May 16, 2018
Serbian police have arrested a 38-year-old man from Belgrade on suspicion of being part of the infamous The Dark Overlord (TDO) hacking crew.
The arrest took place earlier today. Police did not release the suspect’s name, only his initials (S.S.), year of birth (1980), and city (Belgrade).
Serbia’s Criminal Police Directorate (UCC) made the arrest in collaboration with the US Federal Bureau of Investigation (FBI).
TDO is today’s top hacker group
TDO is one of most infamous hacking groups still in activity, behind many hacks and extortion attempts.
In a press release published by Serbia’s Ministry of Internal Affairs, the group is accused of hacking and stealing data from over 50 victims since June 2016, and making over $275,000 from successful extortions, which the group usually asked as Bitcoin transfers. Below is a small (and arguably incomplete) list with just some of the few hacks that got media coverage.
⮩ Hacked and sold over 9.3 million patient records from an unnamed healthcare insurrance provider
⮩ Hacked and extorted the Cancer Services of East Central Indiana-Little Red Door center
⮩ Hacked Netflix and leaked episodes from season 5 of “Orange Is The New Black”
⮩ Hacked ABC and leaked episodes from “Steve Harvey’s Funderdome” TV show
⮩ Hacked Larson Studios, Inc. a Hollywood audio post-production studio, and stole a trove of TV shows
⮩ Terrorized Montana schools with bomb and death threats in return for a ransom
⮩ Breached H-E Parts International Morgan
⮩ Breached Line 204, a provider of sound stages for Hollywood studios
⮩ Breached Austin Manual Therapy Associates
⮩ Breached SMART (“Sports Medicine and Rehabilitation Therapy”) Physical Therapy
⮩ Breached Hand Rehabilitation Specialists
⮩ Breached Gorilla Glue
⮩ Dumped data from multiple targets such as: Pre-Con Products, G.S. Polymers, PcWorks, International Textiles & Apparel, and UniQoptics
The hacker group also operated an active Twitter account where it would often issue threats against organizations or list their hacks. Here is just one of the tens of such tweets the group would often send out.
TDO generally targeted orgs in healthcare and education
TDO has been especially active in the past 2-3 years targeting the healthcare and educational sector especially, although, in conversations with this reporter, the group peddled various other breaches for which they wanted to get media coverage.
When hacking wasn’t enough, the group embarked on campaign of threatening the hacked victims with physical violence. Notorious was a campaign in 2017 that took place in the US, where the hacker group would breach high-schools, steal personal data, and ask for a ransom. If the school didn’t pay, they would use the stolen data to contact and threaten the school’s students and staff.
FBI tried and fail to hack TDO members last fall
In conversations with this reporter, the group was well aware that the FBI was on its tail. In November 2017, the group bragged to a fellow reporter about dodging one of the hacking tools FBI agents tried to infect the hackers and identify their whereabouts.
It is unknown S.S.’ role in the larger TDO group, who claimed several times they were a collective. Without any info, S.S. could be the leader, a pawn, or just a hapless copycat.
A man signing extortion notes with the moniker “The Dark Overlords” (with an extra “s” at the end) was arrested last year in the UK. It is unclear if he’s a legitimate member of the actual TDO group, or just a copycat taking advantage of the group’s fame.
UPDATE: Post this article’s publication, TDO hackers have taken to social media to downplay the police’s arrest.
Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at firstname.lastname@example.org. For other contact methods, please visit Catalin’s author page.