The Dark Overlord (hacker group)

From HandWiki
Revision as of 23:37, 6 February 2024 by Scavis2 (talk | contribs) (change)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Short description: International hacker organization

The Dark Overlord (also known as the TDO) is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.[1]

The group gained its initial notoriety through the sale of stolen medical records on TheRealDeal, a darkweb marketplace.[2][3] Major targets for the group included the extortion of Netflix, which resulted in the leak of unreleased episodes of the series Orange Is the New Black,[4] and Disney.[5]

In 2017, the group broke its trend of hacking and extortion, and began a series of terror-based attacks starting with the Columbia Falls school district in Montana.[6][7] The group sent life-threatening text messages to students and their parents, demanding payment to prevent the murder of children.[8] These attacks forced the closure of more than 30 schools across multiple school districts, resulting in more than 15,000 students being home from school for an entire week. During a senate committee hearing Senator Steve Daines (MO) referred to these attacks as "unprecedented".

On December 31, 2018, TDO announced the Lloyd's of London and Silverstein Properties "9/11 Papers" hack on Twitter, with thousands of incriminating documents[9][10][11] to be released in stages unless US$2,000,000 in bitcoin were paid.[12] TDO was subsequently banned from many social media platforms including Twitter, Reddit, Pastebin and removed from the front end of an uncensorable blockchain called Steem/Hive. [13] Platforms unrelated to TDO such as www.hpub.org also had their social media accounts eliminated or followers deleted for serving as mirrors of TDO hacked documents.[14] [15][16]

Arrests

Nathan Wyatt, a member of The Dark Overlord hacking group was extradited from the UK to the US in December 2019 to face charges in St. Louis for his involvement in the group.[17][18] According to the charges, Wyatt "conspired to steal sensitive personally identifying information from victim companies and release those records on criminal marketplaces unless victims paid Bitcoin ransoms.[19] In September 2020 Wyatt was sentenced to 5 years in federal prison on a charge of " conspiring to commit aggravated identity theft and computer fraud" and was ordered to pay almost $1.5 million in restitution.[20]

Attribution

In 2020, the group became the feature of Hunting Cyber Criminals, a non-fiction book by cybersecurity author Vinny Troia (Wiley Books). In the book, Troia suggest the core members are two teenage boys, Christopher Meunier and Dionysios "Dennis" Karvouniaris, living in Calgary, Canada. [21] He also claimed that members of The Dark Overlord became part of ShinyHunters and GnosticPlayers.[22]

The majority of research on the group's history and attribution was published in an investigative report titled "The Dark Overlord: Cyber Investigation Report", published by Night Lion Security and authored by security researcher Vinny Troia.[23] The report claims that the core members of the group can be directly linked to other major database hacking groups Gnostic Players and Shiny Hunters, and that Wyatt was nothing more than the group's patsy.


