[BreachExchange] Suspected Member of TheDarkOverlord Hacking Group Arrested in Serbia

Destry Winant destry at riskbasedsecurity.com
Wed May 16 17:41:11 EDT 2018


Serbian police have arrested a 38-year-old man from Belgrade on
suspicion of being part of the infamous The Dark Overlord (TDO)
hacking crew.

The arrest took place earlier today. Police did not release the
suspect's name, only his initials (S.S.), year of birth (1980), and
city (Belgrade).

Serbia's Criminal Police Directorate (UCC) made the arrest in
collaboration with the US Federal Bureau of Investigation (FBI).

TDO is today's top hacker group

TDO is one of most infamous hacking groups still in activity, behind
many hacks and extortion attempts.

In a press release published by Serbia's Ministry of Internal Affairs,
the group is accused of hacking and stealing data from over 50 victims
since June 2016, and making over $275,000 from successful extortions,
which the group usually asked as Bitcoin transfers. Below is a small
(and arguably incomplete) list with just some of the few hacks that
got media coverage.

The hacker group also operated an active Twitter account where it
would often issue threats against organizations or list their hacks.
Here is just one of the tens of such tweets the group would often send

TDO generally targeted orgs in healthcare and education

TDO has been especially active in the past 2-3 years targeting the
healthcare and educational sector especially, although, in
conversations with this reporter, the group peddled various other
breaches for which they wanted to get media coverage.

This reporter declined because by that time it became clear the group
was using news outlets [1, 2] to put pressure on breached companies to
pay extortion demands.

When hacking wasn't enough, the group embarked on campaign of
threatening the hacked victims with physical violence. Notorious was a
campaign in 2017 that took place in the US, where the hacker group
would breach high-schools, steal personal data, and ask for a ransom.
If the school didn't pay, they would use the stolen data to contact
and threaten the school's students and staff.

The hacks and threats got so bad that both the FBI and the US
Education Department sent security alerts to schools warning of the
hacker groups' tactics.

FBI tried and fail to hack TDO members last fall

In conversations with this reporter, the group was well aware that the
FBI was on its tail. In November 2017, the group bragged to a fellow
reporter about dodging one of the hacking tools FBI agents tried to
infect the hackers and identify their whereabouts.

It is unknown S.S.' role in the larger TDO group, who claimed several
times they were a collective. Without any info, S.S. could be the
leader, a pawn, or just a hapless copycat.

A man signing extortion notes with the moniker "The Dark Overlords"
(with an extra "s" at the end) was arrested last year in the UK. It is
unclear if he's a legitimate member of the actual TDO group, or just a
copycat taking advantage of the group's fame.

More information about the BreachExchange mailing list