Good afternoon. My name is Joon Kim. I'm the Acting United States Attorney for the
Southern District of New York. This summer, just
as the much anticipated 7th season
of Game of Throne was getting underway, HBO
found itself in a scary predicament,
one that unfortunately too many of our businesses, and
institutions have found themselves in;
HBO had become a victim of a malicious cyber attack.
A hacker had infiltrated its networks,
getting past the sophisticated defenses that HBO had in place,
and then had stolen massive quantities
of confidential information, and proprietary data.
Through anonymous emails, the hacker made his intentions clear,
demanding ransom of upwards of 6 million
dollars in Bitcoins. If HBO did not pay up,
he threatened to release stolen scripts,
plot summaries, and unedited episodes of HBO -
popular HBO shows. That was July and August.
Today, less than 4 months after that attack,
thanks to the tremendous work of the FBI
and the cyber prosecutors in our Office, we are here to announce
criminal charges against the alleged hacker;
and that is, uh, Bezhad Mesri - the man depicted
on this F - FBI wanted poster released today.
Mesri allegedly orchestrated his hacking
and extortion scheme from halfway around the world from Iran.
Mesri is an Iranian national, and as alleged,
is an experienced and sophisticated hacker who has been wreaking
havoc in computer systems around the world for some time.
Using the online hacker hand -
hacker handle 'Skote Vahshat', Mesri operated as part
of an Iranian hacking team, and he also allegedly conducted
attacks for the Iranian military, including
on other military systems, nuclear software systems,
and Israeli infrastructure. Mesri conducted
his attacks on HBO in a methodical way. First,
he conducted online recusance of HBO's networks
in the months leading up to July. Then, after
several attempts, he successfully compromised a number
of HBO employees' accounts, and used those accounts to gain access
to the system as a whole. Then, Mesri used his unauthorized
access over the course of several months to steal
confidential information, and proprietary data, ultimately transferring
it to a network - uh, to a server under his control
Mesri allegedly stole all types of secret information
that would be damaging to HBO if it were to be released.
He stole and scripts and plot summaries for unaired shows,
including the immensely popular Game of Thrones.
He stole videos of real, but yet unaired, episodes
of other original HBO programming, including: Curb Your Enthusiasm,
Ballers, and Barry - a new show
starring Bill Hader set to air next year. And he
also stole emails and financial data, and documents from HBO,
as well. After stealing all this proprietary data,
Mesri moved to the extortion phase of his scheme. He first
sent emails to HBO executives and email - and employees,
announcing the hack, and theft of data. As he put in in an email
on July 23rd, "I have the honor to inform you
that we've successfully breached into your huge network
in a complicated cyber operation, and we've obtained most
valuable information." He allegedly claimed that he obtained
1.5 terabytes of data. Acknowledging
his history in hacking, and crediting the quality of HBO's network
defenses, Mesri stated in another email, "HBO
was one of our difficult targets to deal with." Mesri
moved on with a ransom deman, as I said earlier. First,
5.5 million dollars, subsequently increased to 6 million
in Bitcoins. If HBO did not make these payments,
Mesri threatened he would release the scripts and video files
of unaired HBO shows, and also threatened to destroy important data
on HBO servers. Showing a flair for the dramatic,
Mesri included in his emails iconic imagery from
the Game of Thrones. For example, he doctored
image - an image of the Night King character from the show in one of his emails,
and then after eventually posting some of the stolen videos
and data online, he added his own twist to the Game of Thrones
catchphrase. He posted online, an image of the Night King with the
phrase, "Winter is coming", and added his own ominous threat,
"HBO is falling." And these two - uh,
this visual shows the images
The first, he emailed - uh, allegedly emailed to HBO,
uh, with the Night King, and then this is, um,
the, the screen shot that he posted online
uh, when he leaked, um, the data, which says, "Winter is coming"
on this corner. On this corner, he has "HBO is falling."
Because Mesri is in Iran, we are
unfortunately unable to arrest him today. But Mesri
should know - and all other cyber criminals, and would-be cyber criminals
should know - that they're not safe behind
the anonymity of - anonymity of their computer screens, even if they're a world away.
If you hack our people, our companies, our
institutions, we will work relentlessly and creatively,
applying all the tools available to us to identify you,
find you, and charge you. And at some point - and it may not be right away -
we will arrest you, and bring you to justice.
While Mesri remains at large, there will be some real consequences
for him for the rest of his life, and he's a relatively young man
in his late 20s. He will be never be able to travel
outside of Iran without fear of being arrested, and brought
here to face these charges. Now let me be clear
to him and to the others. The memory of the American law enforcement
is very long. With the public announcement today,
we also want to deliver 2 other important messages to the public
generally. First, this is a reminder that
our country, and our businesses, remain prime targets of hackers
around the world. And today's charges make clear that nation
states like Iran routinely employ led
criminals - mercenaries like Mesri - to conduct network attacks
- network attacks in America, and elsewhere.
