The Dark Overlord (hacker group)

International hacker organization / From Wikipedia, the free encyclopedia

The Dark Overlord (also known as the TDO) was an international hacker organization believed to have existed between 2016 and 2020 which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.[1]

The group gained its initial notoriety through the sale of stolen medical records on TheRealDeal, a darkweb marketplace.[2][3] Major targets for the group included the extortion of Netflix, which resulted in the leak of unreleased episodes of the series Orange Is the New Black,[4] and Disney.[5]

In 2017, the group broke its trend of hacking and extortion, and began a series of terror-based attacks starting with the Columbia Falls school district in Montana.[6][7] The group sent life-threatening text messages to students and their parents, demanding payment to prevent the murder of children.[8] These attacks forced the closure of more than 30 schools across multiple school districts, resulting in more than 15,000 students being home from school for an entire week. During a senate committee hearing Senator Steve Daines (MO) referred to these attacks as "unprecedented".

On December 31, 2018, TDO announced the Lloyd's of London and Silverstein Properties "9/11 Papers" hack on Twitter, with thousands of incriminating documents[9][10][11] to be released in stages unless US$2,000,000 in bitcoin were paid.[12] TDOL was subsequently banned from many social media platforms including Twitter, Reddit, Pastebin and removed from the front end of an uncensorable blockchain called Steem/Hive. [13] Platforms unrelated to TDOL such as also had their social media accounts eliminated or followers deleted for serving as mirrors of TDOL hacked documents.[14] As of January 12, 2019, the bitcoin blockchain explorer revealed that less than 1% of the ransom had been paid and the payment sources may have been 9/11 researchers, not the targets of the hack. As a result, TDOL continues to release encrypted files and their private keys to the public in stages. TDO claims the documents contain information that challenges the official account of 9/11. Though it's unclear if any of that information actually exists.[15][16]

Nathan Wyatt, a member of The Dark Overlord hacking group was extradited from the UK to the US in December 2019 to face charges in St. Louis for his involvement in the group.[17][18] According to the charges, Wyatt "conspired to steal sensitive personally identifying information from victim companies and release those records on criminal marketplaces unless victims paid Bitcoin ransoms.[19] In September 2020 Wyatt was sentenced to 5 years in federal prison on a charge of " conspiring to commit aggravated identity theft and computer fraud" and was ordered to pay almost $1.5 million in restitution.[20]

The majority of research on the group's history and attribution was published in an investigative report titled "The Dark Overlord: Cyber Investigation Report", published by Night Lion Security and authored by security research Vinny Troia.[21] The report links the core members of the group to two teenage boys, and goes on to claim that Wyatt was nothing more than a patsy.

In 2020, the group became the feature of Hunting Cyber Criminals, a non-fiction book by cybersecurity author Vinny Troia (Wiley Books). In the book, Troia suggest the remaining group members are still at large and living in Calgary, Canada.[22] He also claimed that members of The Dark Overlord became part of ShinyHunters and GnosticPlayers.[23]