The Dark Overlord (hacker group)

The Dark Overlord (also known as the TDO) is an international hacker organization which garnered significant publicity through cybercrime extortion of high-profile targets and public demands for ransom to prevent the release of confidential or potentially embarrassing documents.[1]

The group gained its initial notoriety through the sale of stolen medical records on TheRealDeal, a darkweb marketplace.[2][3] Major targets for the group included the extortion of Netflix, which resulted in the leak of unreleased episodes of the series Orange Is the New Black,[4] and Disney.[5]

In 2017, the group broke its trend of hacking and extortion, and began a series of terror-based attacks starting with the Columbia Falls school district in Montana.[6][7] The group sent life-threatening text messages to students and their parents, demanding payment to prevent the murder of children.[8] These attacks forced the closure of more than 30 schools across multiple school districts, resulting in more than 15,000 students being home from school for an entire week. During a senate committee hearing Senator Steve Daines (MO) referred to these attacks as "unprecedented".

On December 31, 2018, TDO announced the Lloyd's of London and Silverstein Properties "9/11 Papers" hack on Twitter, with thousands of incriminating documents[9][10][11] to be released in stages unless US$2,000,000 in bitcoin were paid.[12] TDOL was subsequently banned from many social media platforms including Twitter, Reddit, Pastebin and removed from the front end of an uncensorable blockchain called Steem/Hive. [13] Platforms unrelated to TDOL such as www.hpub.org also had their social media accounts eliminated or followers deleted for serving as mirrors of TDOL hacked documents.[14] As of January 12, 2019, the bitcoin blockchain explorer revealed that less than 1% of the ransom had been paid and the payment sources may have been 9/11 researchers, not the targets of the hack. As a result, TDOL continues to release encrypted files and their private keys to the public in stages. TDO claims the documents contain information that challenges the official account of 9/11. Though it's unclear if any of that information actually exists.[15][16]

Nathan Wyatt, a member of The Dark Overlord hacking group was extradited from the UK to the US in December 2019 to face charges in St. Louis for his involvement in the group.[17][18] According to the charges, Wyatt "conspired to steal sensitive personally identifying information from victim companies and release those records on criminal marketplaces unless victims paid Bitcoin ransoms.[19] In September 2020 Wyatt was sentenced to 5 years in federal prison on a charge of " conspiring to commit aggravated identity theft and computer fraud" and was ordered to pay almost $1.5 million in restitution.[20]

The majority of research on the group's history and attribution was published in an investigative report titled "The Dark Overlord: Cyber Investigation Report", published by Night Lion Security and authored by security research Vinny Troia.[21] The report links the core members of the group to two teenage boys, and goes on to claim that Wyatt was nothing more than a patsy.

In 2020, the group became the feature of Hunting Cyber Criminals, a non-fiction book by cybersecurity author Vinny Troia (Wiley Books). In the book, Troia suggest the remaining group members are still at large and living in Calgary, Canada.[22] He also claimed that members of The Dark Overlord became part of ShinyHunters and GnosticPlayers.[23]