As alleged in the indictment, Mesri had engaged in cyber crime on behalf
of the Iranian military. And in this instance, he applied those
skills that he learned against HBO for personal profit.
It's worth noting that this is not the first time that our Office
working with the FBI, have called out the Iranian government for
hiring these kinds of alleged criminals as hackers.
Last, last March in a case called U.S. v. Ahmed
Fathi, we indicted 7 men working for
Iran's Islamic Revolutionary Guard with conducting DDos -
or distributed denial of services - attacks
on dozens of American financial institutions, and for hacking into the control systems
of a dam in Rye, New York; the Bowman Dam.
And unfortunately, I suspect that this will not be the last
time we charge cyber offences against hackers with ties
to the Iranian government. The second message
is that these charges serve as a general reminder of the constant threat
of cyber crime we all face every day now.
individuals and institutions alike. No matter how vigilant we are,
and no matter how up to date we keep our network
security systems, persistent and skilled hackers
can find a way in. As Mesri himself admitted,
he found it difficult to penetrate HBO's systems,
but he ultimately did. So the message for private businesses
is this; when things go wrong, despite all your efforts to protect your systems,
the Government is here to help. We can help you secure your networks
in the midst, or immediately following a hack. We can
work together to investigate and take actions against cyber criminals,
and stop them from further damage to you, and to others. This public -
private partnership is absolutely critical to combatting
the ever growing cyber threat that is all around us. And in that regard,
I specifically want to thank and commend HBO for their prompt and
proactive cooperation with law enforcement. Their cooperation allowed us
together with the FBI to not only mitigate the damages,
but also to help bring the charges that we announce today.
To go from a cyber intrusion of this type, to criminal charges
against an Iranian hacker in less than 4 months, is an impressive feat
of law enforcement. It is only possible because of the expertise
and the commitment of the FBI, represented here today
by Bill Sweeny, Assistant Director in Charge of the New York Field Office, and Ari Mehairas,
Special Agent in Charge of New York's Cyber Division.
Specifically, I want to thank and recognize Special Agents Daniel
Degulio, Mark Sherano, and Andrew Smulligan, as well as
their Supervisor, Wolf Mulger, for their excellent investigative work.
Of course, I want to thank and acknowledge the great prosecutors, uh, in my Office -
uh, some of them are standing over there, uh, on the other side of the
visuals - Tim Howard, Rich Cooper, and Jonathan Cohen,
as well as their Supervisors - as well as the Supervisors of the Complex Fraud
and Cyber Unit: Tim Howard being one of them, and Michael Ferrara, the other.
In the Game of Thrones, "Winter is coming" is
the motto of the House of Stark - the rulers of the North.
As you see in the indictment, Mesri allegedly uses
phrase to frighten HBO into meeting his extortion demands.
Well today, winter has come
for Bezhad Mesri. As of today, he stands charged publically
with Federal crimes in New York. As of today, he's a fugitive of justice.
As of today, his name and picture will go up on FBI's
most wanted list. He will forever be looking over his shoulder.
And if he isn't, he should be. These charges will follow him
wherever he goes until he's been caught and brought to justice.
American ingenuity and creativity is to be cultivated
and celebrated, not hacked, stolen, and held ransom.
Hackers who test our resolve in protecting our intellectual property
may think they are safe behind the anonymity of a screen name and a keyboard
in a country far away, but even for them, eventually
winter will come. Now I'm gonna hand - uh,
turn the podium over to Bill Sweeny.
(Bill) Thank you Joon, and good afternoon everybody.
Earlier this year, Bezhad Mesri, as alleged,
unleashed a cyber attack and extortion campaign against HBO,
attempting to shake them down for upwards of 6 million dollars.
As alleged, Mesri identified access, access points to
HBO's network, used unauthorized account information to gain virtual
entry into their server and steal intellectual property,
released some of the stolen information via the internet, and promoted his efforts via
the media, and via Twitter. In the simplest of terms,
he lurked in the alleyways of the internet, identified the vulnerabilities
of the victims, and pickpocketed their information from thousands
of miles away. After he had successfully identified
proprietary assets, he held their future for ransom.
The sad reality is, it could just as easily happened to one of us.
Whenever a player can use sensitive information for their own gain,
any one person or company can be a target. From our vantage point
at the FBI, we've recently seen an increase in hacking for extortion
cases across multiple industries.
