vahshat".
HBO has said it will continue to work with law enforcement, although any comments will be left to the US Attorney's Office, according to a statement to the Financial Times.
The FBI has now issued a wanted poster for Mesri, who is thought to be living in Iran.
17/08/2017: Hackers take over HBO social media accounts
HBO's Facebook and Twitter accounts have been taken over by an organisation going by the name OurMine.
The group, which markets itself as a penetration testing organisation specialising in social media security, took over the main HBO accounts as well as others belonging to the network's shows, as reported by the BBC.
The posts read: "Hi, OurMine are here, we are just testing your security, HBO team please contact us to upgrade the security - ourmine .org -> Contact".
The posts were removed quickly afterwards.
OurMine is known for hacking well known people's social media accounts, including those belonging to Mark Zuckerberg and Google CEO Sundar Pichai. On the group's website, it claims to be "an elite hacker group known for many hacks showing vulnerabilities in major systems". Despite this, it defines itself as White Hat, claiming it has no bad intentions and cares only "about the security and privacy of your accounts and network".
A spokesperson for HBO said: "The infringement on social media accounts was recognised and rectified quickly."
IT Pro has contacted OurMine for comment.
Yesterday, HBO Spain accidentally started airing the next episode of Game of Thrones a week early. It appeared on its subscription HBO Go service but was pulled within the hour.
Earlier this week four people were arrested in India on suspicion of having leaked unaired episodes of the show. Three of those arrested work for Prime Focus Technology, a company that processes TV shows to be aired on Hotstar, an Indian streaming site.
It also emerged HBO had been hacked at the start of August and it was believed 1.5 terabytes of data was taken. The hackers leaked unaired GoT episodes, as well as thousands of internal HBO documents. The hackers wanted the company to pay them a large amount of money for the data by a certain date, and HBO reportedly offered $250,000 to the criminals to extend their deadline. This didn't seem to work as the hackers leaked more unaired episodes of some of HBO's other popular shows.
15/08/2017: Four arrested in India after leak of unaired Game of Thrones episode
Police forces in India have arrested four individuals suspected to have leaked an unaired episode of Game of Thrones earlier this month.
Three of those arrested are current employees for Prime Focus Technology, a Mumbai-based company that processes TV shows to be aired on Indian streaming site Hotstar.
The streaming site, whose watermarks feature on the leaked content, lodged a complaint with police agencies following an authorised distribution of the fourth episode of the seventh season of Game of Thrones on 4 August.
The three employees and one former employee are thought to have had access to official credentials, allowing them to steal the episode from the site.
The leaked episode was separate to a hack on HBO's network revealed in July, in which 1.5 terabytes of data was stolen, including internal documents and episodes for some of HBO's most popular shows.
"We investigated the case and have arrested four individuals for unauthorised publication of the fourth episode from season seven,"said police deputy commissioner Akbar Pathan, in a statement to AFP news agency.
He added that the four suspects were being accused of a "criminal breach of trust and computer-related offences", and would be detained until 21 August as part of an ongoing investigation.
14/08/17 HBO 'fails to bribe hackers with $250k'
A new data dump allegedly includes episodes of Curb Your Enthusiasm
HBO reportedly offered $250,000 to criminals who threatened to leak upcoming TV show episodes and storylines online, in what appears to have been a failed attempt to push back a deadline to pay an even larger amount.
"You have the advantage of having surprised us," said an employee of HBO's technical team in an email dated 27 July, seen by Reuters. "In the spirit of professional cooperation, we are asking you to extend your deadline for one week."
The email added that "as a show of good faith", a payment of $250,000 would be sent to a Bitcoin account, although the company said it would need time for the payments to be processed.
The hackers are thought to have stolen 1.5TB of data following a hack on HBO's network, first discovered when an anonymous email from the attackers was sent to reporters on 30 July.
They initially leaked a script from an upcoming Game of Thrones episode, which was immediately followed by a leak of an entire episode and internal HBO documents, including employees' data.
Unfortunately, it appears the company's email was unsuccessful, as the hackers have now reportedly leaked more unaired episodes of some of HBO's most popular shows, although it appears there was nothing related to Game of Thrones this time.
The leak includes episodes for the highly anticipated 'Curb Your Enthusiasm', which returns in October, as well as 'Insecure', 'Ballers' and 'The Deuce'.
HBO, which is owned by Time Warner, said it was "not in communication with the hacker, and we're not going to comment every time a new piece of information is released," in a statement to Reuters.
"The hacker may continue to drop bits and pieces of stolen information in an attempt to generate media attention. That's a game we're not going to participate in," the firm added.
HBO is currently trying to acquire regulatory approval to sell its holdings to AT&T in a deal estimated to be worth $85.4 billion. It is unclear whether the recent data breach will affect the price of that deal.
Picture: Bigstock
03/08/2017: HBO hackers leak unaired GoT episodes, steal employee data
Unaired Game of Thrones episodes, alongside thousands of internal HBO documents, have allegedly been leaked by the hackers who broke into the TV studio's systems earlier this week.
Alongside scripts and text summaries of episodes three and four of Game of Thrones that were already revealed to have been missing, yesterday the hackers made the actual episodes themselves live on a website they created, according to HackRead.
The Game of Thrones episodes accompany leaked episodes from the new season of Ballers, an upcoming unreleased comedy called Barry, and a show titled Insecure, the publication reports.
Meanwhile, Variety said that "thousands" of internal documents have been leaked. It said the security company hired to kill search result links to the leaked files, revealed that the documents were stolen in a DMCA takedown notice it sent to Google in order to get the results removed.
The firm, IP Echelon, also said in the filing that "masses of copyrighted items including documents, images, videos and sound".
"The hackers appear to have also leaked personal information of a senior HBO executive," Variety added, news also carried by HackRead. That data included access to dozens of accounts from newspaper subscriptions to online banking and health services.
It added that screenshots of HBO's internal administration tools, employee names and email addresses as well as their job roles had appeared online.
Panda Security has warned that trying to download such episodes could have a devastating effect, as well as being illegal.
If the criminals are happy enough to steal and then publish sensitive information from HBO, they are probably not averse to adding malware to the torrent site, harming the computers of people who opt to illegally download content, it said.
"Visiting torrent sites could be harmful to your computer and downloading any files from such websites is dangerous," the company said. "Instead of the new season of a hit show, your system may end up getting infected with malicious software."
IT Pro has approached HBO for comment.
Dale Walker is a contributor specializing in cybersecurity, data protection, and IT regulations. He was the former managing editor at ITPro, as well as its sibling sites CloudPro and ChannelPro. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.