Federal authorities have charged an Iranian who has ties to his country's military with hacking into HBO's computer system, stealing unaired episodes of hit shows and demanding millions in Bitcoin as ransom.
Behzad Mesri is a member of the Turk Black Hat Security hacking team and has worked for the Iranian military on computer attacks against Israel, according to an indictment filed Tuesday in U.S. District Court in Manhattan.
The court papers do not accuse Mesri of working on behalf of the Iranian government when he allegedly infiltrated HBO's networks. The indictment, however, appears to be part of a "name and shame" strategy the U.S. has used in the past to quell interference by foreign hackers it doesn't expect to be turned over.
Acting U.S. Attorney Joon Kim said there will be "real consequences" for Mesri, whose face has now been put on FBI "Wanted" posters.
"Winter has come for Behzad Mesri."
"He will never be able to travel outside of Iran without fear of being arrested and brought here to face these charges," Kim said. "The memory of American law enforcement is very long."
According to the indictment, Mesri launched a campaign this past May to gain access to HBO's servers through employee user accounts — and succeeded, even though the entertainment giant has sophisticated computer defenses.
From halfway across the world, he was able to get his hands on new episodes of shows, including "Ballers," "Room 104" and "Curb Your Enthusiasm," as well as scripts for "Game of Thrones."
In July, he began sending taunting emails to HBO executives, using "Game of Thrones" imagery and slogans, prosecutors said.
"Hi to all losers!" one said. "Yes it's true! HBO is hacked...Beware of heart attacks."
Mesri, who uses the online handle Skote Vahshat, said he would release the material and destroy data unless he was paid $5.5 million in Bitcoin currency, the indictment charges.
He later upped the asking price to $6 million. Soon after, he began leaking portions of the cache over the internet and to media outlets.
Kim declined to say if HBO had offered or paid any ransom to its tormentor. In a statement in late August, HBO said that the network was not communicating with the hacker.
"It has been widely reported that there was a cyber incident at HBO. The hacker may continue to drop bits and pieces of stolen information in an attempt to generate media attention. That's a game we're not going to participate in," the company said in a statement.
Although the indictment doesn't allege Iran orchestrated the attack, Kim pointedly noted that Mesri honed his skills while working for the government in Tehran.
He pointed to the 2016 indictment of seven Iranians, some with links to the Islamic Revolutionary Guard, who had targeted U.S. financial institutions with costly distributed denial of service attacks that clog up a victim's servers.
Kim denied that the timing of the charges against Mesri was part of a coordinated Justice Department effort to ratchet up pressure on lawmakers to stiffen sanctions against Iran. Kim said the decision was made to go public after a determination that the FBI was unlikely to be able to lure Mesri to a place where he could be arrested.
Even though the accused hacker remains free in his homeland, Kim said the indictment would still send a message to him and his cohorts.
Borrowing an ominous catchphrase from "Game of Thrones," the prosecutor said: "Winter has come for Behzad Mesri."