400-page Chargesheet filed: Police probe identifies none for Game of Thrones episode leak

Episode 4 of Season 7 leaked online on August 4, three days before it was to be aired

The Mumbai Police have not identified the person or persons responsible for leaking an episode of popular television show Game of Thrones in August. A chargesheet filed by the BKC cyber police station in Mumbai last month does not accuse anyone of the leak, but has named four current and former employees of a media firm linked to the American show’s broadcaster in India for “unauthorised access and theft of content”. The leak came to the notice of Star India Pvt Ltd, the show’s Indian broadcaster, on August 4, three days before the episode was to be aired on its digital platform Hotstar. The chargesheet says a senior Star India executive who studies the show’s profile and reach on social media came across a Twitter post containing the URL of a webpage on which people could watch the fourth episode of the show’s seventh season. Star India’s security team then blocked public access to it.

All the nine people who knew of the link, including four who watched it, have denied sharing it with anyone else, says the chargesheet. It also includes the statement of another senior Star India executive, who blamed Mumbai-based Prime Focus Technologies Pvt Ltd, a firm contracted by Star India to process and prepare raw files of the episodes before uploading them to Hotstar each week during the show’s run, for the breach.

The chargesheet says executives at Prime Focus initially believed they had come under cyber attack, but an internal assessment followed by a detailed digital investigation by a leading cyber risk managment firm, concluded the leak was an inside job.

Prime Focus then filed a complaint against Mohammad Suhail (30), a former employee who worked at its office in Bengaluru where the show’s episodes are processed. The chargesheet says Suhail had retained access to his official Prime Focus email address and user ID even after leaving the firm in November 2016.

Prime Focus’s preliminary incident assessment report on August 6 expressed surprise that such a breach of security was even possible. “As a policy, Prime Focus disables all system credentials of employees at their separation from the company. Hence, the said employee’s credentials being available to log in to the system was highly unusual,” states the report, annexed to the chargesheet.

The report added that Suhail used his company credentials to log on to Content Live, a patented software used to process the episodes. The chargesheet says Suhail’s initial attempts at logging in on July 11 were unsuccessful but he managed to view ‘Shooting Game of Thrones Session Seven’ after one successful attempt. The chargesheet adds that Suhail accessed the software later to watch episodes two and three of the same season, days before they were officially broadcast. What he managed to view, however, were low resolution videos in MP4 format with logos of Star India, a time stamp and watermark ‘For Internal Purposes’ imposed. The police report explains that engineers at Prime Focus in Bengaluru would watch the episodes in low resolution, screen them for anomalies and feed in subtitles before clearing them for broadcast. The episode leaked online was of the same inferior quality, as opposed to the high defnition print available on Hotstar.

The police eventually arrested Bhaskar Joshi (26) and Abhishek Ghildiyal (26), both Prime Focus employees, for allegedly allowing Suhail to get unauthorised access to the system. Suhail had allegedly asked Joshi for a user ID and password to access Content Live. Joshi, a senior test engineer whose responsibilities did not include working on Content Live, allegedly asked Ghildiyal for his login credentials and passed them on to Joshi. However, in a written statement recorded at Prime Focus office in Bengaluru on August 13, Joshi claimed he did not “have any knowledge what Mohammad Suhail did after receiving the user ID and password to access Content Live”. “I shared the user ID and password with Mohd Suhail since we were colleagues…and he was clearly aware of the strict rules and policies at Prime Focus. I wish to state that I will not repeat this in future,” he told the police.

In its investigation into the activities of Alok Sharma (25), a senior software engineer at Prime Focus, the police have only stated that he created the link to view the fourth episode on August 3 on a request from colleague Nikita Gyanchandani. However, after giving the link to Nikita, Sharma allegedly posted it on a WhatsApp group that had five other friends.

The chargesheet includes reproductions of WhatsApp conversations between Suhail and Sharma in which both ask each other who leaked the episode. While Suhail advises Sharma to run away because he had accessed Content Live through the latter’s login credentials, both are confident of not getting caught. Both joke that they had nothing to fear from the police as neither was responsible for the leak. The 400-page chargesheet also include letters sent by the police to Reddit and Twitter for information on users suspected of having posted links to the leaked episode.

Joshi’s lawyer Bryan D’Lima said the police had relied completely on an investigation done by external agencies. “They cannot just base their case on expert opinions. They should have investigated it independently,” he said, adding, “There was no money motive. One person just went out of the way to help Nikita Gyanchandani. There was no breach of trust or cheating.”

The four accused who live and work in Bengaluru were arrest ed in August after Prime Focus lodged a complaint at the BKC cyber police station. They were booked under under sections 408, 406, 34 and 201 of the IPC and sections 43 (causing damage to a computer or computer system) and 66 (acts committed under Section 43 punishable with a jail term of upto three years and a fine upto Rs 5 lakh) under the IT Act.

D’Lima said all four accused were granted bail by the Chief Metropolitan Magistrate last month. The case will next be heard on December 21.