Suspected member of The Dark Overlord hacking group arrested

Serbian authorities have arrested a 38-year-old man from Belgrade suspected of being one of the members of The Dark Overlord or DarkOverlord hacking group.

The identity of the arrested suspect has not been revealed yet but according to the limited details shared by Serbian authorities he is a resident of Belgrade whose initials are “S.S.” 

The arrest came as a result of a joint operation conducted by the Federal Bureau of Investigation (FBI), Criminal Police Directorate (UCC), members of the Ministry of Internal Affairs and Special Prosecution for High-Tech Crime.

In a press release, Serbian authorities said that The Dark Overlord has hacked at least 50 victims, and earned over $275,000 from its various schemes. The suspect also sent blackmail messages to victims, which contained threats that the information would be publicly leaked unless the victim paid the requested money.

It is unclear if The Dark Overlord is a one-man group or it consists of several members. In case it is a one member group this might be the end of it. Here is a look back at the group’s criminal activities:

The Dark Overlord hacked healthcare industry

The Dark Overlord hackers first made headlines in June 2016 when HackRead exclusively reported on a breach in which the group stole healthcare insurance database from a Farmington, Missouri based firm containing personal details of 47,864 patients.

The Dark Overlord hacking group also stole a database from a healthcare organization in the Central/Midwest United States containing personal details of 210,000 patients. The same breach included healthcare database containing personal details of 397,000 patients from Atlanta Georgia.

Other than medical records, these databases contained a trove of personal sensitive data including full names, gender info, social security numbers (SSN) and date of birth. The stolen databases were then sold on the dark web for BTC 300.0000 (197,940.00 US Dollar in June 2016 and 2,482,093.50 US Dollar at the time of publishing this article).

Furthermore, in July 2016, The Dark Overlord hackers stole a Bronx, New York-based healthcare clinic and stole a database containing personal and sensitive information of over 34,000 patients.

The group was able to hack the clinic by exploiting a 0day within the Remote Desktop Protocol (RDP protocol) –  In this case, the data was sold on the dark web for BTC 20 (13,173.80 US Dollar in July 2016 – 165,828.70 US Dollar at the time of publishing this article).

Suspected Member of The Dark Overlord Hacking Group Arrested

In October last year, the group targeted London Bridge Plastic Surgery (LBPS) and held patients data for ransom. The group managed to steal extremely sensitive, graphic pictures of UK celebs and royals and threatened to leak the data if the clinic does not fulfill their demands.

The Dark Overlord held Netflix to ransom

In May 2017, The Dark Overlord hacking group made headlines for hacking into Netflix’s studio and accessing copies of season 5 of Orange Is the New Black TV show. The group then demanded Netflix to pay an undisclosed amount of ransom or face the consequences.

Apparently, both parties could not come to common terms and season 5 of Orange Is the New Black was leaked on The Pirate Bay. Later, it was discovered that hackers managed to compromise computer system at Netflix’s studio by exploiting a vulnerability in Window 7 operating system.

Sending death threats to students

The Dark Overlord did not stop there. In fact, the group went one step further by claiming to hack Johnston Community School District and stealing a trove of data which also included contact and personal details of students.

The group then sent threatening messages to parents via text including physically harming their kids and even killing them. There have been several other cyber attacks conducted by The Dark Overlord including stealing and leaking first 8 episodes of Steve Harvey’s “Funderdome” TV show.

Moreover, the group also infiltrated database of a California-based WestPark Capital Bank and held it for ransom.

Image credit: Shutterstock

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.