In August, Game of Thrones fans were treated to a number of insider secrets about the latest season of the popular show. The secret details were released to the internet after a number of high profile cyberattacks on the US cable channel HBO. The famous US TV broadcaster’s secrets were revealed after it refused to pay a ransom of $6 million.
Now, US attorneys have charged an Iranian hacker called Behzad Mesri with perpetrating the cyberattack. The authorities have formally charged Mesri with “computer fraud, wire fraud, extortion, and identity theft.” The news came via a press conference in Manhattan, New York, where an attorney working on behalf of the prosecution revealed the identity of the “most wanted” hacker.
According to the US attorney, Joon Kim, Mesri is currently located in Iran. For political reasons, this makes it impossible for the hacker to be extradited to the US to face trial. However, the attorney has made it clear that the Iranian hacker will not easily be able to leave Iran:
"For the rest of his life - and he's a relatively young man in his late 20s - he will never be able to travel outside Iran without fear of being arrested and brought here."
Due to the political situation, the Iranian hacker has been added to the FBI’s most wanted list - where he will remain until he is successfully arrested. According to US authorities, Mesri was also involved in defacing US websites and penetrating military targets - including the Israeli military. Commenting on the skill level of the accused Iranian hacker, Kim said that he was,
“An experienced and sophisticated hacker who has been wreaking havoc on computer systems around the world for some time."
The HBO Hack
According to prosecutors, the cybercriminal started targeting HBO systems in May 2017. Phishing techniques are believed to have been used to fool HBO employees into clicking on infected links. This allowed the Iranian hacker to infect HBO computers with malware, which he used to gain deeper access to its network.
From inside HBO’s systems, the Iranian hacker made off with a whopping seven times more data than was stolen from Sony by the “Guardians of Peace” hackers in 2014. Among the booty were multiple unaired episodes of Ballers, Curb Your Enthusiasm, The Deuce, and Room 104. In total, 1.5 terabytes of data was stolen from HBO’s network.
HBO refused to acquiesce to the hacker's demands for ransom. As such, the Iranian hacker started leaking the previously mentioned un-aired episodes. Presumably, the hacker hoped that HBO would recognize his demands, for fear that he might also leak the higher profile Game of Thrones scripts. (Up until that point, HBO had denied that a hacker had penetrated it.)
According to US prosecutors, the 29-year-old hacker, who is also known as “Skote Vahshat,” has previously been involved with an Iranian hacking collective called “Turk Black Hat Security Team.” Working with that group, Mesri allegedly helped to deface “hundreds of websites” based in the US and around the world.
Turk Black Hat is one of many Iranian hacking groups which are believed to have become highly sophisticated. Although most of those hacking groups work independently (as was the case with the HBO hack), it is said that many Iranian hackers also receive state backing at times.
In fact, it is believed that many of the 120,000 hacking personnel recruited by the Iranian Revolutionary Guard Corps (IRGC) come from hacking groups such as Kheshtak Security Team, Ashiyane, Black Hat Group, Black Hackers, Turk Black Hat, Danger Team, IDC Team, and Irsecteam.
For now, it would appear that the Iranian hacker can sleep soundly. The US attorney for the prosecution was quick to remind those present at the news conference that “the memory of American law enforcement is very long." However, despite Kim’s claims, it would appear that Mesri will be able to continue hacking away at US targets. The current political situation between the US and Iran means that Iranian hackers have a free pass to hack Western targets.
What’s more, yesterday’s Uber hack revelations prove that some firms do indeed decide to pay cybercriminals' ransom demands. As such, it would appear that as long as Mesri is content living in Iran, he is free to pursue a life of cybercrime.
Opinions are the writer's own.
Title image credit: Katherine Welles/Shutterstock.com
Image credits: Aleksandar Malivuk/Shutterstock.com, New vision/Shutterstock.com