Unhindered by national borders, perhaps sometimes emboldened by the
thought they can hide behind them, cyber criminals are uniquely
situated to win, while many of their targets are unwittingly set up to
lose. This needs to change. We put a great
deal of time and effort into securing the indictment today, as our overall goal
is to diminish the threat, and send messages that will change behavior.
We are looking to impose costs wherever we can.
That means, we will look to publically identify operators like this, with indictments.
We will seek civil actions to seize their computers,
and we will pursue sanctions with the Treasury Department. We will
also work with our Federal private sector, and global intelligent partners
as well, to obtain justice, and to use those
same national borders against you. While an individual indicted for
this type of behavior may not immediately appear in a U.S. courtroom,
other things are about to change. The ability to freely move
from country to country may be one of them. And to paraphrase one
of Mr. Mesri's emails, 'Good luck.' We have cyber
agents embedded with out international counterparts, in strategic locations worldwide,
helping to build relationships, and coordinate these
investigations. We have legal attachés, special agents
in more than 80 countries worldwide, covering 200 others around
the globe, including 20 special agents who are assigned specifically
to cyber issues. A decade or so ago, we
protected our personal information in a significantly different way.
We now live in a world where our entire lives play out online, making it increasingly
more difficult to safeguard our personal and corporate data.
We believe we can solve this problem if we work together to stay ahead of the cyber threat,
and adapt to the changing technologies. Today we believe is another
example of a step forward in that direction. Many thanks
as always to our partners here at the Southern District - to Joon, and your team:
to Chiefs Tim Howard, Michael Ferrara, AUSAs Rich Cooper,
Jonathan Cohen, and Heather Alpeno from (unintelligible).
And last but not least, I want to extend my congratulations to our investigative team
here in the Cyber Division, led by Special Agent in Charge Ari Mehairus,
and Assistant Special Agent in Charge, Rich Jacobs. Your work, and your teams, has been
absolutely professional. Thank you very much.
(Joon) Thanks Bill. I'll take some questions [clears throat]. (Aside) Is there a sense that
he was working with the Iranian government during this attack, or it's just that
he had worked previously with the Iranian government? (Joon) The allegations in the
indictment are that he had worked previously with the Iranian government. Uh, I think the
allegations in the indictment also made clear that he was
doing this for the purpose of extorting, uh, HBO's money.
And so beyond that, I'm not gonna comment. (Aside) Um,
why did you unseal the (unintelligible) now? We're just waiting to see (unintelligible)?
(Joon) Um, that's a good question. It's, it's an issue
we face, uh, with many of these cases where we have identified,
uh, and able to charge, uh, people who are beyond our reach
at the time, um, with crimes. And this was one of those cases
where - as I said - we were able to relatively quickly identify him, and charge
him. And we had to make an assessment, um, uh, whether
there was, there was a realistic chance of actually getting him, um, and
[we] were luring him to a place where we could get him. Uh, and then
we waived that against, uh, the need, and the importance
of sending a message that we can and will - even when you are
uh, immediately beyond our reach - charge you,
uh, and make a public statement like this. And that was the balancing that we did,
and we decided this was the right time to do it. (Aside) So is it
allegiant we weren't alone on this half, but you
(unintelligible) with the Iranian government, and that they
of course would not budge? (Joon) I won't get into what we believe. I'll get -
I'll talk about what we allege. We've only alleged, uh, uh, this
one person of committing this offense. We do allege that he
says himself, - uh, in his emails - he used
the term "we". And we do allege that he had previously worked,
uh, with hacking groups in, in Iran.
Yeah. (Aside) The Washington Post, uh, reported yesterday that
prosecutors are being pressed, uh, to come out publicly
with charges of investigations involving Iranians. Uh, can you
tell us is that true? And if so, did that have anything to do with
the timing of these charges? (Joon) I saw that recording as well. Uh, when I saw it, we already
knew we were gonna be doing it, uh, today. Um, as I've said, we have
been thinking about this balance between, uh, whether we can
realistically get this person, verses, um,
the importance of making a public statement that we
brought these charges. And we made that determination that, uh,
we, we were not likely to be able to get him, and that we should go public with it. So that was
the decision that we made. (Aside) Um, is there any sense - (Joon)
that's your second, right? (Aside) - why (sorry) he, he attacked HBO specifically,
and Game of Thrones? Is this some sort of - is there a message
about American culture, or was it just opportunity? (Joon) There's no allegations about
whether there was a[n] other message other than the message he did deliver,
which is, he wanted money. (Aside) Just to - (Joon) yeah. (Aside) Um, so
according to the indictment, he started to do the recon in May,
and just started to gather stuff shortly thereafter, and then made the extortions
and demands in, uh, late July. After HBO first
became aware, did they try and shut down what he was doing,
or been working with law enforcement? Because it kind of like - okay, was he thinking
- to get him to, to do more (unintelligible)?
