Alleged 'Game of Thrones' hacker hit with charges in US

The man, who allegedly went after HBO with a $6 million ransom this summer, has worked for the Iranian military and a hacking group, according to the US.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
3 min read
Enlarge Image

The DOJ announced charges against a man who allegedly leaked HBO episodes during the summer. 

Aaron Robinson/ CNET

A federal grand jury has charged a man accused of ruining HBO's summer.

In July, a hacker leaked a script for an upcoming episode of popular HBO series "Game of Thrones," as well as unreleased episodes of "Curb Your Enthusiasm," "Ballers" and "The Deuce." The alleged hacker, who the FBI identified as Behzad Mesri of Iran, demanded $6 million in bitcoin from HBO and threatened to release more sensitive content if the media company refused to pay up, according to an indictment unsealed Tuesday. The indictment came from a grand jury for the US District Court for the Southern District for New York.

"Winter has come for Bezhad Mesri," Joon Kim, the acting US attorney for the Southern District of New York, said during a press conference on Tuesday. "He will forever be looking over his shoulder. And if he isn't, he should be."

HBO declined to comment on the charges but said it has been working with law enforcement since the early stages of the cyberattack. "As far as the criminal case is concerned, we prefer to leave any comments to the US Attorney's Office," said an HBO spokesman.

Mesri, also known as "Skote Vahshat," is a highly skilled hacker who has worked for the Iranian military, attacking nuclear software, Israeli infrastructure and rival armies, according to the indictment. He has also been a member of the Turk Black Hat Security team, a hacking group based out of Iran that vandalized hundreds of websites around the world, the indictment states.

Enlarge Image

A photo of Behzad Mesri uploaded on the FBI's most wanted list.


Kim described Mesri as an "experienced and sophisticated hacker," who had been "wreaking havoc on computer systems around the world for some time." 

Mesri allegedly used his skills to stake out HBO employees starting in May and was able to hack several staffers who had remote access to the network's servers, according to the court document. From there, Mesri was allegedly free to loot HBO's treasure trove of videos, scripts and personal information.

On July 23, Mesri allegedly sent an anonymous email to HBO, stating: "Hi to All losers! Yes it's true! HBO is hacked! … Beware of heart attack!!!"

In the threat, Mesri claimed to have 1.5 terabytes of HBO's data and demanded $5.5 million in bitcoin. He also taunted the network with images, including a photo of the Night King from "Game of Thrones" with the message "Good luck to HBO," according to the indictment.

Three days later, Mesri allegedly bumped the ransom up to $6 million in bitcoin. In communications with HBO, Mesri used the name "Little Finger," a reference to a "Game of Thrones" character known for being devious and cunning.

Despite the leaked script, the "Game of Thrones" episode was the most-watched one at the time. Mesri, like the international hackers behind the breach of Yahoo's 500 million accounts, hasn't been arrested and is not in the United States. Officials said he was in Iran, but would have to worry about traveling outside the country for the rest of his life. 

The charges against hackers outside the US serve more as a symbolic measure for the Justice Department, sending a message that there will be consequences for cyberattacks. 

"Cybercriminals should know that they are not safe behind the anonymity of a computer screen, even if they are a world away," Kim said. 

Mesri is now on the FBI's most wanted list. He's been charged with accessing a computer without authorization, wire fraud, computer fraud, identity theft and extortion.   

In August, four people were arrested for a "Game of Thrones" leak in India, but they aren't connected with Mesri's alleged attack.

First published Nov. 21 7:18 am PT.
Update, 8 a.m. PT: Adds comment from HBO.
Update, 11:13 a.m. PT: Adds comments from the US attorney Joon Kim.
Correction, Nov. 22 at 7:04 a.m. PT: Fixes spelling of Mesri's given name.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

It's ComplicatedThis is dating in the age of apps. Having fun yet?