The Justice Department on Tuesday charged a part-time Iranian government hacker with infiltrating HBO and trying to extort the company, a move that comes amid allegations the charges were rushed to bolster President Donald Trump’s case against Tehran.
The man, Behzad Mesri, is charged with orchestrating the high-profile hack of the premium cable channel earlier this year, which led to a standoff over a demanded ransom payment and the leak of unaired episodes of HBO’s biggest shows, including “Game of Thrones.”
Speaking at a press conference, Joon Kim, the acting U.S. attorney for the Southern District of New York, called Mesri “an experienced and sophisticated hacker who has been wreaking havoc on computer systems around the world for some time.”
The charges are the latest in a string of geopolitically loaded indictments of hackers linked to foreign governments including China, Iran and Russia, a once unprecedented move that has become increasingly common in recent years.
But Tuesday’s indictment comes just days after The Washington Post reported that Trump administration officials were pressuring DOJ prosecutors to announce more cases against Iranian hackers, giving it added diplomatic significance.
According to prosecutors, Mesri used stolen login credentials to access HBO’s network, stole material including TV episodes and demanded the company pay $6 million in the digital currency bitcoin.
A grand jury in the Southern District of New York charged Mesri with seven counts, including wire fraud, unauthorized access to a protected computer and threatening to damage a protected computer.
In addition to the HBO infiltration, Mesri also allegedly conducted cyberattacks on behalf of the Iranian military, targeting “military systems, nuclear software systems and Israeli infrastructure.”
Mesri, Kim said, “applied those skills that he learned against HBO for personal profit.”
Additionally, prosecutors say Mesri defaced websites in the U.S. and other countries as part of an Iranian criminal hacking group, Turk Black Hat Security.
According to the Post’s report, DOJ officials were pressured to announce more cases against these types of Iranian hackers, a move some found suspect after the president in October refused to certify Tehran’s compliance with the deal the country struck in 2015 with the United States and five other world powers to restrain its nuclear program in exchange for reduced economic sanctions.
Trump’s move gave Congress 60 days to consider moving a bill to reimpose sanctions on Iran, which would violate the agreement.
Cyber experts are concerned Iran will refocus its hacker army on the U.S. if the Trump administration and Congress abandon the deal.
Trump officials have “caused internal alarm” with their efforts to make Iranian hacking cases public, according to the Post story. Several sources told the publication that “a series of criminal cases could increase pressure on lawmakers” to reimpose sanctions on Tehran.
Observers quickly noted the indictment was thin on evidence and included the unredacted name of the grand jury foreperson, suggesting the document had been rushed. “Not a serious criminal indictment but a badly executed press release,” tweeted independent national security journalist Marcy Wheeler.
But Kim vowed Tuesday’s charges “will not be the last time we charge cyber offenses against hackers with ties to the Iranian government.”
According to the indictment unsealed on Tuesday, Mesri stole multiple HBO employee user accounts and repeatedly accessed the company’s servers to steal unaired episodes of shows like “Ballers,” “Curb Your Enthusiasm” and “The Deuce.” He also stole scripts for the hit series “Game of Thrones,” contact information for HBO series’ cast and crew, corporate financial documents and login credentials for HBO’s social media accounts.
In late July, Mesri began contacting HBO employees to inform them of his theft and demand ransom payment in exchange for not releasing the data. He said he had taken a huge trove of data — approximately 1.5 terabytes — and provided proof of his claim.
“HBO was on[e] of our difficult targets to deal with but we succeeded,” he wrote in one July 23 email, according to the indictment.
Mesri initially demanded HBO pay him $5.5 million in the hard-to-trace digital currency bitcoin, but he later upped his demand to $6 million. He also added a new threat: If HBO didn’t pay up, he would destroy data on the company’s networks.
It’s unknown if HBO paid its hackers any money, but the stolen HBO files began leaking on July 30.
The United States has previously charged other nations’ hackers in similar cases.
In March, DOJ charged four men, including two Russian intelligence officers, for hacking Yahoo and stealing information on 500 million users. During the Obama administration, the U.S. charged five Chinese military officers for hacking American corporations to steal trade secrets and seven Iranian men for crippling bank websites with barrages of traffic, as well as infiltrating an upstate New York dam.
The U.S. also blamed North Korea for a bruising hack on movie studio Sony Pictures — the first in a string of headline-grabbing hacks targeting entertainment firms — but chose to impose sanctions on the country instead of charging specific hackers.
Indicting foreign government hackers is often viewed more as a tool of deterrence and diplomacy than an attempt to bring the digital assailants to justice, since their governments will never extradite them to face charges.
Instead, the U.S. uses the charges as part of its burgeoning “name-and-shame” strategy of charging foreign nationals, hoping the ensuing travel and financial restrictions will deter others from following in their footsteps.
“Because Mesri is in Iran, we are unfortunately unable to arrest him today,” Kim conceded on Tuesday. “But Mesri should know, and all other cyber criminals and would-be cyber criminals should know, that they are not safe behind the anonymity of their computer screens even if they are a world away.”
He added: “In the game of thrones, ‘Winter is Coming’ is the motto of the House of Stark. … Well today, winter has come for Behzad Mesri.”