(unintelligible) do phone traces? (unintelligible)
(unintelligible) to Catch a Murderer. How'd that work out? (Joon) I'm not gonna go beyond what's in
the indictment, and that what I've already said, which is that we have - we thank
and commend HBO for their prompt, uh, uh,
reporting of this to the FBI. And as I've said, we
worked with them, uh, right away to help mitigate the damages, and to bring
these charges. So beyond that, I'm not gonna get into anything. Yeah.
(Aside) Uh, I assume they didn't pay any of his ransom.
(Joon) Um, again, without getting in, uh, to what's
beyond the allegations in the indictment. Um, you will see in the indictment that
there was a demand for 6 million - 5.5 million Bitcoins
that increased to 6 million Bitcoins. And then event - at some point, uh,
Mesri allegedly posting
uh, confidential proprietary material online. So,
uh, that's all I'm gonna say beyond, beyond - on that. (Aside) What do you say to companies now?
What's your advice to them about getting extorted like this, and whether or not
to pay? (Joon) Yeah. The advice - our advice would be, uh, to
reach out to law enforcement, and that we can work with them. Uh, and the FBI,
uh, is incredibly experienced and professional in this regard.
And we can walk through with them (the options), and discuss it with them.
(Aside 1) Mr. Kim? (Aside 2) Joon, will you take an off-topic question? (Joon) Sure. (Aside) Um,
when [clears throat], when you and Preet were colluding against the Turkish
defendants; um, is that sort of like, a thing, or, uh,
do have any response to the, to the Turkish, uh, (inaudible)? (Joon) Um, I assume that's a joke, uh,
[laughing] - (Aside) Uh, you tell me! (Joon) and it's a reference about - I think -
I believe it's a reference to, uh, the fact that, uh, it appears that
an investigation has been launched, uh, in Turkey, uh,
into me personally, and, uh, my precede - predecessor, Preet Bharara,
in connection with the prosecution we have on Reza Zarrab.
Um, I'm not gonna say much about that, um,
beyond, 'I've read that.' Um, I've also read
a reporting that there's belief, uh,
among some that our prosecution is being driven by
domestic Turkish politics. Uh, I've even read, uh,
statements made that, uh, our Office - the Department of Justice -
and our courts are - have been infiltrated by
gulanists. Um, needles to say,
uh, it's hard for you to - those claims are ridiculous, uh,
on their face. Um, anyone who knows (obviously) our Office, uh,
and the Department, and understands our justice system, I
would recognize, uh, those ridiculous claims. Um, and frankly,
it displays (unintelligible) a fundamental misunderstanding,
or lack of understanding of how our system of justice works,
uh, and frankly, the rule of law works. Uh, this case - our case
of prosecution, uh, that's going on, and will be starting next week in
the courthouse, uh, was brought, and will be continued
to be brought and prosecuted by career prosecutors, by career
FBI agents, and investigators, who are driven by nothing other than
uh, following the law, uh, and the evidence, and, and
enforcing American laws. They're not driven by
Turkish domestic politics. They're not gulanists. Um, they're brought
for the simple reason that these defendants allegedly committed U.S. crimes.
And the defendants are charged with serious crimes. Um,
they've - they're alleged to have used the U.S. (unintelligible) system
to, um, to transact hundreds of millions of dollars
with Iran, knowing that it was being done to evade
uh, Iran sanctions. Uh, they are charged with money laundering, they are charged with
bank fraud. These are crimes that are important to this country, and go to the national
security of this country. These defendants' conduct allegedly
was a big hole in the Iran sanctions regime. And that's why
uh, the case, uh, is being brought, and that's the only reason.
Uh, and beyond that, um, I'll let the evidence
uh, at the trial speak for itself. One more question. (Aside) Mr. Kim, for the, for the FBI
in terms of - in this case, in terms of the actual difference that
this is gonna make in Mesri's life since he can't be extradited? What
will change in his life as a result of being - facing these charges?
(Bill) One of, one of the simple of those things that'll change is, he's gonna have to think about
where he wants to go, and where he wants to stay for the rest of his life. Other than that,
you know, we're willing to help him get back here, but he's stuck.
(Aside) So, so - (Joon) Alright. Thank you very much.
For more infomation >> TOP 10 Japanese Sweets at Department Store | Hikarie - Duration: 22:26. 
For more infomation >> 12/26/17 1:00 PM (481-489 River Rd, Wilkes-Barre, PA 18705, USA) - Duration: 0:28. 
For more infomation >> 12/26/17 12:59 PM (1676-1678 River Rd, Jenkins Township, PA 18640, USA) - Duration: 0:29. 
No comments:
Post a Comment