Iranian hacker Behzad Mesri, also known as “Skote Vashat” or “Mr. Smith” to his victims, has been charged by the US Department of Justice with computer fraud, wire fraud, identity theft, and using a computer for extortion. Mesri is accused of stealing an extensive amount of data from HBO, totaling around 1.5 terabytes, and demanding $6 million in Bitcoin from the entertainment company as he threatened it with damaging data dumps.
Mesri followed through on his dumping threats when he released draft scripts for unaired episodes of Game of Thrones; full unaired episodes of shows including Ballers, Curb Your Enthusiasm, and The Deuce; emails, contracts, and even cast and crew contact lists with actors’ personal phone numbers.
The Iranian hacker has a history of working on behalf of the Iranian military to hack other countries’ military systems, nuclear software systems, and Israeli infrastructure. Mesri has also defaced hundreds of American websites, but his hacks with HBO involved more advanced reconnaissance activities in May when he compromised HBO staffer accounts to gain deep access to the company’s network. But while Mesri’s ransomware successfully stole data, he also successfully imprisoned himself in his own country.
The hacker faces a warrant out for his arrest and is “considered an international flight risk” by the FBI. This means if he is ever caught outside of Iran and convicted, the Iranian national “faces a maximum sentence of 20 years in prison for wire fraud; up to five years for each of the four charges related to computer fraud; a two-year mandatory sentence for aggravated identity theft; and up to two years in prison for the extortion charge.”
The United States has no extradition treaty with Iran so the FBI is unable to arrest him as long he remains in Iran, but law enforcement is so far satisfied that they have sent a message to deter other hackers.