Industry News

The Dark Overlord: Suspected hacking group member arrested in Serbia

Is The Dark Overlord’s days numbered?

Serbian police have arrested a man suspected of being a member of the notorious and high profile hacking and extortion group.

The Dark Overlord has made quite a name for itself in recent years by not just stealing sensitive information from compromised computer networks, but also demanding a ransom be paid.

What happens if you choose not to pay the ransom? Well, The Dark Overlord threatens to release the stolen data to the media, or simply publish it openly on the internet. And that’s the kind of attention that few organisations are wanting.

Past victims of The Dark Overlord “hack-then-extort” group include Hollywood studios, investment banks, Gorilla Glue, a celebrity plastic surgery clinic, and healthcare organisations.

The hacking group is thought to have made hundreds of thousands of dollars through its extortion attempts.

The 38-year-old man, who the authorities have not named other than by his initials (“S.S”), was arrested by police in Belgrade as part of a joint operation with the FBI.

Of course, with the information made available so far it’s very difficult to say if this is the end of the line for The Dark Overlord’s operations. We simply do not know how many people are involved in the hacking gang, or what position the arrested man is thought to have had within the group.

As a consequence it’s quite possible that we may continue to see other hacks (and extortion attempts) carried out under the banner of “The Dark Overlord”, whether it be the same group or by copycats trying to take advantage of the gang’s notoriety.

Sure enough, Joseph Cox at Motherboard reports that since the arrest of “S.S” he has been contacted by someone who has access to The Dark Overlord’s email account with a simple stark message:

“We’re still here”

But one thing is certain, Other members of The Dark Overlord hacking collective must be having some sleepless nights right now, wondering if they might be the next to get a surprise visit from the authorities.

For now, my advice to businesses remains the same. Educate your staff about phishing scams, put strong authentication in place, patch against vulnerabilities and adopt a layered approach to security to reduce the risk that your company will be hacked, and the privacy of your customers put at risk.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.