The Dark Overlord (also known as the TDO) is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents. [1]
The group gained its initial notoriety through the sale of stolen medical records on TheRealDeal, a darkweb marketplace. [2] [3] Major targets for the group included the extortion of Netflix, which resulted in the leak of unreleased episodes of the series Orange Is the New Black , [4] and Disney. [5]
In 2017, the group broke its trend of hacking and extortion, and began a series of terror-based attacks starting with the Columbia Falls school district in Montana. [6] [7] The group sent life-threatening text messages to students and their parents, demanding payment to prevent the murder of children. [8] These attacks forced the closure of more than 30 schools across multiple school districts, resulting in more than 15,000 students being home from school for an entire week. During a senate committee hearing Senator Steve Daines (MT) referred to these attacks as "unprecedented".
On December 31, 2018, TDO announced the Lloyd's of London and Silverstein Properties "9/11 Papers" hack on Twitter, with thousands of incriminating documents [9] [10] [11] to be released in stages unless US$2,000,000 in bitcoin were paid. [12] TDO was subsequently banned from many social media platforms including Twitter, Reddit, Pastebin and removed from the front end of an uncensorable blockchain called Steem/Hive. [13] Platforms unrelated to TDO such as www.hpub.org also had their social media accounts eliminated or followers deleted for serving as mirrors of TDO hacked documents. [14] [15] [16]
Nathan Wyatt, a member of The Dark Overlord hacking group, was extradited from the UK to the US in December 2019 to face charges in St. Louis for his involvement in the group. [17] [18] According to the charges, Wyatt "conspired to steal sensitive personally identifying information from victim companies and release those records on criminal marketplaces unless victims paid Bitcoin ransoms. [19] In September 2020 Wyatt was sentenced to five years in federal prison on a charge of "conspiring to commit aggravated identity theft and computer fraud" and was ordered to pay almost $1.5 million in restitution. [20]
In 2020, the group became the feature of Hunting Cyber Criminals, a book by Vinny Troia. In the book, Troia suggests the core members are two teenage boys living in Canada. [21] He also claimed that members of The Dark Overlord became part of ShinyHunters and GnosticPlayers. [22]
The majority of research on the group's history and attribution was published in an investigative report titled "The Dark Overlord: Cyber Investigation Report", published by Night Lion Security and authored by security researcher Vinny Troia. [23] The report claims that the core members of the group can be directly linked to other major database hacking groups Gnostic Players and Shiny Hunters, and that Wyatt was nothing more than the group's patsy.
Extortion is the practice of obtaining benefit through coercion. In most jurisdictions it is likely to constitute a criminal offence; the bulk of this article deals with such cases. Robbery is the simplest and most common form of extortion, although making unfounded threats in order to obtain an unfair business advantage is also a form of extortion.
Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.
Ransomware is a type of malware that encrypts the victim's personal data until a ransom is paid. They commonly use difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Sometimes the original files can be retrieved without paying the ransom due to implementation mistakes, leaked cryptographic keys or a complete lack of encryption in the ransomware.
The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.
The dark web is the World Wide Web content that exists on darknets that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location. The dark web forms a small part of the deep web, the part of the web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web.
Lizard Squad was a black hat hacking group, mainly known for their claims of distributed denial-of-service (DDoS) attacks primarily to disrupt gaming-related services.
Monero is a cryptocurrency which uses a blockchain with privacy-enhancing technologies to obfuscate transactions to achieve anonymity and fungibility. Observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.
TheRealDeal was a darknet website and a part of the cyber-arms industry reported to be selling code and zero-day software exploits.
The Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the group, researchers have attributed many cyberattacks to them since 2010.
Marcus Hutchins, also known online as MalwareTech, is a British computer security researcher known for stopping the WannaCry ransomware attack. He is employed by cybersecurity firm Kryptos Logic. Hutchins is from Ilfracombe in Devon.
GnosticPlayers is a computer hacking group, which is believed to have been formed in 2019 and gained notability for hacking Zynga, Canva, and several other online services.
REvil was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page Happy Blog unless the ransom was received. In a high profile case, REvil attacked a supplier of the tech giant Apple and stole confidential schematics of their upcoming products. In January 2022, the Russian Federal Security Service said they had dismantled REvil and charged several of its members.
Vastaamo was a Finnish private psychotherapy service provider founded in 2008. On 21 October 2020, Vastaamo announced that its patient database had been hacked. Private information obtained by the perpetrators was used in an attempt to extort Vastaamo and, later, its clients. The extorters demanded 40 bitcoins, roughly worth 450,000 euros at the time, and threatened to publish the records if the ransom was not paid. To add pressure to their demands, the extorters published hundreds of patient records a day on a Tor message board.
On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that afflicted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state.
DarkSide is a cybercriminal hacking group, believed to be based in Russia, that targets victims using ransomware and extortion; it is believed to be behind the Colonial Pipeline cyberattack. The group provides ransomware as a service.
On November 13, 2021, a hacker named Conor Brian Fitzpatrick, going by his alias "Pompompurin", compromised the FBI's external email system, sending thousands of messages warning of a cyberattack by cybersecurity CEO Vinny Troia who was falsely suggested to have been identified as part of The Dark Overlord hacking group by the United States Department of Homeland Security.
Clop is a cybercriminal organization known for its multilevel extortion techniques and global malware distribution. It has extorted more than $500 million in ransom payments, targeting major organizations worldwide. Clop gained notoriety in 2019 and has since conducted high-profile attacks, using large-scale phishing campaigns and sophisticated malware to infiltrate networks and demand ransom, threatening to expose data if demands are not met.
Vincenzo "Vinny" Troia is an American cybersecurity researcher who is known for investigating high profile data breaches and dark web hacking groups, and is the author "Hunting Cyber Criminals". Troia has published research about dark web hacking groups such as The Dark Overlord and Shiny Hunters.