DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Iranian charged in HBO hack and extortion attempt

Posted on November 21, 2017 by Dissent

Earlier today, the Department of Justice announced charges against Behzad Mesri, a/k/a “Skote Vashat,” for allegedly hacking and attempting to extort HBO. I had covered the HBO hack and extortion attempt on this site over the summer, as this site was one of a few media outlets with whom the hacker(s) shared leaked data.

According to the indictment filed in the Southern District of New York, where HBO is headquartered, Mesri is an Iranian with an alleged history of hacking for the Iranian military and for the Turk Black Hat Security team. The latter had a web site that is no longer available but is archived in archive.org.

You can read the criminal indictment here. Of note, although Mesri has been charged, he is not yet arrested, it seems, and it is not clear exactly where he might be. The FBI has issued a wanted poster concerning him. Why the government unsealed the November 8 indictment now when Mesri hasn’t been arrested is unclear, but may be politically motivated if the government intends to argue that Mesri was hacking on behalf of the Iranian government. There is no evidence provided with the indictment that would speak to that possibility.

Behzad Mesri

As “Skote Vashat,” Mesri had a fairly extensive history of identifying and disclosing vulnerabilities in sites (cf, his contributions on Packet Storm and Exploit Database. He was also an active defacer from 2009 – 2013. A simple search returns numerous hits showing his defacements and several email addresses. He does not appear to be a hacker who was trying to be a ghost or to hide himself.

In 2015, he opened a Twitter account, but never tweeted from it.

So … would Mesri, by himself, have hacked HBO and attempted to extort $6 million? The indictment doesn’t refer to any other co-conspirators, but the extortion demands and communications used “we” and not “I,” suggesting that Mesri was not the sole attacker or party involved in the attack and extortion attempt. Or perhaps that was intentional misinformation or misdirection.

Something does not feel quite right about this story… at least not yet. If “Kind Mr. Smith” is still around and reads this post, I’ve got a few questions I’d love to ask him. But then, I imagine the DOJ also has questions for him.


Related:

  • Government will 'robustly defend' compensation claims from Afghans put at risk by data breach
  • Authorities released free decryptor for Phobos and 8base ransomware
  • Singapore Facing ‘Serious’ Cyberattack by Espionage Group With Alleged China Ties
  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
Category: Business SectorHack

Post navigation

← Sacramento Regional Transit Systems Hit By Hacker
Uber Concealed Cyberattack That Exposed 57 Million People’s Data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Bitcoin holds steady as hackers drain over $40 million from CoinCDX, India’s top exchange
  • Government will ‘robustly defend’ compensation claims from Afghans put at risk by data breach
  • Authorities released free decryptor for Phobos and 8base ransomware
  • Singapore Facing ‘Serious’ Cyberattack by Espionage Group With Alleged China Ties
  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea’s largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • 𝐔𝐠𝐚𝐧𝐝𝐚 𝐨𝐫𝐝𝐞𝐫𝐬 𝐆𝐨𝐨𝐠𝐥𝐞 𝐭𝐨 𝐫𝐞𝐠𝐢𝐬𝐭𝐞𝐫 𝐚𝐬 𝐚 𝐝𝐚𝐭𝐚‑𝐜𝐨𝐧𝐭𝐫𝐨𝐥𝐥𝐞𝐫 𝐰𝐢𝐭𝐡𝐢𝐧 𝟑𝟎 𝐝𝐚𝐲𝐬 𝐚𝐟𝐭𝐞𝐫 𝐥𝐚𝐧𝐝𝐦𝐚𝐫𝐤 𝐩𝐫𝐢𝐯𝐚𝐜𝐲 𝐫𝐮𝐥𝐢𝐧𝐠.
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access
  • Texas Enacts Electronic Health Record Data Localization Law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.