The FBI appears to have made headway in cracking a cybercrime extortion group that has plagued health and dental clinics, schools, law firms and even Hollywood production companies since 2016.
Serbian authorities, saying they were working with the FBI, arrested a 38-year-old man, believed to be a member of The Dark Overlord, the nation’s Interior Ministry said in a statement Wednesday.
“The aim of the campaign was to uncover a large number of people who, using the name ‘The Dark Overlord’ on the Internet, have (gained) unauthorized access to computer networks and data of at least 50 victims since June 2016,” the statement said.
The FBI declined comment.
Hackers from The Dark Overlord have breached scores of U.S. institutions and clinics, freezing hard drives and demanding payment in bitcoin as ransom to decrypt files, including medical records.
In a Twitter direct message to a McClatchy reporter, the cybercrime group denied that the arrest of a man identified by Serbian authorities only as "S.S." involved one of its members.
"No one's been arrested who operates within thedarkoverlord organisation," the message said, using British spelling. "We're pleased to say that law enforcement is quite incompetent."
The group mocked the Serbian ministry statement which, translated through Google, said the cybercrime group had hit some 50 victims and “the victims paid a total of more than $275,000."
"Business is better than ever," the Dark Overlord message said, "and furthermore, we're pleased to announce that the figure quoted by Serbian authorities is quite underestimated and in fact, we've earned a great deal more."
In its attacks on U.S. targets, the group routinely mocks and threatens victims, and pressure for payment by releasing private medical records and Social Security numbers on to the internet.
In one case last October, the group issued threats to individual parents and students at Johnston Community School District in suburban Des Moines, Iowa, that forced schools to shut for a day.
“Our local police and the FBI were involved because we were like the third school district hit," said Laura Sprague, director of communications for the school district.
Following the closure of schools on Oct. 3, a tweet from an account used by The Dark Overlord (@tdo_hackers) warned that the group had released a school directory and that “Any child predator can now easily acquire new targets and even plan based on grade level.”
Other school districts in Montana, Tennessee and Texas were also subject to ransom demands from The Dark Overlord, and dental and health clinics in Florida, New York, California, Missouri and Oklahoma reported breaches linked to the group, followed by ransom demands.
A look at the Twitter accounts used by the group indicates that the list of victims is longer.
The group gained some notoriety in April 2017 when it released 10 unaired episodes of the fifth season of the Netflix hit show “Orange is the New Black,” declaring that the Los Gatos, California, streaming media company had declined to pay a ransom. Two months later, the group released eight unaired episodes of ABC’s “Steve Harvey’s FUNDERDOME” show.
In an encrypted chat with a McClatchy reporter last year, a member of the group displayed the swagger and vulgarity that also marks the group’s Twitter feed. The person suggested that the group did its victims, or “clients,” a favor by pointing out security flaws in their computer networks.
“It’s easier to sign on as a client and pay up than it is to fight us. You will lose and fall with a great thud,” the person told McClatchy at the time.
The group has suggested on Twitter that some victims minimize the damage that they have suffered.
In April 2, the group tweeted, “It’s true we breached the Waverly Police Department,” referring to a small community in Virginia southeast of Richmond. “ However, we stole far more than they admitted, and we’re going to prove them wrong.”