On December 31st of last year when most people were preparing to ring in the New Year, The Dark Overlord (TDO) announced that it had a massive trove of documents it was holding ransom from law firms and insurance companies involved in the litigation surrounding the events of September 11th.  TDO purports that these documents will demonstrate a clear connection between the US government and the toppling to the Trade Center’s Twin Towers.

 

In this post, I’m going to share some background on TDO, provide troubling statistics on data security, how cryptocurrencies relate to this specific cyberattack, and how conspiracy theories around 9/11 are being used to drive interest and funding to TDO.

 

Who is The Dark Overloard?

The Dark Overlord is a hacker collective that gained relative notoriety in 2017 when it hacked a studio working with Netflix exfiltrating 10 episodes of fifth season of Orange is the New Black.  They have had a solid track record of ransomware attacks on other businesses like the London Bridge Plastic Surgery clinic and other patient databases demanding funds to keep the medical records private.  In its largest exploit to date, TDO has organized public release of the 9/11 documents, unless the targets pay the ransom, while simultaneously turning to social media to crowdfund a seven layer data dump.

The Dark Overlord is a group of talented individuals motivated by greed and are amused by exposing people’s secrets and flaws.  The question I’ve pondered about The Dark Overlord is whether they are state-sponsored?   This may seem like a stretch to some, since their past shakedown tactics have been almost inconsequential, however, this latest move may have more significance, which I will get to in a moment, but first let’s discuss cybersecurity.

 

CyberSecurity

A few years ago data breaches were a shocking occurrences that sent people scrambling to see if their information was compromised; protect the financial data that may be exposed to a network; and do what they could to reinforce online protection mechanisms. This week it was announced that a massive breach exposed nearly 773 million email addresses and over 21 million passwords.  In fact, according to the Identity Theft Resource Center, over 9,665 data breaches have taken place since 2005, exposing over 1.6 billion online records.

What is highly troubling about this recent attack is the fact that some of the largest law firms and insurance companies (i.e., Hiscox Syndicates and Lloyds of London) with highly sensitive company and client data are being compromised.  This shows TDO has either become more proficient in its methods of attack or more daring in the targets it seeks to take down.

 

Cryptocurrency Conncetion: Bitcoin, Steemit, and Why Not Anonymous Currencies?

In a recent development, TDO was banned by the blockchain-based social media platform, Steemit, for violations of it’s terms of service.  This follows similar actions of Twitter and Reddit who also prohibited TDO from posting to the public.  Excerpts of the Steemit terms of service read:

 

“… you agree that you will not commit any unlawful act, and that you are solely responsible for your conduct while using our Services.”

 

“[It is a violation to] use our Services to pay for, support or otherwise engage in any activity prohibited by law, including, but not limited to illegal gambling, fraud, money-laundering, or terrorist financing activities.”

 

This action to block TDO from their platforms are a clear rebuke of TDO for its illicit activities.

At time when US regulation of bitcoin and other crypocurrencies are stepping up, linking BTC to cybercriminals once again poses a hindrance to mass adoption.  Although there are ways to use bitcoin in an anonymous fashion, if these hackers truly wanted to remain anonymous, why use bitcoin, when there are other anonymous digital currency options available like Monero, Zcash, or Komodo?

 

9/11 Conspiracies Revived

Questions about 9/11 persist due to the swift and obscured nature of certain parts of the official hearings and investigation of this national tragedy, which leaves the opportunity for many to naturally examine the reasons behind the lack of transparency.

However, the timing of this all comes at a time when political division is at an all time high, government trust is in rapid decline, (at the time of this post) the federal government remains partially shutdown, and the US Head of State is under investigation for a number of things including possible espionage.

By no means do I feel as though people should not question their government, but when an unknown entity presents this sort of information after almost two decades it makes me wonder about TDO’s true motive, especially since TDO does not operate under the auspices of a traditional hacktivist organization.  They are playing both sides of the fence by holding this information ransom from its rightful owners and on the other hand selling it to members of the public eager to know what really happened on that fateful day.

This leads me back to my earlier query of whether TDO is a state actor made to look like an attention seeking black-hat operation, or is it a state sponsored collective looking to exploit the distrusts of Americans in their government in an attempt to destabilize our already fragile democracy.

 

Conclusion

To conclude, TDO is an extremely proficient group of hackers that are becoming increasingly brazen.  Their latest exploit highlights the needs for companies with sensitive client information to bolster their network security at a time when attacks are increasingly frequent, but their latest extortion plot and crowdfunding effort that rekindles an old conspiracy theory that makes me speculate as to who really is behind this outfit.  Is it just another black hat hacker seeking to embarrass the targeted firms or a state actor seeking further divide the American people and amass bitcoin in the process to leverage the cryptocurrency to further its geopolitical agenda?