US Department of Justice formally sanctioned an Iranian company and nine Iranian nationals for broad, worldwide hacking schemes against government outlets, universities, energy concerns, and private companies. Among the over half dozen hackers named was the alleged perpetrator of the Home Box Office (HBO) compromise and subsequent bitcoin ransom. The wildly popular HBO drama, Game of Thrones, was scooped up in 1.5 terabytes of stolen data, and threatened with pre-season leaks unless demands for millions of dollars in cryptocurrency were met.
Game of Thrones Bitcoin Hacker Named and Shamed in DOJ Iranian Sanctions
By summer of last year, HBO announced it had been hacked. Terabytes of data stolen included closely held unaired episodes of its Emmy-award winning fantasy drama Game of Thrones (GOT). It’s the largest known media hack of its kind, seven times that of the notorious 2014 Sony data compromise. Soon after, partial leaks made their way around, prompting demands towards HBO for upwards of six million dollars in bitcoin or suffer the entire GOT season being distributed online.
In November of 2017, Iranian Behzad Mesri was indicted by US authorities for the GOT affair. Mr. Mesri has been linked directly to the HBO hacks, though his ties to the Iranian government remain loose at best — rumors are he might have been part of the Revolutionary Guard. The indictment accused Mr. Mesri of taking part in the Turk Black Hat Security division of the Iranian military, which had special emphasis on cyber attacking Israel.
Reports at the time said there was little chance he would be turned over to the US, and so the Department of Justice (DOJ) engaged in a name and shame campaign. Mr. Mesri was given his own ”Wanted”-poster, and the lead agent announced in GOT lingo how “Winter has come for Behzad Mesri. He will never be able to travel outside of Iran without fear of being arrested and brought here to face these charges. The memory of American law enforcement is very long.”
The US alleges he was able to steal episodes of many unaired HBO shows, including coveted GOT scripts. He then began teasing the company with clunky messages such as “Hi to all losers! Yes it’s true! HBO is hacked…Beware of heart attacks,” signing them as Skote Vahshat. His demands reportedly included upping a bitcoin ransom from over five and a half million dollars to more than six, and, for emphasis, he began leaking portions of GOT to other media organizations.
Broader US Policy Toward Iran
For its part, HBO insisted, “It has been widely reported that there was a cyber incident at HBO. The hacker may continue to drop bits and pieces of stolen information in an attempt to generate media attention. That’s a game we’re not going to participate in.” Though seen as largely symbolic without Iran’s legal cooperation, the newly announced sanctions carry real world implications for Mr. Mesri, who remains free from US justice officials. Should he decide to travel he risks arrest and immediate extradition to the United States. If he owns anything in the US, all assets will be frozen or confiscated.
Mr. Mesri is caught up in the larger US policy toward Iran, while the current American administration is decidedly more hawkish than in previous years. Supposedly, cyber attacks from Iran have been increasing in intensity since 2013, and included university professors and other state agencies.
HBO has not revealed whether it paid the ransom, but they’ve previously said they were going to offer 250,000 USD as a ”sign of good will”.