Iranian Accused Of Hacking HBO -- WSJ

Suspect allegedly stole scripts and threatened to leak them unless company paid a ransom

This article is being republished as part of our daily reproduction of articles that also appeared in the U.S. print edition of The Wall Street Journal (November 22, 2017).

Federal prosecutors unsealed charges Tuesday against a hacker linked to Iran's military, accusing him of hacking into HBO's computer network, stealing unreleased scripts of "Game of Thrones" and then threatening to leak them publicly unless HBO paid a multimillion-dollar ransom.

Behzad Mesri, who is believed to be in Iran and hasn't been arrested, was charged by the Manhattan U.S. attorney's office on seven counts, including computer fraud, wire fraud and aggravated identity theft.

The government said Mr. Mesri, 29 years old, is a computer hacker in Iran who has worked on behalf of the Iranian military to target Israeli infrastructure and nuclear software systems. He has allegedly operated under an online hacker pseudonym of "Skote Vahshat."

A lawyer for Mr. Mesri couldn't immediately be identified.

Joon Kim, the acting Manhattan U.S. attorney, said at a news conference that Mr. Mesri applied the skills he learned with the Iranian military to extort HBO for personal profit.

"Today's charges make clear that nation-states like Iran routinely employ alleged criminals [and] mercenaries like Mesri to conduct network attacks in America and elsewhere," Mr. Kim said.

Mr. Kim said the government decided this was the right time to publicize charges against Mr. Mesri, after assessing whether there was a realistic chance of luring him outside of Iran to make an arrest.

Since at least May, Mr. Mesri began monitoring the online activities of HBO employees, looking for vulnerabilities in the company's network, according to prosecutors.

Over the next couple months, Mr. Mesri compromised user accounts that belonged to HBO employees and used them repeatedly to gain unauthorized access and steal proprietary information from the company, the indictment said.

Mr. Mesri allegedly stole scripts and plot summaries for unaired episodes of the HBO's series "Game of Thrones," as well as video files with unaired episodes of such shows as "Ballers" and "Curb Your Enthusiasm."

He also stole financial documents, credentials for HBO's social-media accounts and the emails of at least one HBO employee, the indictment said.

On July 23, an anonymous email was sent to HBO employees that included the following message: "Hi to All losers! Yes it's true! HBO is hacked!" The email allegedly provided evidence that the hacker had successfully stolen proprietary data from HBO, a unit of Time Warner Inc.

Another email later that day included a threat to publicly release the stolen data, including unaired TV episodes and scripts, unless HBO paid a ransom of approximately $5.5 million worth of bitcoin. The email concluded with an image of the Night King, a character from "Game of Thrones," and said: "Good luck to HBO."

In the coming days, emails from the anonymous hacker to HBO personnel raised the ransom to approximately $6 million worth of bitcoin, threatened to destroy data on HBO's servers and provided a deadline of July 29 for HBO to begin making ransom payments if it wanted to prevent the public disclosure of stolen data.

On July 30, Mr. Mesri began leaking some stolen materials over the internet, prosecutors said, suggesting that HBO didn't pay the ransom. To promote the disclosures, Mr. Mesri allegedly contacted members of the media and created a Twitter account to announce the leaks.

A spokesman for HBO said Tuesday that the company has been "working with law enforcement from the early stages of the cyber incident."

In recent years, hackers have increasingly used cyber extortion -- or stealing corporate secrets and threatening to publicize them if the victims don't pay a ransom -- as a way to make money, with Hollywood studios as particularly attractive targets, experts say.

For entertainment companies, it isn't credit-card numbers at stake in a data breach but intellectual property and loss of business if spoilers of upcoming movies and TV shows are released early.

There is also the potential for damaging correspondence to become public. The hack at HBO happened almost three years after a high-profile breach at Sony Corp., which unleashed a trove of emails that embarrassed top executives.

During the cyber siege this summer, HBO worked with investigators and law-enforcement agencies and alerted "Game of Thrones" cast members, some of whom had their personal information exposed. The company also took down the website and digital locker used by the hacker to distribute show materials after sending takedown notices to internet-service providers, The Wall Street Journal previously reported.

The hack and its fallout has been a headache as HBO's parent company, Time Warner, tries to complete its sale to AT&T Inc. On Monday, the Justice Department filed a lawsuit to attempt to block the $85 billion deal, a move which the companies have vowed to fight in court.

HBO is a growth engine for Time Warner, generating $4.65 billion in revenue in the first nine months of the year, about 21% of the company's total revenue.

Write to Nicole Hong at

(END) Dow Jones Newswires

November 22, 2017 02:47 ET (07:47 GMT)