Several months ago, in June 2016, an entity known as TheDarkOverlord announced the beach of three major healthcare organizations. In that dump, TheDarkOverlord (TDO) released 655,000 patient healthcare records. Two days later, TDO dropped 9.3 million healthcare records. The entity left a trail of breached healthcare companies scattered throughout 2016 and posted the dumps on TheRealDeal marketplace. However, thanks to Dissent Doe and other sources, the word spread that TDO started launching attacks on a different sector of the public arena: companies with US military contracts.
According to Dissent Doe, TDO started moving away from the health care field as a result of many failed extortion attempts—possibly. In the past month, the entity hacked three more companies—and none of them operated in the medical field. Then TDO posted a statement. “We’ve taken an interest in contractors who have worked with the United States military, for no reason at all except they usually have confidential data and because it would be fun to up the ante,” TDO explained via Pastebin.
The First Release:
The first company that faced TDO’s classic method of action listed their website “offline for maintenance” as of December 29. Pre-Con Products Ltd in Simi Valley, a concrete company, then received the semi-standard TDO treatment. Of course, this dump revealed distinct differences between the medical field extortions and whatever the entity is currently doing.
A relevant excerpt from the Pre-Con Products paste:
This is usually the part where we’ll write an exposé about Precon Products, but we’re quite busy with targets that are far more interesting than them. So we’re going to leave you with some data from Precon Products which include contracts and a disturbing video and pictures of an accident that occurred at Precon Products. Don’t they say that a picture is worth a thousand words anyway? (“Untitled.” Pastebin. TDO, 17 Dec. 2016. Web. 30 Dec. 2016.)
TDO then signed the paste and included three links. Two links to “accident videos” and one Mega.nz link to “leaked files.” Per the typical timeline of TDO public releases, the data no longer exists at the links provided in the paste. Again, like always, the files found their way to file-sharing mediums. To spare readers the full details, I found very little relevant military information. The videos and still images depicted a seemingly fatal accident. A significant number of pictures, TDO claimed, belonged to the company owner’s cell phone. The images consisted mostly of children. However, the dump also included schematics and photos of work the company completed for the Navy. Nothing, though, proved to be of any value.
Then, on Christmas day, TDO tweeted the following: “Any parties interested in source code classified as SECRET? Use it to get an edge over the US Navy and defense contractors! Emails included!”
TDO posted the tweet pointing to two more, newly hacked companies, both announced on Christmas day. The press release listed G.S. Polymers and DRI Title & Escrow. “You may have already noticed we have tweeted about source code classified as SECRET and emails about the project(s) which were heisted from a contractor,” the Paste opened. “We are taking open offers.”
TheDarkOverlord’s Second Release:
G.S. Polymers, according to the person(s) behind the hack, also refused to comply with the proposed terms and conditions—extortion for lack of a better explanation. TDO released a small set of “sample documents” from G.S. Polymers. “If Gerald [Company Owner] does not come to his senses, you can expect a full release to materialize for the public,” the statement continued. The samples contained nothing of vital importance.
The third company mentioned in the release—DRI Title & Escrow—similarly failed to comply with TDO’s attempted extortion. A sample file made its way onto the internet and contained no classified information. The dump included some personal and private information, however. Mortgage closing documents, property records, and parts of the firm’s invoices made the majority of the dump’s contents.
TheDarkOverlord will release more information to the public, presumably if the companies fail to pay the full amount requested. Like Dissent Doe pointed out, though, TDO entered a new hacking league—military documentation, especially if classified, is capable of attracting attention from the military itself.