How does it feel to be a wanted cybercriminal?
"We all sleep like babies," says a member of The Dark Overlord, an infamous hacking group that continues to elude law enforcement.
On Wednesday, Serbian authorities said local police and the FBI had arrested a possible member of the group in Belgrade. But The Dark Overlord is shrugging off the news, claiming on Twitter that law enforcement got the wrong man.
Law enforcement has proven to be most incompetent.
— thedarkoverlord (@tdo_hackers) May 17, 2018
"In fact, the authorities have done nothing to affect our operations. None of our members have been lost to an arrest," a member of The Dark Overlord told PCMag in an interview.
For the past two years, The Dark Overlord has been preying on medical providers, schools, and businesses by stealing their sensitive data and threatening to sell it on black market, unless they pay up, usually in Bitcoin.
The FBI estimates The Dark Overlord is behind at least 69 intrusions, and attempted to sell over 100 million records containing people's personal information. Last year, the group also gained notoriety for pilfering upcoming episodes of the Netflix series Orange is the New Black and dumping them online.
Does the group feel any remorse over any of this? "We don't feel anything, except the desire for more internet money (Bitcoin)," the member said in an encrypted chat with PCMag.
Whether or not investigators are getting close to stopping The Dark Overlord isn't clear. The FBI has thus far declined to comment on the arrest in Belgrade. But in the meantime, the hacking group says it has no intention of stopping its attacks.
"As far as what motivates us to continue our good work: internet money," the member added. "We're motivated only by our desire to acquire internet money."
That said, statements from The Dark Overlord should be viewed with some serious skepticism. The group has every reason to promote its successes and claim that law enforcement is "incompetent," as a way to strike fear, and dissuade victims from contacting the FBI.
"Our clients usually pay up," the member claimed, later adding: "There's little that we can't conquer."
Typically, the group sends an email to their targets, with veiled threats of releasing the stolen information. But The Dark Overlord has shown no qualms of taking matters to the extreme. Last year, the group applied pressure on a school district to pay up by sending death threats to students and their parents via text message.
In addition, The Dark Overlord has been particularly savvy at leveraging media coverage to drum up publicity for their hacks. The goal: shame affected institutions into paying into their demands.
During the interview, the member claimed that his group recently breached a law firm, and stole "tremendously valuable" confidential materials that they're threatening to release. "They (the law firm) are adamant about not wanting their name with ours," the member said.
Recommended by Our Editors
The group declined to go into details about their tactics, and which victims they've been preying on. But the member said they've also been going after "government targets."
"We're unwilling to say how many members exist within our organization, but we'll say we're fully staffed," the member added.
How can you protect yourself from The Dark Overlord? Experts say the group appears to be targeting poorly secured servers on the internet, and looting their contents—a threat the FBI also published a warning about last year.
Institutions, with little IT expertise, can often deploy these servers without properly configuring them, said Kevin Haley, director of security response at Symantec. "You can't just install the software and hope for the best," he said. "You need to stay up-to-date and track vulnerabilities."
Unfortunately, many organizations—particularly schools and medical providers—have little training in cybersecurity, he said. That's given The Dark Overlord plenty of targets to hit.
To help, both the FBI and the US Education Department published practices IT administrators can use to safeguard their systems from The Dark Overlord's attacks.
How a VPN Works
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
