The Dark Overlord (hacker group)
The Dark Overlord (also known as the TDO) is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.[1]
The group gained its initial notoriety through the sale of stolen medical records on TheRealDeal, a darkweb marketplace.[2][3] Major targets for the group included the extortion of Netflix, which resulted in the leak of unreleased episodes of the series Orange Is the New Black,[4] and Disney.[5]
In 2017, the group broke its trend of hacking and extortion, and began a series of terror-based attacks starting with the Columbia Falls school district in Montana.[6][7] The group sent life-threatening text messages to students and their parents, demanding payment to prevent the murder of children.[8] These attacks forced the closure of more than 30 schools across multiple school districts, resulting in more than 15,000 students being home from school for an entire week. During a senate committee hearing Senator Steve Daines (MT) referred to these attacks as "unprecedented".
On December 31, 2018, TDO announced the Lloyd's of London and Silverstein Properties "9/11 Papers" hack on Twitter, with thousands of incriminating documents[9][10][11] to be released in stages unless US$2,000,000 in bitcoin were paid.[12] TDO was subsequently banned from many social media platforms including Twitter, Reddit, Pastebin and removed from the front end of an uncensorable blockchain called Steem/Hive. [13] Platforms unrelated to TDO such as www.hpub.org also had their social media accounts eliminated or followers deleted for serving as mirrors of TDO hacked documents.[14] [15][16]
Arrests
[edit]Nathan Wyatt, a member of The Dark Overlord hacking group, was extradited from the UK to the US in December 2019 to face charges in St. Louis for his involvement in the group.[17][18] According to the charges, Wyatt "conspired to steal sensitive personally identifying information from victim companies and release those records on criminal marketplaces unless victims paid Bitcoin ransoms.[19] In September 2020 Wyatt was sentenced to five years in federal prison on a charge of "conspiring to commit aggravated identity theft and computer fraud" and was ordered to pay almost $1.5 million in restitution.[20]
Attribution
[edit]In 2020, the group became the feature of Hunting Cyber Criminals, a non-fiction book by cybersecurity author Vinny Troia (Wiley Books). In the book, Troia suggest the core members are two teenage boys, Christopher Meunier and Dionysios "Dennis" Karvouniaris, living in Calgary, Canada. [21] He also claimed that members of The Dark Overlord became part of ShinyHunters and GnosticPlayers.[22]
The majority of research on the group's history and attribution was published in an investigative report titled "The Dark Overlord: Cyber Investigation Report", published by Night Lion Security and authored by security researcher Vinny Troia.[23] The report claims that the core members of the group can be directly linked to other major database hacking groups Gnostic Players and Shiny Hunters, and that Wyatt was nothing more than the group's patsy.
References
[edit]- ^ Stone, Jeff (8 January 2019). "The Dark Overlord was recruiting employees and looking for attention before 9/11 data dump". CyberScoop. Retrieved 12 January 2019.
- ^ Whittaker, Zack (June 27, 2016). "A hacker is advertising millions of stolen health records on the dark web". ZDNet. Retrieved 2020-04-17.
- ^ Storm, Darlene (2016-06-27). "Hacker selling 655,000 patient records from 3 hacked healthcare organizations". Computerworld. Archived from the original on Oct 29, 2020. Retrieved 2020-04-17.
- ^ Uchill, Joe (10 January 2019). "Hacker recruiting goes corporate". axios. Retrieved 12 January 2019.
- ^ Newman, Lily Hay (2017-05-18). "High-Profile Extortion Hacks Aren't Paying Off". Wired. ISSN 1059-1028. Archived from the original on May 26, 2023. Retrieved 2020-04-17.
- ^ Graham, Taylor (2017-09-19). "Flathead hackers found to have history of cyber attacks". KECI. Retrieved 2020-04-17.
- ^ ""Ransom note" released after cyber-threats to Montana schools". CBS News. 19 September 2017. Retrieved 2020-04-17.
- ^ Cox, Joseph (2017-10-05). "'Dark Overlord' Hackers Text Death Threats to Students, Then Dump Voicemails From Victims". The Daily Beast. Retrieved 2020-04-17.
- ^ "ndex: Hacker group releases '9/11 Papers', says future leaks will 'burn down' US deep state". HuffpoClub. Retrieved 13 January 2019.
- ^ "The Dark Overlord Hackers Threaten To Release TOP SECRET Files of 9/11 Litigation Unless Paid In Bitcoin". HuffpoClub. Retrieved 13 January 2019.
- ^ "Hacker Group Dark Overlord Threatens to Dump Insurance Files Related to 9/11 Attacks". HuffpoClub. Retrieved 13 January 2019.
- ^ "9/11 Papers Megalink". Busy.org. Retrieved 12 January 2019.
- ^ "Thedarkoverlord | Hive".
- ^ "ndex: 9/11 Docs Drop From Dark Overloard [sic]". HuffpoClub. Archived from the original on 2019-01-14. Retrieved 13 January 2019.
- ^ "Checkpoint 8". Anonfiles. Retrieved 12 January 2019.
- ^ "Darkoverlord Banned". heavy.com. 11 January 2019. Retrieved 12 January 2019.
- ^ "'The Dark Overlord' hacking group member facing charges in St. Louis". KSDK. 18 December 2019. Retrieved 2020-04-17.
- ^ Goodin, Dan (2019-12-19). "Dark Overlord taunted, threatened, and extorted. Now alleged member is behind bars". Ars Technica. Retrieved 2019-12-28.
- ^ "Member of "The Dark Overlord" Hacking Group Extradited From United Kingdom to Face Charges in St. Louis". U.S. Department of Justice. 2019-12-18. Retrieved 2020-04-17.
- ^ "UK National Sentenced to Prison for Role in "The Dark Overlord" Hacking Group". U.S. Department of Justice. 2020-09-21. Retrieved 2022-03-06.
- ^ Troia, Vinny (January 2020). Hunting Cyber Criminals. Wiley. p. 544. ISBN 978-1-119-54099-1. Retrieved 25 November 2020.
- ^ "Researcher: Two Hackers Linked to 42% of Data Breaches".
- ^ "The Dark Overlord - A Cyber Criminal Investigation Report". Night Lion Security. 2020-07-16. Retrieved 2021-12-17.