[BreachExchange] Cyber Security Expert Sheds Light on Hackers’ Motives, Strategy

[Destry Winant]

http://flatheadbeacon.com/2017/09/19/cyber-expert-sheds-light-hackers-motives-strategy/

When Zuly Gonzalez received a phone call from Montana asking about a
cyber hacker known as the Dark Overlord, she unfortunately knew what
to expect.

Gonzalez, the co-founder and CEO of Maryland-based cyber security firm
Light Point Security, has become all too familiar with the notorious
international cyber criminal, or group of cyber criminals.

In a conversation with the Beacon Tuesday morning about the recent
cyber extortion case threatening Columbia Falls and the surrounding
Flathead Valley, it only took a few questions before Gonzalez
recognized the tactics.

“This is their MO,” she said. “This is what they do and what they did
in the past with Netflix and others … It fits their way of doing
business.”

A hacking organization calling itself TheDarkOverlord Solutions has
been threatening schools and families in the Flathead Valley over the
last week, first by sending vile electronic messages to school
officials and then by contacting families in Columbia Falls
specifically with graphic death threats. The group successfully
infiltrated the Columbia Falls school district server and stole
personal information, as well as addresses and medical records, for
past and present students, staff and parents, according to law
enforcement.

More than 30 schools across the valley closed for three days, and
numerous activities and events were canceled through the weekend,
before classes resumed Tuesday under heightened security.

Authorities, including the FBI, have been working around the clock
investigating what they are calling a highly sophisticated cyber
incident, and on Monday night Flathead County Sheriff Chuck Curry
released a ransom letter that was sent to the Columbia Falls school
board and superintendent. The group is seeking payment via bitcoin, a
cryptocurrency and digital payment, to end the threats and prevent the
release of personal information. Authorities are strongly advising
people to not pay the ransom or engage in conversations with the
hackers.

Gonzalez, a former cyber security specialist for the National Security
Agency, echoes law enforcement’s advice, discouraging anyone from
following the criminals’ orders.

“If we prove that we’ll pay a ransom … they know that and will come to
attack us over and over again,” she said. “Once you pay the money and
prove you’re willing to give in, you have an even bigger target on
your back.”

“Obviously you never trust criminals,” she added. “And in this case,
(the Dark Overlord) has proven that even if you give them money,
there’s no guarantee that they will honor their word.”

The Dark Overlord is well-known in the cyber community and is becoming
a familiar name in the mainstream consciousness due to several
prominent breaches. The identity and location of the organization
remains a mystery, though law enforcement is confident they operate
overseas. Their actions are sinister in nature and increasingly
problematic.

Last year the organization hacked Netflix by breaking into a server
and stealing episodes of a popular show and threatening to release the
episodes early unless payments were made. A firm associated with
Netflix paid, but the hackers still released the episodes.

Other similar instances of breached servers have popped up across the
country at an alarming rate. The Dark Overlord is purportedly
responsible for hacking into several high-profile health care
institutions in recent years and stealing millions of hospital records
and Social Security numbers. The hackers then try to sell the
information back to individuals or institutions.

Defending against hackers remains as complicated as ever. Sometimes
hackers can infiltrate a personal computer by sending malicious
attachments or links that download viruses and ransomware onto a
computer, compromising everything inside.

But highly skilled hacking organizations like the Dark Overlord tend
to seek bigger targets, such as servers, that contain large amounts of
valuable information.

“Ransomware is becoming more and more commonplace,” Gonzalez said.
“It’s become popular because people are paying the ransom, and it’s
become a very lucrative tool for cyber criminals. That’s because the
amount of money that the criminals usually ask for is low enough that
people are willing to consider paying the money and get the info back
and move on with their lives.”

Gonzalez acknowledged that the Flathead Valley incident is unique to a
degree compared to the Dark Overlord’s past behavior. If, in fact, the
recent threats are from the well-known hacking organization, it’s the
first time death threats have been made as part of the extortion,
Gonzalez said.

“As far as I know, I’ve never heard of them actually threatening
anybody’s lives, especially children,” she said. “So this is a first
that I’ve heard. Usually these groups aren’t really designed to do
that type of stuff.”

Gonzalez said it is very rare, if not unheard of, for hacking
organizations to carry out violent threats, especially since most of
these cyber criminals are not in the U.S.

“They’re not in the U.S. They don’t go around killing folks. They’re
trying to steal information and make money from that,” she said.

But as a parent, she said she completely understands any fear someone
might have resulting from the threats.

“It’s a horrible position to be in,” she said.

So why did the international hackers target this relatively obscure
corner of Montana?

“The reality is they probably didn’t target the school at all,”
Gonzalez said. “The way these folks work, they’re just out looking for
stuff on the web, things they can exploit, and when they find
something they go after it.”

Gonzalez predicts the hackers sent out ransomware en masse and somehow
found a local vulnerability.

“It’s usually not a purposeful, planned attack,” she said. “They’re
just looking for low-hanging fruit, and if you’re not protected and
don’t have the right defense in place, they will go after you.”