References

  1. "The Dark Overlord was recruiting employees and looking for attention before 9/11 data dump". 8 January 2019. https://www.cyberscoop.com/dark-overlord-recruiting-employees-looking-attention-911-data-dump/. 
  2. Whittaker, Zack. "A hacker is advertising millions of stolen health records on the dark web". https://www.zdnet.com/article/hacker-advertising-huge-health-insurance-database/. 
  3. Storm, Darlene (2016-06-27). "Hacker selling 655,000 patient records from 3 hacked healthcare organizations". https://www.computerworld.com/article/3088907/hacker-selling-655-000-patient-records-from-3-hacked-healthcare-organizations.html. 
  4. "cybersecurity hacking". axios. 10 January 2019. https://www.axios.com/cybersecurity-hacking-cyber-crimes-dark-overlord-5ef60968-5803-4e33-bba6-91000d606e57.html. 
  5. Newman, Lily Hay (2017-05-18). "High-Profile Extortion Hacks Aren't Paying Off". Wired. ISSN 1059-1028. https://www.wired.com/2017/05/high-profile-extortion-hacks-arent-paying-off/. 
  6. Graham, Taylor (2017-09-19). "Flathead hackers found to have...". https://nbcmontana.com/news/local/flathead-hackers-found-to-have-history-of-cyber-attacks. 
  7. ""Ransom note" released after cyber-threats to Montana schools". 19 September 2017. https://www.cbsnews.com/news/ransom-note-released-after-cyber-threats-to-montana-schools/. 
  8. Cox, Joseph (2017-10-05). "'Dark Overlord' Hackers Text Death Threats to Students, Then Dump Voicemails From Victims". The Daily Beast. https://www.thedailybeast.com/dark-overlord-hackers-text-death-threats-to-students-then-dump-voicemails-from-victims. 
  9. "ndex: Hacker group releases '9/11 Papers', says future leaks will 'burn down' US deep state". HuffpoClub. https://hpub.org/article-70114//. 
  10. "The Dark Overlord Hackers Threaten To Release TOP SECRET Files of 9/11 Litigation Unless Paid In Bitcoin". HuffpoClub. https://hpub.org/article-70106//. 
  11. "Hacker Group Dark Overlord Threatens to Dump Insurance Files Related to 9/11 Attacks". HuffpoClub. https://hpub.org/article-70038//. 
  12. "9/11 Papers Megalink". Busy.org. https://busy.org/@thedarkoverlord/9-11-papers-megaleak-layer-2-checkpoint-08-cyber-cash-for-cyber-cache. 
  13. "Thedarkoverlord | Hive". https://hiveblocks.com/@thedarkoverlord. 
  14. "ndex: 9/11 Docs Drop From Dark Overloard [sic]". HuffpoClub. https://hpub.org/article-70041/. 
  15. "Checkpoint 8". Anonfiles. https://anonfiles.com/ebVdf4q9bf/Checkpoint_08_zip. 
  16. "Darkoverlord Banned". heavy.com. 11 January 2019. https://heavy.com/news/2019/01/the-dark-overlord-update-banned-steemit-twitter-reddit/. 
  17. "'The Dark Overlord' hacking group member facing charges in St. Louis". 18 December 2019. https://www.ksdk.com/article/news/local/dark-overlord-hacking-group-st-louis-charges/63-4d5d3463-3b32-432c-afbf-e329907a1900. 
  18. Goodin, Dan (2019-12-19). "Dark Overlord taunted, threatened, and extorted. Now alleged member is behind bars". https://arstechnica.com/information-technology/2019/12/alleged-member-of-prolific-dark-overlord-hacking-group-extradited-to-the-us/. 
  19. "Member of "The Dark Overlord" Hacking Group Extradited From United Kingdom to Face Charges in St. Louis". 2019-12-18. https://www.justice.gov/opa/pr/member-dark-overlord-hacking-group-extradited-united-kingdom-face-charges-st-louis. 
  20. "UK National Sentenced to Prison for Role in "The Dark Overlord" Hacking Group" (in en). 2020-09-21. https://www.justice.gov/opa/pr/uk-national-sentenced-prison-role-dark-overlord-hacking-group. 
  21. Troia, Vinny (January 2020). Hunting Cyber Criminals. Wiley. pp. 544. ISBN 978-1-119-54099-1. https://www.wiley.com/en-us/Hunting+Cyber+Criminals%3A+A+Hacker%27s+Guide+to+Online+Intelligence+Gathering+Tools+and+Techniques-p-9781119540991. Retrieved 25 November 2020. 
  22. "Researcher: Two Hackers Linked to 42% of Data Breaches". https://www.secureworldexpo.com/industry-news/researcher-2-hackers-linked-to-42-of-data-breaches. 
  23. "The Dark Overlord - A Cyber Criminal Investigation Report" (in en). 2020-07-16. https://nightlion.com/blog/2020/the-dark-overlord-report/.