The Dark Overlord (hacker group) explained

The Dark Overlord (also known as the TDO) is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.^[1]

The group gained its initial notoriety through the sale of stolen medical records on TheRealDeal, a darkweb marketplace.^{[2] [3]} Major targets for the group included the extortion of Netflix, which resulted in the leak of unreleased episodes of the series Orange Is the New Black,^[4] and Disney.^[5]

In 2017, the group broke its trend of hacking and extortion, and began a series of terror-based attacks starting with the Columbia Falls school district in Montana.^{[6] [7]} The group sent life-threatening text messages to students and their parents, demanding payment to prevent the murder of children.^[8] These attacks forced the closure of more than 30 schools across multiple school districts, resulting in more than 15,000 students being home from school for an entire week. During a senate committee hearing Senator Steve Daines (MT) referred to these attacks as "unprecedented".

On December 31, 2018, TDO announced the Lloyd's of London and Silverstein Properties "9/11 Papers" hack on Twitter, with thousands of incriminating documents^{[9] [10] [11]} to be released in stages unless US$2,000,000 in bitcoin were paid.^[12] TDO was subsequently banned from many social media platforms including Twitter, Reddit, Pastebin and removed from the front end of an uncensorable blockchain called Steem/Hive. ^[13] Platforms unrelated to TDO such as www.hpub.org also had their social media accounts eliminated or followers deleted for serving as mirrors of TDO hacked documents.^{[14] [15] [16]}

Arrests

Nathan Wyatt, a member of The Dark Overlord hacking group, was extradited from the UK to the US in December 2019 to face charges in St. Louis for his involvement in the group.^{[17] [18]} According to the charges, Wyatt "conspired to steal sensitive personally identifying information from victim companies and release those records on criminal marketplaces unless victims paid Bitcoin ransoms.^[19] In September 2020 Wyatt was sentenced to five years in federal prison on a charge of "conspiring to commit aggravated identity theft and computer fraud" and was ordered to pay almost $1.5 million in restitution.^[20]

Attribution

In 2020, the group became the feature of Hunting Cyber Criminals, a non-fiction book by cybersecurity author Vinny Troia (Wiley Books). In the book, Troia suggest the core members are two teenage boys, Christopher Meunier and Dionysios "Dennis" Karvouniaris, living in Calgary, Canada. ^[21] He also claimed that members of The Dark Overlord became part of ShinyHunters and GnosticPlayers.^[22]

The majority of research on the group's history and attribution was published in an investigative report titled "The Dark Overlord: Cyber Investigation Report", published by Night Lion Security and authored by security researcher Vinny Troia.^[23] The report claims that the core members of the group can be directly linked to other major database hacking groups Gnostic Players and Shiny Hunters, and that Wyatt was nothing more than the group's patsy.

References

1. Web site: The Dark Overlord was recruiting employees and looking for attention before 9/11 data dump. Jeff . Stone . CyberScoop . 8 January 2019. 12 January 2019.
2. Web site: A hacker is advertising millions of stolen health records on the dark web. June 27, 2016 . Whittaker. Zack. ZDNet. 2020-04-17.
3. Web site: Hacker selling 655,000 patient records from 3 hacked healthcare organizations. Storm. Darlene. 2016-06-27. Computerworld. 2020-04-17 . live . https://web.archive.org/web/20201029000536/https://www.computerworld.com/article/3088907/hacker-selling-655-000-patient-records-from-3-hacked-healthcare-organizations.html . Oct 29, 2020 .
4. Web site: Hacker recruiting goes corporate . Joe . Uchill . 10 January 2019 . axios. 12 January 2019.
5. News: Newman. Lily Hay. High-Profile Extortion Hacks Aren't Paying Off. limited . 2017-05-18. Wired. 2020-04-17. 1059-1028 . live . https://web.archive.org/web/20230526215058/https://www.wired.com/2017/05/high-profile-extortion-hacks-arent-paying-off/ . May 26, 2023 .
6. Web site: Flathead hackers found to have history of cyber attacks . Graham. Taylor. 2017-09-19. KECI. 2020-04-17.
7. Web site: "Ransom note" released after cyber-threats to Montana schools. CBS News. 19 September 2017 . 2020-04-17.
8. News: Cox. Joseph. 'Dark Overlord' Hackers Text Death Threats to Students, Then Dump Voicemails From Victims. 2017-10-05. The Daily Beast. 2020-04-17.
9. Web site: ndex: Hacker group releases '9/11 Papers', says future leaks will 'burn down' US deep state. HuffpoClub. 13 January 2019.
10. Web site: The Dark Overlord Hackers Threaten To Release TOP SECRET Files of 9/11 Litigation Unless Paid In Bitcoin. HuffpoClub. 13 January 2019.
11. Web site: Hacker Group Dark Overlord Threatens to Dump Insurance Files Related to 9/11 Attacks. HuffpoClub. 13 January 2019.
12. Web site: 9/11 Papers Megalink. Busy.org. 12 January 2019.
13. Web site: Thedarkoverlord | Hive .
14. Web site: ndex: 9/11 Docs Drop From Dark . HuffpoClub. 13 January 2019. dead. https://web.archive.org/web/20190114210341/https://hpub.org/article-70041/. 2019-01-14 .
15. Web site: Checkpoint 8 . Anonfiles. 12 January 2019.
16. Web site: Darkoverlord Banned. 11 January 2019. heavy.com. 12 January 2019.
17. Web site: 'The Dark Overlord' hacking group member facing charges in St. Louis. KSDK. 18 December 2019. 2020-04-17.
18. Web site: Dark Overlord taunted, threatened, and extorted. Now alleged member is behind bars. Goodin. Dan. 2019-12-19. Ars Technica. 2019-12-28.
19. Web site: Member of "The Dark Overlord" Hacking Group Extradited From United Kingdom to Face Charges in St. Louis. 2019-12-18. U.S. Department of Justice. 2020-04-17.
20. Web site: 2020-09-21 . UK National Sentenced to Prison for Role in "The Dark Overlord" Hacking Group . 2022-03-06 . U.S. Department of Justice . en.
21. Book: Troia . Vinny . Hunting Cyber Criminals . January 2020 . Wiley . 978-1-119-54099-1 . 544 . 25 November 2020.
22. Web site: Researcher: Two Hackers Linked to 42% of Data Breaches.
23. Web site: 2020-07-16. The Dark Overlord - A Cyber Criminal Investigation Report. 2021-12-17. Night Lion Security. en.