On Friday, April 28, 2017 at 4:03 p.m. CST (GMT – 6), the hacking group TheDarkOverlord Solutions (TDO) released a long-winded diatribe to Pastebin. The hacking collective was angry that Netflix did not respond to their ransom demands.
“We naturally approached Netflix and the others in an attempt to devise a mutually-beneficial arrangement where we are paid and Netflix and friends don’t wake up to find their hard work plastered on the internet. Our proposals went unanswered so our hands have been forced. We were quite offended by our targets’ responses (or lack thereof).”
Later in the letter, the group posted three links to locations where the season premiere was hosted, one on Mega servers, one on Github, and one link to a torrent hash. As of the time of this writing, both Github and Mega have removed the copyrighted material from their servers in accordance with their Terms of Service (ToS). The torrent hash is still available on ThePirateBay, but that is likely because the operators of that site don’t respond to DCMA takedown requests from the United States.
Of particular concern is that the TDO hacking group specifically mentioned other broadcast companies in a pointed tweet. Among the companies listed are “FOX, IFC, NAT GEO, and ABC.”
Who is next on the list? FOX, IFC, NAT GEO, and ABC. Oh, what fun we're all going to have. We're not playing any games anymore.— thedarkoverlord (@tdohack3r) April 29, 2017
The message posted to Pastebin doesn’t specifically mention them, but it does make it very clear that Netflix properties were not the only things recovered during their intrusion, saying, “But that’s not all, we also helped ourselves to copies of titles from other companies.”
None of the companies listed have mentioned receiving any demands as of press time.
TheDarkOverlord hacking group may be making waves in mainstream media with this Netflix theft, but for security professionals, the group has already made a name for itself. TDO has been on the forefront of the new way of making money off of hacking – ransomware and pure extortion.
In early 2016, TDO was responsible for a large data breach at a health care insurance database, leaking over 9 million insurance details that included Social Security numbers, birthdates, and full names. At the time, TDO told Motherboard that they didn’t want to disclose data or revealing who they had hacked. They offered up the 9.3 million records for 750 bitcoins, which had a value of $484,161 at the time.
The price may seem low for that many records to the average person, but it’s actually quite expensive. Anyone with access to that sum of money would likely be able to get the same data at a much lower price elsewhere. The sale was meant to inform the insurance company that the data was available and what could happen if they didn’t pay. It is unclear if any of the data was released to the dark web at any point.
TDO later targeted a Los Angeles investment bank, WestPark Capital. Their scheme there was the same. They sent the bank an email with a ransom demand that their victim rejected. A statement by TDO posted to Pastebin again, showed their anger at their “handsome business proposal” being rejected.
“To continue the statements made earlier and as an additional move by us today, we are releasing a select few documents belonging to WestPark Capital located in the Los Angeles, California, United States area. WestPark Capital is a ‘full service investment banking and securities brokerage firm’ whose CEO, Richard Rappaport, spat in our face after making our signature and quite frankly, handsome, business proposal and so our hand has been forced.”
TDO’s previous tactics have only been to target their victim’s potential reputation, taking hacks of opportunity to steal data that could be potentially embarrassing to them. With this latest attack on major broadcast networks and attacking their bottom line, TheDarkOverlord may find that they have bitten off more than they can chew.
[Featured Image by Tiko Aramyan/Shutterstock]