renaschild - Fotolia
US authorities have charged Behzad Mesri in connection with the theft of 1.5TB of data from US television network HBO and demanding $6m in ransom.
The self-professed hacking expert, also known as Skote Vahshat, is accused of computer fraud, wire fraud, extortion and identity theft.
There is no extradition treaty between the US and Iran, which means Mesri is unlikely to be sent to the US to stand trial, but acting Manhattan US attorney Joon Kim said Mesri will never be able to travel outside of Iran without fear of being arrested and taken to the US.
“American ingenuity and creativity is to be cultivated and celebrated – not hacked, stolen and held for ransom,” he said in a statement. “For hackers who test our resolve in protecting our intellectual property – even those hiding behind keyboards in countries far away – eventually, winter will come.”
According to the indictment, Mesri has worked for the Iranian militray to conduct computer network attacks against Israel, and as a member of Iran-based hacking group Turk Black Hat Security, carried out defacements of websites in the US and other countries around the world.
Mesri is believed to have obtained unauthorised access to HBO’s computer systems around May 2017, and compromised multiple HBO user accounts to steal confidential and proprietary information.
The stolen data is said to have included video files of unaired episodes of five TV shows, scripts of unaired episodes of Game of Thrones and other shows, emails belonging to at least one HBO employee, financial documents, and online credentials to access HBO social media accounts.
Read more about cyber extortion
- Cyber extortion is a growing threat to companies around the world, but the extent of the practice is largely hidden because many firms just pay up and keep quiet, say security experts.
- The 2014 Sony Pictures hack highlights the importance of responding appropriately to email extortion.
- Cyber extortion gang DD4BC is using social media campaigns to garner more attention for its ability to create service disruptions by publicly embarrassing large organisations.
In late July 2017, Mesri is believed to have started the extortion phase of his attack by sending emails to various HBO employees, claiming he had stolen 1.5Tb of data and providing evidence that he had accessed proprietary data.
In a follow up email, Mesri threatened to release the stolen data and TV content unless HBO paid a ransom of $5.5m worth of bitcoin. When HBO refused to pay the ransom, Mesri also threatened to destroy data on HBO servers.
Cyber crime investigators say extortion is emerging as a popular way of making money among cyber criminals, and the past few years have seen a steady increase of the practice.
Cyber extortion includes demanding money in return for stolen data like the HBO case, threatening to carry out denial of service (DoS) attacks if ransom is not paid, or encrypting data using malware known as ransomware and demanding payment for the decryption key.
Although some data was leaked, the indictment does not indicate any of the other threats were carried out, nor does it say whether any ransom was paid. However, at the time the hack became public, HBO issued a statement indicating it did not intend to pay the hackers.
“We are not in communication with the hacker and we’re not going to comment every time a new piece of information is released,” the company said. “The hacker may continue to drop bits and pieces of stolen information in an attempt to generate media attention. That’s a game we’re not going to participate in.”